Search results for: dark patterns

Join SPB Lawyers at Several Webinars Next Week

By Squire Patton Boggs on November 7, 2024

Posted in Artificial Intelligence, Cybersecurity, Dark Patterns, Data Privacy, Events, General

SPB’s Julia Jacobson and Kyle Dull are offering insights at three webinars next week. Details are below or please reach out for more information.

The Evolving Role of the Privacy Officer: Challenges and Preparation (PrivacyConnect Live Webinar)

Tuesday, November 12 at 11 a.m. ET

Join Julia Jacobson a discussion with three experienced privacy officers who will share their insights on how the role of privacy officers has evolved and the new challenges privacy officers face today.

Learn more here.

Simulate This: Generative AI (Part 1)

Wednesday, November 13 at 4:30 p.m. ET

On Wednesday, November 13, Julia Jacobson will lead a discussion on compliance considerations around businesses’ use and procurement of generative AI for the New England Corporate Counsel Association.

Learn more here.

Legal Liabilities Related to Dark Patterns: Common Types, Recent Legal Cases, Enforcement Actions, and Proactive Measures to Avoid Dark Patterns (myLawCLE Live Webinar)

Thursday, November 14 at 1 p.m. ET

Julia Jacobson and Kyle Dull will explore the latest regulatory trends, compliance issues, legal risks and proactive measures to avoid dark patterns. Register using our free access code: DarkPatterns24

For more information, please feel free to reach out directly to Juila and Kyle.

Are Data Practice Risk Assessments at Risk in the US?

By Alan Friel on August 22, 2024

Posted in California Age-Appropriate Design Code Act (“CAADCA”), CCPA, Compliance, Consumer Protection, DPIA

We have previously reported on the requirements, including mandatory risk assessments, of the California Age Appropriate Design Code Act, (CAADCA or Act) and that the Act was enjoined by a federal District Court as likely a violation of the publisher’s free speech rights under the First Amendment of the U.S. Constitution. The 9th Circuit has upheld that decision, but only as to Data Protection Impact Assessments (DPIAs), and gone further to find that such assessments are subject to strict scrutiny and are facially unconstitutional. See Netchoice, LLC v Rob Bonta, Atty General of the State of California (9th Cir., August 16, 2024) – a copy of the opinion is here. The Court, however, overruled the District Court as to the injunction of other provisions of CAADCA, such as restrictions on the collection, use, and sale of minor’s personal data and how data practices are communicated. Today, we will focus on what the decision means for DPIA requirements under consumer protection laws, including the 18 (out of 20) state consumer privacy laws that mandate DPIAs for certain “high-risk” processing activities.

Businesses Beware: New York Eyeing Privacy Regulation and Enforcement Even Absent Omnibus State Privacy Law

By Alan Friel on August 2, 2024

Posted in Compliance, New York

Regulators in states without omnibus state privacy laws, like New York, are staking their claim over privacy regulation and enforcement. After months of investigating the deployment of tracking technologies and privacy controls on various websites, the New York State Attorney General (“NY AG”) published its guidance, Website Privacy Controls: A Guide for Business. The NY AG also published a companion guidance for consumers, A Consumer Guide to Web Tracking, which provides a high-level overview of how websites track consumers and what steps consumers can take to protect their privacy. Stay tuned for potential enforcement actions and big-figure settlements. Will New York follow Texas in this regard?

NY AG Investigation and Findings

Tracking technologies, like cookies and tags (i.e., pixels), are utilized by businesses to collect and assess information regarding how individuals interact with the business’ website or mobile app. While tracking technologies can provide valuable insights for businesses, they also raise privacy concerns regarding data collection, selling, sharing, creation of detailed profiles about individuals that are used for targeted advertising, cross-site tracking that leads to a comprehensive understanding of an individual’s interests and behavior without the individual’s knowledge or consent, and more. The Federal Trade Commission (“FTC”) is attempting Section 5 Magnuson-Moss rulemaking on this, which they call surveillance capitalism.

April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024?

By Julia Jacobson, Alan Friel, Kyle Dull, Glenn A. Brown, John Wyand & Kyle Fath on April 11, 2024

Posted in American Privacy Rights Act, California, Cybersecurity, Data Privacy, GDPR, Targeted Advertising

This week, House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) unveiled their bipartisan, bicameral discussion draft of the American Privacy Rights Act (APRA draft).[1] Chair Rodgers’ and Chair Cantwell’s announcement of the APRA draft surprised many congressional observers after comprehensive privacy legislation stalled in 2022.

FTC Consumer Protection and Data Protection Insights for 2024

By Kyle Dull & Alan Friel on January 19, 2024

Posted in California Lawyers Association, Compliance, Federal Trade Commission (FTC), surveillance

On January 18, during a luncheon fireside chat at the California Lawyers Association’s UCL Institute event in Los Angeles, Federal Trade Commission (“FTC”) Bureau of Consumer Protection Director Samuel Levine shared his insights on what data practices are of concern to him and to the FTC. Companies should take heed of his comments, the highlights of which include:

