Dark patterns are top of mind for regulators on both sides of the Atlantic. In the United States, federal and state regulators are targeting dark patterns as part of both their privacy and traditional consumer protection remits. Meanwhile, the European Data Protection Board (EDPB) is conducting a consultation on proposed Guidelines (Guidelines) for assessing and avoiding dark pattern practices that violate the EU General Data Protection Directive (GDPR) in the context of social media platforms. In practice, the Guidelines are likely to have broader application to other types of digital platforms as well.
Continue Reading “Dark Patterns” Are Focus of Regulatory Scrutiny in the United States and Europe
Colorado Privacy Act
California and Colorado Privacy Regulators Provide Updates on Rulemaking
Privacy regulators in California and Colorado recently made announcements regarding rulemaking for their respective state privacy laws. Last week, the California Privacy Protection Agency (“CPPA”) announced that it will hold its next public meeting this Thursday, February 17, during which it will discuss updates on the rulemaking process, including a timeline. On January 28, Colorado Attorney General Phil Weiser publicly announced the intent of the Colorado Office of the Attorney General (“COAG”) to carry out rulemaking activities to implement the Colorado Privacy Act (“CPA”), providing an indication of focus areas and a rough timeline. We discuss each of these developments in further detail below.
Continue Reading California and Colorado Privacy Regulators Provide Updates on Rulemaking
Colorado Governor Signs Consumer Privacy Law
With the stroke of his pen on July 7, Governor Jared Polis (D) signed the Colorado Privacy Act (CPA or Act) into law, making the Centennial State the third U.S. state to pass comprehensive consumer privacy legislation. The Act, passed by the legislature on June 8, is a combination of elements of California and Virginia…