Litigation

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

State Privacy Enforcement Updates: CPPA Extracts Civil Penalties in Landmark Case; State Regulators Form Consortium for Privacy Enforcement Collaboration |

Companies in all industries take note: regulators are scrutinizing how companies offer and manage privacy rights requests and looking into the nature of vendor processing in connection with application of those requests. This includes applying the proper verification standards and how cookies are managed. Last month, the California Privacy Protection Agency (“CPPA” or “Agency”) provided

As reported previously, the California Privacy Protection Agency (“CPPA”) closed the public comment period for its proposed cybersecurity audit, risk assessment and automated decision-making technology (“ADMT”) regulations (the “Proposed Regulations”) in late February. In advance of the CPPA’s April 4 meeting, the CPPA released a new draft of the Proposed Regulations, which proposed relatively minor substantive changes, but pushed back the dates for when certain obligations would become effective. The Agency’s Board met on April 4, 2025, to discuss the new proposals and comments received, as well as the potential for some very different alternatives, especially related to ADMT. Members of the CPPA Board debated the staff’s approach and ultimately sent the staff back to narrow the scope of the Proposed Regulations, clarify what was in and out of scope with more examples, and to further consider how to reduce the costs and burdens on businesses. While it is unclear exactly what staff will come back with, the alternatives discussed provide some hints on what a more constrained approach may look like.Continue Reading The Future for California’s Latest Generation of Privacy Regulations is Uncertain

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

FCC Seeks Comment on Quiet Hours and Marketing Messages | Privacy World

New Class Action Threat: TCPA Quiet Hours and

We recently published a blog about a slew of class action complaints alleging that marketing text messages cannot be sent between the hours of 9:00 pm and 8:00 am (“Quiet Hours”) unless the recipient provides prior express invitation or permission to receive such messages during Quiet Hours (“Quiet Hour Claims”). As noted, based on the plain language of the Telephone Consumer Protection Act (“TCPA”), we disagree with this argument because marketing text messages already require prior express written consent from the called party. The Ecommerce Innovation Alliance (EIA) and others filed a petition for declaratory ruling (“Petition”) with the Federal Communications Commission (“FCC”) to address this application of Quiet Hours to marketing messages.Continue Reading FCC Seeks Comment on Quiet Hours and Marketing Messages

Actual spam calls have become a pervasive annoyance. On the other hand, text messages delivering information about exclusive sales and discounts are surely not if you have signed up for such messages.  But what about if those coveted discount code text messages are received late at night or early in the morning? That’s the question being raised in a flurry of class action complaints filed by the same Florida-based law firm.  

Key Takeaways

While these claims are sorted out, we recommend that businesses who send marketing messages ensure that such marketing messages are sent between the hours of 8:00 am and 9:00 pm based on the call recipient’s location. How do you determine the call recipient’s location for cell phones? A defensible position is using the call recipient’s area code to determine the caller’s location, although this is not a fool-proof method as people travel to different time zones with their cell phones. However, using the area code to assess location gives the business a defensible position, for now, as the plaintiffs in these recent class actions claim that they live in the area associated with their telephone’s area code. That defense may still be subject to challenge, though. In the alternative, businesses could obtain prior express written consent to receive marketing messages throughout the day, although from the plain reading of the Telephone Consumer Protection Act (“TCPA”), this should not be required.Continue Reading New Class Action Threat: TCPA Quiet Hours and Marketing Messages

As we have covered, the public comment period closed on February 19th for the California Privacy Protection Agency (CPPA) draft regulations on automated decision-making technology, risk assessments and cybersecurity audits under the California Consumer Privacy Act (the “Draft Regulations”).  One comment that has surfaced (the CPPA has yet to publish the comments), in particular, stands out — a letter penned by 14 Assembly Members and four Senators. These legislators essentially charged the CPPA for being over its skis, calling out “the Board’s incorrect interpretation that CPPA is somehow authorized to regulate AI.” Continue Reading CA Legislators Charge That Privacy Agency AI Rulemaking Is Beyond Its Authority

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Light at the End of the Tunnel – Are You Ready for the New California Privacy and Cybersecurity Rules?

Join

Since the Trump 2.0 administration commenced, the U.S. federal government has experienced some major policy shifts. Several Biden-Harris administration era regulations are now eliminated or on a 60-day hold while under review. States and other organizations have filed lawsuits to stay implementation of certain Trump 2.0 initiatives (i.e., the funding freezes, deferred resignation offer, and birthright citizenship, among others).Continue Reading A New Era: Trump 2.0 Highlights for Privacy and AI

On January 23, 2025, President Trump issued a new Executive Order (EO) titled “Removing Barriers to American Leadership in Artificial Intelligence” (Trump EO). This EO replaces President Biden’s Executive Order 14110 of October 30, 2023, titled “Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (Biden EO), which was rescinded on January 20, 2025, by Executive Order 14148.

The Trump EO signals a significant shift away from the Biden administration’s emphasis on oversight, risk mitigation and equity toward a framework centered on deregulation and the promotion of AI innovation as a means of maintaining US global dominance.Continue Reading Key Insights on President Trump’s New AI Executive Order and Policy & Regulatory Implications