The California Privacy Protection Agency (CPPA) recently published two new sets of draft regulations addressing a range of cutting-edge data protection issues. Although the Agency has not officially started the formal rulemaking process, the Draft Cybersecurity Audit Regulations and the Draft Risk Assessment Regulations will serve as the foundation for the process moving forward. Discussion
Timothy Dickens
California’s Proposed “Delete Act” Would Create a ‘Do Not Sell’ List for Data Brokers
California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka the “Delete Act,” would be required to recognize and honor opt-out signals from Californians. The law seeks to expand on…
Texas Adds a Wrinkle to State Privacy Law Patchwork
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and other recently passed state privacy laws, it has a few key distinctions that may cause…
FTC Challenge to Data Broker Precise Geolocation Sale Dismissed with Leave to Amend
In a ruling published May, 4, the Federal District Court of Idaho granted defendant data broker Kochava’s motion to dismiss a complaint filed by the Federal Trade Commission (“FTC”). In its complaint, the FTC alleged that Kochava’s sale of precise consumer geolocation data constituted an unfair act or practice in violation of Section 5 of…
Webinar Recording – Artificial Intelligence: An Overview of the U.S. and EU Regulatory Landscape
The emergence of tools like ChatGPT has demonstrated the tremendous business potential for artificial intelligence. At the same time, businesses need to be aware of the growing patchwork of laws and regulations in the U.S. and EU governing the development and use of AI. In this webinar, Ballard Spahr privacy & data security lawyers…

Utah Poised to Pass Law Restricting Teen Access to Social Media
Utah Governor Spencer Cox is expected to signed SB 152, which was passed by both the House and Senate as of March 13, 2023. With this bill, Utah would join California in passing legislation designed to protect children from online harms. However, unlike the California Age-Appropriate Design Code, the Utah law will provide…
Managing Legal Issues From the Use of ChatGPT and Generative AI
The AI application ChatGPT quickly became a household name, but already is morphing into a more advanced version of generative AI. At the same time, Microsoft’s redesigned Bing search engine will soon run on a new, next-generation OpenAI large language model. While these tools have demonstrated that generative AI has tremendous operational and business potential…

California Enforcement Sweep Targets Mobile Apps – With a Focus on Honoring “Permission Slip” App
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Bonta alleges failed to comply with the California Consumer Privacy Act (CCPA). This sweep focused specifically on “popular retail, travel, and food service industry apps” that failed to comply…
2023 Privacy and Data Security Preview

2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first time, federal privacy legislation advanced to a House Subcommittee, and though the American Data Privacy and Protection…
FTC Requires Data Minimization in Drizly Enforcement Action
In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of data. Although the action arose out of a common security failure—the sort that has been the subject of numerous prior…