Personal Information Protection Law

Building a customer base is time-consuming and expensive. Engaging existing customers is often easier and more profitable than acquiring new customers.  In the US, email and other targeted marketing is a low-cost and high-ROI way to foster this engagement, which makes collecting customers’ email addresses (and other personal information) a high priority for marketers.  But, marketers beware: laws in California and Massachusetts that limit the collection of email addresses (and other personal information) at the point of purchase are an increasingly popular source of class action legal risk. While the laws in California and Massachusetts are popular with plaintiffs’ counsel now, several other states have similar laws, applying to different categories of information (e.g., some state laws only apply to address and telephone number) and transactions and varying enforcement mechanisms (e.g., criminal penalties or state attorney general enforcement).

Key Takeaways

  • Ensure that retail location staff understand that the collection of a customer’s personal information that is not required to complete a transaction must be the customer’s choice.  Requesting a customer email address or other contact data during the purchase process – such as for tailored discounts and rewards – is permitted as long as the customer knows it is voluntary, i.e., not required to complete the purchase transaction.  Further, to avoid errors and discourage claims clearly delineate subscriptions from transactions by separating sign-ups from purchases.
  • Check that etailer (i.e., e-commerce stores)  purchase transaction flows do not require additional personal information that is not necessary to complete the transaction and clearly disclose to customers what is and is not required. 
  • Beware of personal information collection by cookies, pixels and similar technology active on purchase transaction web pages.
  • Implement written policies and procedures – whether online or off – to document what personal information collected is mandatory vs. voluntary.

Continue Reading Collecting Personal Information during Checkout: Balancing Consumer Rights with Business Marketing

At long last, China has issued the Standard Contract terms and the Measures for implementing them. Click here for more detailed analysis, but, in short:

  1. They apply to any personal information data export from China, except those of a heightened concern (i.e. critical information or large volume and/or sensitive data transfers) or where a voluntary

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CPW’s Stephanie Faber Speaks at French Association of Personal Data Protection Correspondents Annual Meeting

Future Uncertain for the American

Earlier this week, the leaderships of the House Energy and Commerce Committee formally introduced the American Data Privacy and Protection Act (HB 8152). The legislation is being marked up today in the Subcommittee on Consumer Protection and Commerce of the House Committee on Energy and Commerce. The legislation likely will be slated for full committee

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

New Webinar: Employee and Other HR Data Under the California Privacy Rights Act

ABA Webinar featuring CPW’s Kristin Bryan

Please join CPW’s Kristin Bryan on June 15th as she presents with Jordan Fischer, Kirk Herath and Shea Leitch for “Update on New State Consumer Privacy Requirements and Litigation Trends” .   As part of the  ABA’s lunch & learn webinar series, this panel will cover the nuances in new data privacy laws

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation.  Please reach out to the authors if you are interested in additional information.

Consumer Loan Data Seller Receives $1.5 Million FTC Penalty, With Accompanying Executive Liability | Consumer Privacy World

Authors of

As reported in our recent post, on August 20, 2021, the National People’s Congress Standing Committee of the People’s Republic of China passed the Personal Information Protection Law (the “PIPL”). The implementation date is set for November 1, 2021, though we await some additional detail via promulgation orders on a number of important provisions, as set forth below, from the regulatory authorities.
Continue Reading New PRC Personal Information Protection Law Passed: A Deeper Dive into the Provisions