California continues to be at vanguard of data privacy rights. The latest effort by California legislators to protect consumer privacy rights focuses on data brokers, who under the proposed California Senate Bill 362, aka the “Delete Act,” would be required to recognize and honor opt-out signals from Californians. The law seeks to expand on
Texas Adds a Wrinkle to State Privacy Law Patchwork
On May 28, Texas became the sixth state this year to pass a comprehensive data protection law. Although the Texas Data Privacy and Security Act (“TDPSA”) is largely in line with the Virginia Consumer Data Protection Act and other recently passed state privacy laws, it has a few key distinctions that may cause
FTC Challenge to Data Broker Precise Geolocation Sale Dismissed with Leave to Amend
In a ruling published May, 4, the Federal District Court of Idaho granted defendant data broker Kochava’s motion to dismiss a complaint filed by the Federal Trade Commission (“FTC”). In its complaint, the FTC alleged that Kochava’s sale of precise consumer geolocation data constituted an unfair act or practice in violation of Section 5 of
Webinar Recording – 2023 Preview for Privacy and Data Security
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal cyber-regulations, new state laws governing children’s data and new EU legislation regulating digital services – privacy lawyers will
California Enforcement Sweep Targets Mobile Apps – With a Focus on Honoring “Permission Slip” App
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Bonta alleges failed to comply with the California Consumer Privacy Act (CCPA). This sweep focused specifically on “popular retail, travel, and food service industry apps” that failed to comply
Privacy Policies Under the Colorado Privacy Act—Still a New Purpose-Driven Approach
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy would also be compliant with the Colorado Privacy Act (“CPA”). And, as the Colorado Attorney General has made clear, interoperability is an important guiding
FTC Requires Data Minimization in Drizly Enforcement Action
In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of data. Although the action arose out of a common security failure—the sort that has been the subject of numerous prior
CPPA Publishes Updated Draft CPRA Regulations
On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing, scheduled to begin on October 21st. In addition to the newest draft regulations, the CPPA published a
Podcast – A Look at the Metaverse’s Legal Implications, with Special Guest Samantha Green, Director of Content Marketing, Epiq
After discussing what the Metaverse is and its possible uses by providers of legal and other services, we look at an array of legal issues that should be considered by lawyers and their clients operating in the Metaverse or contemplating doing so. Issues discussed include privacy rights of users of Metaverse platforms, data security, moderation
Colorado AG Publishes Draft Privacy Rules
On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.
The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline). Moreover, the draft Colorado Rules address