In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
FCC Seeks Comment on Quiet Hours and Marketing Messages | Privacy World
New Class Action Threat: TCPA Quiet Hours and Marketing Messages
CA Legislators Charge That Privacy Agency AI Rulemaking Is Beyond Its Authority
We recently published a blog about a slew of class action complaints alleging that marketing text messages cannot be sent between the hours of 9:00 pm and 8:00 am (“Quiet Hours”) unless the recipient provides prior express invitation or permission to receive such messages during Quiet Hours (“Quiet Hour Claims”). As noted, based on the plain language of the Telephone Consumer Protection Act (“TCPA”), we disagree with this argument because marketing text messages already require prior express written consent from the called party. The Ecommerce Innovation Alliance (EIA) and others filed a petition for declaratory ruling (“Petition”) with the Federal Communications Commission (“FCC”) to address this application of Quiet Hours to marketing messages.
Continue Reading FCC Seeks Comment on Quiet Hours and Marketing Messages
Actual spam calls have become a pervasive annoyance. On the other hand, text messages delivering information about exclusive sales and discounts are surely not if you have signed up for such messages. But what about if those coveted discount code text messages are received late at night or early in the morning? That’s the question being raised in a flurry of class action complaints filed by the same Florida-based law firm.
Key Takeaways
While these claims are sorted out, we recommend that businesses who send marketing messages ensure that such marketing messages are sent between the hours of 8:00 am and 9:00 pm based on the call recipient’s location. How do you determine the call recipient’s location for cell phones? A defensible position is using the call recipient’s area code to determine the caller’s location, although this is not a fool-proof method as people travel to different time zones with their cell phones. However, using the area code to assess location gives the business a defensible position, for now, as the plaintiffs in these recent class actions claim that they live in the area associated with their telephone’s area code. That defense may still be subject to challenge, though. In the alternative, businesses could obtain prior express written consent to receive marketing messages throughout the day, although from the plain reading of the Telephone Consumer Protection Act (“TCPA”), this should not be required.
Continue Reading New Class Action Threat: TCPA Quiet Hours and Marketing Messages
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
CA Legislators Charge That Privacy Agency AI Rulemaking Is Beyond Its Authority
As we have covered, the public comment period closed on February 19th for the California Privacy Protection Agency (CPPA) draft regulations on automated decision-making technology, risk assessments and cybersecurity audits under the California Consumer Privacy Act (the “Draft Regulations”). One comment that has surfaced (the CPPA has yet to publish the comments), in particular, stands out — a letter penned by 14 Assembly Members and four Senators. These legislators essentially charged the CPPA for being over its skis, calling out “the Board’s incorrect interpretation that CPPA is somehow authorized to regulate AI.”
Continue Reading CA Legislators Charge That Privacy Agency AI Rulemaking Is Beyond Its Authority
As we have previously detailed here, the latest generation of regulations under the California Consumer Privacy Act (CCPA), drafted by the California Privacy Protection Agency (CPPA), have advanced beyond public comments are closer to becoming final. These include regulations on automated decision-making technology (ADMT), data processing evaluation and risk assessment requirements and cybersecurity audits. Recently, Privacy World’s Alan Friel spoke at the California Lawyer’s Association’s Annual Privacy Summit at UCLA in Westwood, California (Go Bruins!) on the evaluation and assessment proposals. Separately, Privacy World’s Lydia de la Torre, a CPPA Board Member until recently, spoke on artificial intelligence laws and litigation. A transcript of Alan’s presentation follows:
Continue Reading Data Processing Evaluation and Risk Assessment Requirements Under California’s Proposed CCPA Regulations
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Join Team SPB this Spring for Three Engaging Webinars
Ch-ch-ch-ch-changes… for the UK Competition and Markets Authority
Join SPB’s Alan Friel for an Automated Data Mapping Webinar Hosted by Today’s General Counsel
The ReAIlity of What an AI System Is – Unpacking the Commission’s New Guidelines
Court: Training AI Model Based on Copyrighted Data Is Not Fair Use as a Matter of Law
A New Era: Trump 2.0 Highlights for Privacy and AI
Key Insights on President Trump’s New AI Executive Order and Policy & Regulatory Implications
After what seems like forever, the most recent (and last?) public comment period for the draft California Consumer Privacy Act (CCPA) regulations finally closed on February 19, 2025. (Read Privacy World coverage here and here.)
Following an initial public comment period on an earlier draft, the formal comment period for the current version of the proposed CPPA regulations (Proposed Regulations) began on November 22, 2024. The Proposed Regulations include amendments to the existing CCPA regulations and new regulations on automated decision-making technology, profiling, cybersecurity audits, requirements for insurance companies and data practice risk assessments. The California Privacy Protection Agency (CPPA) may either submit a final rulemaking package to the California Office of Administrative Law (OAL, which confirms statutory authority) or modify the Proposed Regulations in response to comments received during the public comment period.
Continue Reading Light at the End of the Tunnel – Are You Ready for the New California Privacy and Cybersecurity Rules?
Join Team SPB’s Alan Friel, Julia Jacobson and Kyle Dull for three informative webinars addressing key topics including AI-driven decision-making technologies, the development of terms of service and privacy policies, and best practices for the responsible use of AI and associated risk management.
A limited number of complimentary passes are available to clients for each webinar. For more details on free passes, please reach out to Julia Jacobson.
By repeating “ch-ch-ch-ch-changes” in his famous song, David Bowie was reportedly trying to mirror the stuttered steps of growth. January 2025 was a month full of changes for the UK Competition and Markets Authority (CMA). As with any changes, it is difficult to predict their effect precisely, only time will tell. Although we do not have a crystal ball, however, our longstanding and in-depth experience in UK competition law gives us unique insights on what to expect and most importantly how to adapt. In this update, we will cover some of these key changes including: