On April 4, 2024, Kentucky became the fifteenth state to enact a comprehensive data privacy law, with Governor Andy Beshear signing the Kentucky Consumer Data Protection Act (KCDPA) into law. The Kentucky law will go into...more
6/3/2024
/ Data Privacy ,
Data Processors ,
Data Protection ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
General Data Protection Regulation (GDPR) ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Popular ,
Right of Access ,
Sensitive Personal Information ,
State Data Privacy Laws
In September 2023, Delaware became the seventh state in 2023 to enact comprehensive privacy law with the Delaware Personal Data Privacy Act (DPDPA), joining Indiana, Iowa, Montana, Oregon, Tennessee and Texas. The DPDPA will...more
5/14/2024
/ Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Data Protection ,
Data Protection Acts ,
Data Security ,
EU ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
New Legislation ,
Personal Data ,
Privacy Laws ,
Regulatory Requirements ,
State and Local Government ,
State Privacy Laws
On February 9, 2024, California’s Third District Court of Appeals ruled that the California Privacy Protection Agency (CPPA) may begin enforcing its finalized data privacy regulations immediately, overturning the lower...more
On August 7, 2023, the Commissioner of Data Protection of the Dubai International Financial Centre (the DIFC), a financial free-zone in the United Arab Emirates, issued the first adequacy decision regarding the California...more
8/18/2023
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Management ,
Data Privacy ,
Data Protection ,
Dubai ,
Information Governance ,
International Data Transfers ,
Personal Data ,
United Arab Emirates (UAE)
On May 11, 2023, Tennessee joined the rapidly growing ranks of U.S. states to enact a comprehensive data privacy law as Gov. Bill Lee (R-TN) signed the Tennessee Information Protection Act (TIPA) into law. Taking effect July...more
In a policy statement released on May 18, 2023, the Federal Trade Commission (FTC) warned of several consumer data privacy risks related to the increasing commercial use of biometrics technologies. The Commission unanimously...more
On June 18, 2023, Texas enacted the Texas Data Privacy and Security Act (TDPSA), joining the rapidly growing list of U.S. states with comprehensive data privacy laws.1 The statute will take effect on July 1, 2024, except for...more
On April 27, 2023, Washington Governor Jay Inslee signed the My Health My Data Act (the “Act”) into law, establishing new limits on the collection, use and sharing of “consumer health data” and creating numerous compliance...more
On March 15, 2023, the Colorado Attorney General (AG) finalized its set of regulations implementing the Colorado Privacy Act (CPA) – the Colorado Privacy Act Rules (“Colorado Rules”). The Colorado Rules clarify and expand...more
On March 30, 2023, the California Privacy Protection Agency (CPPA) announced that the California Office of Administrative Law (OAL) has approved the CPPA’s regulations and filed them with the Secretary of State, completing...more
Growing regulatory action to combat so-called “dark patterns” used in web design to influence consumer choice has resulted in hundreds of millions of dollars in fines, and promises to continue to be an area of enforcement in...more
On November 3, 2022, the California Privacy Protection Agency (CPPA) officially published modifications to the proposed regulations implementing the Consumer Privacy Rights Act (CPRA). These modified proposed regulations...more
On August 24, 2022, California Attorney General Rob Bonta (AG) announced a proposed settlement with beauty retailer Sephora USA, Inc. to resolve claims that Sephora violated the California Consumer Privacy Act (CCPA). Under...more
Companies are now on the clock for comments on the new proposed California Privacy Rights Act (CPRA) regulations. On July 8, 2022, the California Privacy Protection Agency (CPPA) filed a Notice of Proposed Action, triggering...more
The Connecticut Data Privacy Act (CTDPA), which will go into effect July 1, 2023, is now the fifth and latest comprehensive state consumer privacy law, giving companies doing business in the state less than two years to...more
With the recent signing of the Utah Consumer Privacy Act (UCPA) by Gov. Spencer J. Cox on March 24, 2022, Utah has become the fourth state to enact a comprehensive law addressing consumer data privacy, joining California,...more
On February 17, 2022, the California Privacy Protection Agency (CPPA) Board held its first Board meeting of 2022. Notably, CPPA Executive Director Ashkan Soltani delivered an update on the CPPA’s rulemaking activities and...more
With the passage of the Colorado Privacy Act (CPA) during its latest legislative session, Colorado has become the third state to enact a comprehensive consumer data privacy law, following California and Virginia. Corporations...more
On March 2, 2021, the Governor of Virginia signed the Virginia Consumer Data Protection Act (CDPA) into law, which goes into effect on January 1, 2023. The law applies only to businesses with large amounts of consumer data...more
The California Attorney General surprised companies by issuing new guidance for the California Consumer Privacy Act (CCPA) compliance, reflecting likely compliance missteps by companies. On Tuesday October 12, 2020, the...more
10/16/2020
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Notice Requirements ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
State Attorneys General
United Kingdom, French and Belgian national security laws (and such laws of other EU Member States) fell under the scrutiny of the Court of Justice of the European Union (CJEU), which on October 6, 2020, ruled on whether such...more
10/14/2020
/ Consumer Privacy Rights ,
Corporate Counsel ,
Court of Justice of the European Union (CJEU) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Retention ,
Data Security ,
Electronic Communications ,
EU ,
General Data Protection Regulation (GDPR) ,
Member State ,
National Security ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
UK
On October 1, 2020, the three-month grace period for businesses to comply with the Dubai International Financial Centre (DIFC) Data Protection Law (DIFC Law No. 5 of 2020) (“DPL 2020”) came to an end. Regulating the...more
10/2/2020
/ California Consumer Privacy Act (CCPA) ,
Consent ,
Cybersecurity ,
Data Breach ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Data Protection Officers (DPOs) ,
Data Security ,
Data Subjects Rights ,
DIFC ,
Dubai ,
Extraterritoriality Rules ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Notice Requirements ,
Penalties ,
Personal Data ,
Popular
On Friday, August 14, California’s Office of Administrative Law (OAL) approved the final draft of the Attorney General’s (AG) regulations under the California Consumer Privacy Act (CCPA). Attorney General Xavier Becerra’s...more
8/20/2020
/ California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Subjects Rights ,
Office of Administrative Law ,
Opt-Outs ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Private Right of Action ,
Regulatory Requirements ,
State Attorneys General
We reported in July 2019 that the Court of Justice of the European Union (CJEU) heard a case brought by privacy-rights activist Max Schrems, challenging the validity of Standard Contractual Clauses (SCCs), which are widely...more
12/24/2019
/ Advocate General ,
Binding Corporate Rules ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
EU ,
EU-US Privacy Shield ,
European Commission ,
International Data Transfers ,
National Security ,
Personal Data ,
Privacy Laws ,
Standard Contractual Clauses ,
US-EU Safe Harbor Framework
• The Draft Regulations introduced by the California Attorney General’s Office on October 10, 2019 are subject to a public comment period and public hearings that will close on December 6, 2019. Now is the time to act to try...more
10/29/2019
/ California Consumer Privacy Act (CCPA) ,
Comment Period ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
Privacy Policy ,
Proposed Regulation ,
Public Comment ,
Right to Delete ,
Right To Know ,
State Attorneys General