Colorado has become the third state in the country to pass a comprehensive data privacy law, joining California and Virginia.  Assuming the governor signs—as he is widely expected to do—the Colorado Privacy Act (the “CPA”) will go into effect on July 1, 2023.

Similar to the California and Virginia laws, the CPA affords Colorado “consumers”

2021 has so far been a year of conflicting impulses in biometrics law: two proposed bills in New York and Maryland would impose substantial new requirements on private entities, but in Illinois a proposed amendment would reign in that state’s existing Biometric Information Privacy Act (BIPA).
Continue Reading The State of Proposed Biometrics Laws

After a pandemic-related hiatus in 2020, a number of U.S. states have proposed new data privacy laws in 2021 – and several are very close to passage.  Virginia’s proposed data privacy law appears to be the closest and is likely to be signed into law by Governor Northam in the near future.  Washington and Florida’s

On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the  New York Biometric Privacy Act.  If New York passes AB 27, it will join Illinois, Texas, and Washington as states that have adopted laws that strictly regulate the notice, collection, and handling

The California Attorney General’s Office recently released a fourth set of proposed regulatory modifications to the California Consumer Privacy Act (the “CCPA”).

As background, the Attorney General’s Office had only just recently given notice of a third set of modifications on October 12, 2020.  The third set of modifications revised the regulations relating to the

On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”).  The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).

As background, the original CCPA

On August 14, 2020, the California Office of Administrative Law (“OAL”) approved in part and withdrew in part the Regulations regarding the California Consumer Privacy Act (“CCPA”).  While most of the changes are non-substantive, the OAL withdrew certain provisions of the Regulations and resubmitted them to the Attorney General’s Office for further review.  Approved sections

New York’s proposed data privacy law failed to materialize in the latest legislative session and is now presumed dead.  New York was one of a number of states that proposed sweeping privacy legislation after the enactment of the California Consumer Privacy Act (CCPA). The proposed New York law, in fact, was broader than the CCPA

Recently, legislators in Texas introduced two bills relating to consumer privacy and data protection: H.B. No. 4518, the Texas Consumer Privacy Act (“Texas CPA”) and H.B. No. 4390, the Texas Privacy Protection Act (“TPPA”). These bills bear a strong resemblance to the California Consumer Privacy Act (the “California CPA”), and would lay the groundwork for extensive administrative schemes protecting consumers’ rights to their personal information.

Texas CPA

The Texas CPA bears strong similarity to California CPA. The Texas CPA, which, if adopted, would take effect September 1, 2020, applies to companies that do business and collect consumer data and:

  • Derive at least 50% of their annual revenue selling consumers’ personal information; or
  • Exceed $25 million in gross annual revenue (with that amount subject to adjustment by the Texas Attorney General every two years); or
  • Buy, sell, or receive the personal information of at least 50,000 consumers, households, or devices for commercial purposes
  • The Texas CPA would also apply to entities owned by companies that would be subject to the law. Similar to the California CPA, the Texas CPA contains express provisions governing rulemaking, implementation, and enforcement of the law. Notably, the legislation highlights various consumer rights, including (but not limited to):
  • A consumer’s right to disclosure, from the business, of the personal information the business collected.
  • A consumer’s right to deletion of the personal information that the business collected (with some limited, specific exceptions).
  • A consumer’s right to opt out of the sale of his or her personal information.


Continue Reading Texas Legislature Weighing Proposed New Privacy Laws