On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing, scheduled to begin on October 21st. In addition to the newest draft regulations, the CPPA published a
Privacy Law and Regulation
Podcast – A Look at the Metaverse’s Legal Implications, with Special Guest Samantha Green, Director of Content Marketing, Epiq
After discussing what the Metaverse is and its possible uses by providers of legal and other services, we look at an array of legal issues that should be considered by lawyers and their clients operating in the Metaverse or contemplating doing so. Issues discussed include privacy rights of users of Metaverse platforms, data security, moderation…

Real World Implications of Sephora
On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public enforcement action—and subsequent noncompliance letters the Attorney General sent to other retailers—clearly highlight the continued focus of regulators on online tracking practices and opt-out signals such…

Colorado AG Publishes Draft Privacy Rules
On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act.
The draft Colorado Rules run only 38 pages long—in notable contrast to the draft California regulations that run 66 pages (albeit in redline). Moreover, the draft Colorado Rules address…
Webinar Recording – Preparing for Compliance with the California Privacy Rights Act (CPRA)
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that businesses should address before the January 1, 2023 deadline.

Colorado AG Gives First Public Comments on Privacy Rules Since April
Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit. In an hour-long fireside chat with Ballard Spahr’s Co-Chair of Privacy and Data Security Greg Szewczyk, AG Weiser discussed the rulemaking process under the Colorado Privacy Act. A recording of the interview…

CPRA’s Employee and B2B Exemptions Appear Destined to Sunset
The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception. As a result, when the the California Privacy Rights Act (CPRA) goes into effect…
Webinar Recording – An Overview of the American Data Privacy and Protection Act
In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk give a comprehensive rundown of the American Data Privacy and Protection Act (ADPPA), including: The status of the bill, key components, the private right of action, and the bill’s differences from state laws. Phil…

FTC Takes Aim at “Commercial Surveillance”
In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways.
On August 11, the FTC released its Advanced Notice of Proposed Rulemaking, seeking public input on a host of questions relating to what it…
Webinar Recording – The Latest Wave of VPPA Litigation
In the latest episode in our monthly webcast series, Privacy and Data Security practice co-leaders Phil Yannella and Greg Szewczyk discuss the past, present, and future of VPPA litigation and proactive steps to mitigate the risk of VPPA litigation.