California

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Data Protection Impact Assessments: Are You Ready? | Privacy World

Introducing Our AI Webinar Series | Privacy World

Scott Warren

This year has widened the landscape of consumer privacy protections, with dozens of comprehensive privacy bills moving through state legislatures and becoming enacted. So far in 2023, Iowa’s Act Relating to Consumer Data Protection (“Iowa Privacy Law”) and Indiana’s Consumer Data Protection Act (“ICDPA”) were signed into law. These two laws join the Virginia Consumer Data Protection Act (“VCDPA”), California Privacy Rights Act (“CPRA”), Colorado Privacy Rights Act (“CPA”), Connecticut’s Public Act No. 22-15 (“CTPA”), and Utah Consumer Privacy Act (“UCPA”) in the state comprehensive consumer privacy law framework. The Iowa Privacy Law becomes effective on January 1, 2025, and the ICDPA becomes effective on July 1, 2026. The VCDPA and CPRA (amending the California Consumer Privacy Act or “CCPA”) went into effect on January 1, 2023, while the CPA and CTPA go into effect on July 1, 2023. The UCPA will go into effect December 31, 2023.
Continue Reading Data Protection Impact Assessments: Are You Ready?

A growing area of privacy litigation concerns claims brought under federal and state wiretapping laws against website operators.  In many of those cases, plaintiffs allege that their personal information was improperly intercepted and disclosed to third parties, including in relation to information purportedly provided through a website’s chat feature.  Last month, a federal court in

This article was originally published on Privacy World on May 4, 2023 and was updated on May 16, 2023.

The Tennessee Information Protection Act (“TIPA”), signed into law on May 11, 2023, is a hodgepodge of the current U.S. state consumer privacy laws, but with a notable twist.

What’s the Same

Like the other state

A putative federal class action brought on behalf of delivery drivers asserting invasion of privacy and wiretapping claims against a global e-commerce company survived an interlocutory appeal last week.  The Ninth Circuit Court of Appeals upheld a decision from the U.S. District Court for the Southern District of California that allows plaintiff’s claims to proceed.

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Appointed as Deputy Chair of the Global Cross-Border Privacy Rules Body | Privacy World

Italian OpenAI : May (A)I?

Last week, the Federal Trade Commission (FTC) released its Notice of Proposed Rulemaking, Negative Option Rule (“Rule”), which proposes to substantially amend the existing Negative Option Rule and set higher standards for autorenewal promotions and sales than under existing federal or state laws and regulations.  If promulgated, the revised Rule will apply to many more businesses and scenarios than are currently subject to autorenewal regulation. Once the proposed Rule is published in the Federal Register, which will be shortly, interested parties have 60 days after the date of publication to comment on the proposed Rule, which  covers all forms of so-called “negative option” marketing and sales in all media, including negative options sold in a business-to-business (B2B) context (think about autorenewal terms in business services contracts), for month-to-month auto-renewing terms (think about “no contract” cell, Internet, media or entertainment services, and even auto-renewing monthly residential and commercial real estate tenancies) and for both the sale of goods and services. Other notable additions include enhanced disclosure, consent, and cancellation requirements, as well as a powerful misrepresentation prohibition and annual reminders.
Continue Reading UNSUBSCRIBED! — FTC Proposes Substantial Amendments to the Negative Option Rule to Cover all Autorenewals, including B2B Services, and Add New Disclosure, Consent, and Cancellation Requirements

Earlier this month, the Consumer Financial Protection Bureau (the “CFPB”) announced that it had issued a request for information (“RFI”) seeking public comment on “companies that track and collect information on people’s personal lives. In issuing this new Request for Information, the CFPB wants to understand the full scope and breadth of data brokers and their business practices, their impact on the daily lives of consumers, and whether they are all playing by the same rules.”  The deadline for submitting comments in response to the RFI is June 13, 2023.
Continue Reading CFPB Issues Request for Information to Determine Data Brokers’ Compliance with FCRA

On March 15, 2023, after five public input sessions, a rulemaking hearing, and over 130 written comments, the Colorado Privacy Act (“CPA”) rules were officially finalized when the Colorado Attorney General’s Office completed its review and submitted them to the Secretary of State. The final rules will be published later this month and go into effect on the same day as the statute, July 1, 2023.
Continue Reading Colorado Privacy Act Rules Finalized; To Be in Effect July 1

We are pleased to announce that Alan Friel will be speaking in an upcoming Strafford live video webinar, “New State Data Privacy Laws in California and Other States: Corporate Counsel Compliance Guidance” scheduled for Thursday, March 30, 1:00pm-2:30pm EDT.

The panel will brief corporate counsel on the compliance challenges and key differences with California’s and