On March 12, 2025, the California Privacy Protection Agency (CPPA) announced a settlement with American Honda Motor Co., resolving allegations that the company violated the California Consumer Privacy Act (CCPA) and requiring...more
3/17/2025
/ Automotive Industry ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data-Sharing ,
Enforcement Actions ,
Honda ,
Personal Information ,
Statutory Violations
In recent months, the California Privacy Protection Agency (CPPA) has stepped firmly into a role as the nation’s leading data broker regulatory and enforcement agency....more
A New York health privacy law has moved quickly through both chambers of the state legislature and is up for review by Governor Kathy Hochul. The New York Health Information Privacy Act (“NYHIPA”) bears striking resemblance...more
The California Privacy Protection Agency’s (CPPA) new data broker regulations took effect on December 27, 2024. They are now in effect during the CPPA’s annual data broker registration period, which lasts from January 1 to...more
Under many circumstances, state privacy laws require businesses to pass a consumer’s valid deletion request to any entity that processes the data on behalf of the business or otherwise is a recipient of the data. These...more
On November 8, the California Privacy Protection Agency (CPPA) voted 5-0 to approve new regulations to implement the DELETE Act of 2023. The most noteworthy development was the agency’s adoption of a new definition of...more
The California Privacy Protection Agency (CPPA) has signaled it will advance rulemaking at its upcoming November 8 board meeting to place restrictions on the use of automated decision-making technology (ADMT) and impose new...more
AI capabilities are growing by the day, and with them, so are increasing government efforts to put in place guardrails, principles, and rules to govern the AI space. In May alone, Utah’s Artificial Intelligence Policy Act...more
On July 29, 2024, the FTC’s revised Health Breach Notification Rule (HBNR) takes effect. The Rule requires vendors of personal health records (PHRs) and related entities not covered by HIPAA to notify individuals, the FTC,...more
The year ahead promises to be busy on the state privacy front. As we’ve covered on this blog, states are continuing to fill the gap at the federal level by implementing comprehensive state laws that guarantee consumer privacy...more
The Federal Trade Commission (FTC) announced a Notice of Proposed Rulemaking (NPRM) to amend the Children’s Online Privacy Protection Act Rule (COPPA Rule). The COPPA Rule applies to operators of websites and online services...more
The California Privacy Protection Agency (CPPA) and California Office of Attorney General (OAG) are publicly pressing ahead with enforcement now that they have the authority to enforce the California Consumer Privacy Act...more
Google updated its privacy terms earlier this month, shifting away from offering many of its advertising services on a “service provider” basis. With the change, Google states that its Customer Match, Audience Partner API,...more
Indiana’s Consumer Data Protection Act advanced in the state legislature last week and now heads to Governor Eric J. Holcomb’s desk. The bill mirrors comprehensive privacy legislation enacted in Virginia, Utah, and Iowa,...more
On Wednesday, June 8, the California Privacy Protection Agency (CPPA) Board voted 4-0 (with one member absent) to initiate the CPRA rulemaking process based on the draft regulations released on May 27th prior to the Memorial...more
On Friday June 3, a bipartisan group of leaders from key House and Senate committees released a new “discussion draft” bill to establish nationwide standards for consumer privacy. The proposal (the American Data Privacy and...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
On Tuesday, Connecticut became the fifth state to pass comprehensive privacy legislation when Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” into law. Connecticut joins California,...more
In the first formal written opinion interpreting CCPA compliance obligations, California Attorney General Rob Bonta concludes that the CCPA grants consumers the right to know and access internally generated inferences that...more
In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs. The guidance...more
Last week, California’s Governor Gavin Newsom signed into law AB 694, which makes a few technical changes to the California Privacy Rights Act (CPRA). The relevant changes to the CPRA are summarized below....more
During last month’s California Privacy Protection Agency Board (CPPA) meeting, the only substantive agenda item, addressed in closed session, was a discussion of two key appointments: the first Executive Director and a Chief...more
As of September 27, 2021, the European Commission requires controllers and processors to rely on the recently updated Standard Contractual Clauses (SCCs) for any new contracts governing personal data transfers from the EEA....more
9/30/2021
/ Data Controller ,
Data Protection ,
EU ,
European Commission ,
European Economic Area (EEA) ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Schrems I & Schrems II ,
Standard Contractual Clauses
On September 22, the California Privacy Protection Agency (CPPA) issued an invitation for public comments as part of its first “preliminary” rulemaking activities. Established by the California Privacy Rights Act (CPRA)...more
The California Office of the Attorney General has published a list of recent CCPA enforcement examples on its website. Each example summarizes the AG’s allegation of noncompliance and the steps that the companies took to...more