This week, House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) unveiled their bipartisan, bicameral discussion draft of the American Privacy Rights Act (APRA draft).[1] Chair Rodgers’ and Chair Cantwell’s announcement of the APRA draft surprised many congressional observers after comprehensive privacy legislation stalled in 2022.Continue Reading April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024?
Targeted Advertising
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
Join us TOMORROW, 7/19, for the Association of National Advertisers (ANA) Law One-day Conference
Please join us for the ANA Law 1-Day Conference, which will cover a variety of topics related to advertising and marketing law. We will discuss many issues on the top of mind of in-house counsel, including privacy compliance; best practices in online marketing, obtaining consent and avoiding dark patterns; and more. CLE credit will be…
Privacy World Week in Review
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review
Squire Patton Boggs Team Provides Practice Guidance on U.S. Direct Marketing Laws – Download Guide and Register for Conference
In June, Thomson Reuters Practical Law published “Direct Marketing in the US: Overview,” a Practice Note co-authored by Alan L. Friel, Katy Spicer and Kyle R. Dull. In a direct marketing campaign, the sender communicates directly with a targeted consumer to sell goods or services. Businesses are increasingly transitioning to a direct-to-consumer advertising and sales model. The Practice Note highlights the data practices of direct marketers and flags key compliance issues to consider in this evolving business environment. Alan, Katy and Kyle provide a detailed summary of the data related legal issues for businesses to consider in the United States, including state consumer privacy laws, telemarketing, unfair and deceptive trade acts and practices (UDAP) and other key marketing laws, along with consumer recourse and regulatory enforcement implications.Continue Reading Squire Patton Boggs Team Provides Practice Guidance on U.S. Direct Marketing Laws – Download Guide and Register for Conference
Don’t Mess with Texas: The Lone Star State Enacts Comprehensive Consumer Privacy Law
Privacy teams have more to do with Gov. Abbot signing the Texas Data Privacy and Security Act, also known as TX HB 4 (the “Act”), after several last minute amendments. This is in addition to new comprehensive privacy laws from Tennessee (also amended late in the game before submission to the Governor), Indiana, Iowa, Montana and Florida that have passed this spring alone.
Importantly, there is not a minimum number of records processed or annual revenue threshold for businesses to be in the scope of the law. It has broad applicability to companies who do business in the state and who process or sell personal data. It does contain the usual entity and data level exceptions (e.g., GLBA, HIPAA, FCRA, etc.) and explicitly excludes data collected in the human resources or business-to-business context.
Continue Reading Don’t Mess with Texas: The Lone Star State Enacts Comprehensive Consumer Privacy Law
Health (and Health-ish) Data and Advertising Under Scrutiny
In 2020, when the California Consumer Privacy Act (CCPA) came into effect, the privacy landscape in the US changed forever. Fast forward three years, we now have close to a dozen states that have passed consumer privacy laws, with the second generation of consumer privacy laws giving particular attention to sensitive data. In particular, there is an emerging trend, in both new legislation and enforcement of existing privacy and consumer protection regimes, towards a focus on the collection, use, and sharing or selling of health-related personal information, specifically information that is outside the scope of the federal Health Insurance Portability and Accountability Act (HIPAA).[1] The effect is a restriction on what publishers, advertisers, and other commercial enterprises can do with consumer health information, often broadly defined to include any past, present or future health status or inference regardless of sensitivity (e.g., acne or a headache). These developments include:
Continue Reading Health (and Health-ish) Data and Advertising Under Scrutiny
Florida’s Consumer Privacy Law Signed by the Governor
On June 6, 2023, the governor signed the Florida Digital Bill of Rights into law. We previously covered the consumer privacy bill here. The law targets larger companies because a “controller” must have $1 billion in global gross revenue, plus one of the following:
- 50% of global gross revenue comes from the sale of
…
Are You July-1-READY? 2023 Privacy Laws and Regulations Call for Revisiting Your 2022 End-of-Year Compliance Efforts
As of July 1, four states’ privacy laws will be effective and enforceable – the California Consumer Privacy Act as amended by the California Privacy Rights Act of 2020 (CPRA) (collectively, CCPA), effective since January 1, becomes enforceable on that date; the Virginia Consumer Data Protection Act (VCDPA) has been effective and enforceable since January 1; and, on July 1, the Colorado Privacy Act (CPA) and Connecticut Data Privacy Act (CTDPA) are both effective and enforceable.
There are a number of compliance obligations that overlap among these laws where prior compliance efforts for the original CCPA in 2020, and in relation to its updates for January 1 of this year, will suffice for compliance with the other, non-California laws. This said, Colorado’s regulations, promulgated on March 15, 2023, materially deviate from the CCPA in a number of consequential areas in a way that likely requires companies to revisit their January 2023 privacy notices and practices. Now is also a good time to address CPRA, CPA, CTDPA and VCDPA compliance posture generally. While some businesses plan to wait until their end-of-year review and update process, when they can also assess the many additional state laws that have or will pass this year, delaying compliance until then risks enforcement actions, particularly by California and Colorado regulators (interestingly, Connecticut’s Attorney General recently released an FAQ).
This top-level summary of key considerations outlines the issues we are finding that clients have often overlooked in their January 2023 updates.
Continue Reading Are You July-1-READY? 2023 Privacy Laws and Regulations Call for Revisiting Your 2022 End-of-Year Compliance Efforts
California Federal Court Dismisses Direct and Derivative Liability CIPA Claims Brought Against Website Operator Concerning Chat Feature
A growing area of privacy litigation concerns claims brought under federal and state wiretapping laws against website operators. In many of those cases, plaintiffs allege that their personal information was improperly intercepted and disclosed to third parties, including in relation to information purportedly provided through a website’s chat feature. Last month, a federal court in…