Keypoint: In its second non-data broker enforcement action for violations of the CCPA, the California Privacy Protection Agency entered into a stipulated final order with a retailer for a $345,178 administrative fine and...more
5/7/2025
/ California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consent ,
Corporate Counsel ,
Data Collection ,
Enforcement Actions ,
Opt-Outs ,
Penalties ,
Personal Information ,
Privacy Laws ,
Retailers
Keypoint: A new Virginia law prohibits the collection, use, or sharing of reproductive or sexual health information without consent and provides Virginians with a private right of action for at least $500 per violation.
As...more
Keypoint: If signed by the governor, the Arkansas bill will create new obligations for the collection and processing of personal information for Arkansas children and teens under 16 years of age, however, compliance may prove...more
On March 12, 2025, the California Privacy Protection Agency (Agency) announced its first non-data broker enforcement action requiring a vehicle manufacturer to pay an administrative fine of $632,500 in connection with the...more
We are back for our sixth year of tracking proposed state privacy legislation and fifth year of providing weekly updates. As in past years, we will track proposed state privacy legislation through these weekly updates and our...more
1/13/2025
/ Algorithms ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
Consumer Protection Laws ,
Corporate Counsel ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Legislative Agendas ,
Personal Data ,
Personal Information ,
Privacy Acts ,
Privacy Laws ,
State Privacy Laws
Throughout the 2024 legislative session, we have been tracking numerous privacy- and AI-related bills pending in California. Ten of those bills passed the state legislature before the legislative session ended on August 31...more
10/7/2024
/ Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Data Privacy ,
Data-Sharing ,
Machine Learning ,
Minors ,
Opt-Outs ,
Personal Information ,
State Privacy Laws ,
Training ,
Transparency
Keypoint: The California legislature enters into the final week of its session with many bills still under consideration. We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior...more
Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee. We are currently tracking thirteen privacy and AI-related bills that previously...more
8/19/2024
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Disclosure Requirements ,
Online Safety for Children ,
Personal Information ,
Social Media ,
State Privacy Laws ,
User-Generated Content
Keypoint: The California legislature has many pending privacy and AI-related bills to consider before it closes on August 31. The California legislature left for its summer recess on July 3 and will reconvene on August 5....more
Keypoint: The settlement, which includes a $500,000 fine and injunctive relief, arises out of alleged violations of the CCPA’s children’s privacy provisions and COPPA. On June 18, 2024, the California Attorney General...more
6/20/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CARU ,
COPPA ,
Corporate Counsel ,
Mobile Apps ,
Online Gaming ,
Personal Information ,
Settlement ,
Software Developers ,
State Attorneys General
Keypoint: In only its second public enforcement settlement, the California Attorney General announced a $375,000 fine along with injunctive relief.
On February 21, 2024, the California Attorney General announced that it had...more
Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing draft automated decisionmaking technology regulations although the Agency has yet to initiate the formal rulemaking process....more
11/28/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Notification Requirements ,
Opt-Outs ,
Personal Information ,
Right-To-Access ,
Risk Assessment ,
State Privacy Laws
Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing revised draft cybersecurity audit regulations although the Agency has yet to initiate the formal rulemaking process....more
Keypoint: Claims brought under the Washington My Health My Data Act’s private right of action will turn on whether a plaintiff can prove actual damages that were caused by a violation effecting the plaintiff’s business or...more
Keypoint: With a private right of action, broad applicability to businesses of all sizes and types, a scope that is broader than its name suggests, and strong consent-based requirements and privacy rights, the Washington My...more
4/18/2023
/ Consent ,
Consumer Privacy Rights ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Healthcare ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete ,
Washington
Keypoint: The California Privacy Protection Agency’s issuance of significantly modified proposed regulations comes days in advance of four scheduled Board meetings where the proposed regulations will open to debate,...more
Keypoint: Businesses subject to the CCPA will need to revise their compliance programs before the exemptions expire on January 1, 2023.
As previously reported, the California legislature had been considering multiple bills...more
9/1/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Data Privacy ,
Data Transfers ,
Disclosure Requirements ,
Employee Monitoring ,
Information Requests ,
Personal Information ,
Personnel Records ,
Popular
Keypoint: The comments focus on identifying areas in which the Attorney General’s Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the Colorado...more
6/22/2022
/ Authentication ,
Biometric Information ,
Colorado ,
Consent ,
Consumer Privacy Rights ,
Consumer Requests ,
Data Breach ,
Data Privacy ,
Personal Information ,
Privacy Notice Rule ,
State Privacy Laws
Keypoint: The California Privacy Protection Agency issued a first set of draft regulations that contain a number of notable provisions but do not address all of the CPRA’s rulemaking topics....more
5/31/2022
/ California Privacy Rights Act (CPRA) ,
Consent ,
Corporate Counsel ,
Data Collection ,
Draft Guidance ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Policy ,
Right to Delete ,
Sensitive Personal Information ,
Third-Party Service Provider
Keypoint: The requirements for recognizing opt-out preference signals for certain types of processing vary widely depending on which state laws apply.
This is the sixth post in our ten-part weekly series comparing key...more
Keypoint: California legislators introduced eight bills to amend or supplement the CPRA, including AB2891 that seeks to extend the employee and business-to-business exemptions, and AB2871 that seeks to make those exemptions...more
Keypoint: The CPRA, CPA and VCDPA require data protection assessments for certain processing activities; however, when and how entities must conduct and prepare assessments varies....more
Keypoint: The CPRA, CPA, and VCDPA’s definitions of “publicly available information” are broader than the CCPA’s definition, thereby expanding the types of personal information companies may process outside the confines of...more
Keypoint: China’s Personal Information Protection Law is a complicated regulatory regime that will require U.S. entities subject to its requirements to undertake substantial compliance efforts.
Effective November 1, 2021,...more
Keypoint: The California Privacy Protection Agency initiates preliminary rulemaking activities under the California Privacy Rights Act.
On Wednesday, September 22, 2021, the California Privacy Protection Agency (Agency)...more