The #1 thing that keeps him up at night is AI, especially as it can be used to advance fraud or has discriminatory impact;
A top enforcement priority will be dark patterns to drive sales and frustrate consumer choice (e.g., terminations, opt-outs, etc.), particularly where driven by tracking and profiling data;
Expect more rulemaking, including advancement of rulemaking on surveillance capitalism and likely new rulemaking on data security standards for general commercial enterprises;
Look not just whether a practice is deceptive. Disclosures of practices may be insufficient if it is otherwise unfair, and unfairness authority will be a tool the FTC will not hesitate to use. Areas of potential concerns, where the harm may outweigh benefits to consumers or competition (the Section 5 unfairness standard), include health-related, location and other sensitive personal data collection and use, engagements with teenagers, junk fees and business models and algorithms designed to keep a consumer overly engaged.
So-called “negative option” subscriptions services will be a focus (though no timeline was given for completion of rulemaking), as will be door-to-door sales, robocalls and privacy practices, including but not limited to practices of data brokers.
As the Green Guides rulemaking is advanced, the FTC will be working to develop standards that are consistent with environmental claims rules in Europe and other advanced economies.

For FTC watchers, none of this should come as any surprise. While the upcoming election could usher in a FTC with very different perspectives and priorities, it is a sure bet that the current FTC will look to advance its agenda this year. For more information contact the authors or your usual firm contact.

Disclaimer: While every effort has been made to ensure that the information contained in this article is accurate, neither its authors nor Squire Patton Boggs accepts responsibility for any errors or omissions. The content of this article is for general information only, and is not intended to constitute or be relied upon as legal advice.

California Delete Act Imposes New Obligations on Data Brokers

By Kyle Fath on December 12, 2023

Posted in California, CMIA, Compliance, CPPA, CPRA, Cybersecurity, Data Privacy, Gramm-Leach-Bliley Act (GLBA)

On October 10, 2023, Governor Newsom signed into law SB 362, known as the “California Delete Act” or “Delete Act”, which had been passed by the legislature at the end of the 2023 legislative session on September 14. The Delete Act amends California’s existing Data Broker Registration law (Cal. Civ. Code Section 1798.99.80 et. seq). Among other things, the law imposes additional registration requirements on top of those that already exist, doubles the administrative fine for failure to register, requires the California Privacy Protection Agency (CPPA) to set up a one-stop shop deletion mechanism that allows consumers to make requests to all registered data brokers, and obligates data brokers to access the mechanism every 45 days and process each and every deletion request made by consumers within a prescribed timeframe (including directing all service providers and contractors of the request).

Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy Regulators

By Kyle Fath & Kristin Bryan on August 24, 2023

Posted in California, CCPA, Colorado, Compliance, CPA, CPPA, CPRA, Cybersecurity, Dark Patterns, Data Privacy

As many of our readers know, keeping up with new developments in the privacy landscape is sometimes like drinking from a firehose. With respect to privacy enforcement, particularly in California and Colorado, the hose was turned on June 30^th and has been running all summer long. This barrage of information has left unanswered questions for many. What does the delay in enforcement of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA) (together, CCPA) regulations really mean? What am I required to comply with as of today? What are regulators already focusing on in their privacy enforcement efforts this summer?

Squire Patton Boggs Team Provides Practice Guidance on U.S. Direct Marketing Laws – Download Guide and Register for Conference

By Squire Patton Boggs on July 10, 2023

Posted in Consumer Protection, Data Privacy, Targeted Advertising

In June, Thomson Reuters Practical Law published “Direct Marketing in the US: Overview,” a Practice Note co-authored by Alan L. Friel and Kyle R. Dull. In a direct marketing campaign, the sender communicates directly with a targeted consumer to sell goods or services. Businesses are increasingly transitioning to a direct-to-consumer advertising and sales model. The Practice Note highlights the data practices of direct marketers and flags key compliance issues to consider in this evolving business environment. Alan, Katy and Kyle provide a detailed summary of the data related legal issues for businesses to consider in the United States, including state consumer privacy laws, telemarketing, unfair and deceptive trade acts and practices (UDAP) and other key marketing laws, along with consumer recourse and regulatory enforcement implications.

Privacy World Week in Review

By Kristin Bryan on June 19, 2023

Posted in Artificial Intelligence, Asia, Biometric, Biometric data, China, Compliance, Cybersecurity, Dark Patterns, Data Export, Data Privacy, Data Privacy, EU, EU, Florida, Florida Law, Korea, Montana, New Zealand, Privacy, Privacy Litigation, Singapore, Singapore, South Korea, South Korea, Southeast Asia, Technology, US

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

China Issues Guidelines for Submitting the Personal Information Protection Impact Assessment for Data Exports | Privacy World

New Zealand Urges All Businesses To Adopt 2FA | Privacy World

Florida’s Consumer Privacy Law Signed by the Governor | Privacy World

Are You July-1-READY? 2023 Privacy Laws and Regulations Call for Revisiting Your 2022 End-of-Year Compliance Efforts | Privacy World

The EU Approach to AI Regulation: Texts That Generative AI Will Not Come Up With | Privacy World

Singapore Open-sources World’s First AI Governance Testing Framework and Toolkit | Privacy World

Hong Kong Initiates Privacy Compliance Checks on All Credit Reference Agencies | Privacy World

Montana’s Comprehensive Privacy Law Signed by the Governor | Privacy World

Singapore’s Central Bank and Google Cloud Collaborate on Responsible Generative AI | Privacy World

Uncloaking Dark Patterns: Identifying, Avoiding, and Minimizing Legal Risk | Privacy World

South Korea Looks to Tighten Biometrics Laws Amid Generative AI | Privacy World