Keypoint: The California legislature enters into the final week of its session with many bills still under consideration. We are currently tracking thirteen privacy and AI-related bills that previously crossed chambers prior...more
Keypoint: Last week, several privacy and AI bills passed out of committee (with some receiving amendments) while two bills died in committee. We are currently tracking thirteen privacy and AI-related bills that previously...more
8/19/2024
/ Algorithms ,
Artificial Intelligence ,
California ,
California Consumer Privacy Act (CCPA) ,
Corporate Counsel ,
Disclosure Requirements ,
Online Safety for Children ,
Personal Information ,
Social Media ,
State Privacy Laws ,
User-Generated Content
Keypoint: The California legislature has many pending privacy and AI-related bills to consider before it closes on August 31. The California legislature left for its summer recess on July 3 and will reconvene on August 5....more
Keypoint: The settlement, which includes a $500,000 fine and injunctive relief, arises out of alleged violations of the CCPA’s children’s privacy provisions and COPPA. On June 18, 2024, the California Attorney General...more
6/20/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CARU ,
COPPA ,
Corporate Counsel ,
Mobile Apps ,
Online Gaming ,
Personal Information ,
Settlement ,
Software Developers ,
State Attorneys General
Keypoint: In only its second public enforcement settlement, the California Attorney General announced a $375,000 fine along with injunctive relief.
On February 21, 2024, the California Attorney General announced that it had...more
Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing draft automated decisionmaking technology regulations although the Agency has yet to initiate the formal rulemaking process....more
11/28/2023
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Notification Requirements ,
Opt-Outs ,
Personal Information ,
Right-To-Access ,
Risk Assessment ,
State Privacy Laws
Keypoint: The California Privacy Protection Agency continued its rulemaking efforts by releasing revised draft cybersecurity audit regulations although the Agency has yet to initiate the formal rulemaking process....more
Keypoint: Claims brought under the Washington My Health My Data Act’s private right of action will turn on whether a plaintiff can prove actual damages that were caused by a violation effecting the plaintiff’s business or...more
Keypoint: With a private right of action, broad applicability to businesses of all sizes and types, a scope that is broader than its name suggests, and strong consent-based requirements and privacy rights, the Washington My...more
4/18/2023
/ Consent ,
Consumer Privacy Rights ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Healthcare ,
New Legislation ,
Personal Information ,
Privacy Laws ,
Private Right of Action ,
Right to Delete ,
Washington
Keypoint: The California Privacy Protection Agency’s issuance of significantly modified proposed regulations comes days in advance of four scheduled Board meetings where the proposed regulations will open to debate,...more
Keypoint: Businesses subject to the CCPA will need to revise their compliance programs before the exemptions expire on January 1, 2023.
As previously reported, the California legislature had been considering multiple bills...more
9/1/2022
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Corporate Counsel ,
Data Privacy ,
Data Transfers ,
Disclosure Requirements ,
Employee Monitoring ,
Information Requests ,
Personal Information ,
Personnel Records ,
Popular
Keypoint: The comments focus on identifying areas in which the Attorney General’s Office may provide additional clarity to consumers and businesses and to ensure, where appropriate, the interoperability of the Colorado...more
6/22/2022
/ Authentication ,
Biometric Information ,
Colorado ,
Consent ,
Consumer Privacy Rights ,
Consumer Requests ,
Data Breach ,
Data Privacy ,
Personal Information ,
Privacy Notice Rule ,
State Privacy Laws
Keypoint: The California Privacy Protection Agency issued a first set of draft regulations that contain a number of notable provisions but do not address all of the CPRA’s rulemaking topics....more
5/31/2022
/ California Privacy Rights Act (CPRA) ,
Consent ,
Corporate Counsel ,
Data Collection ,
Draft Guidance ,
Notice of Proposed Rulemaking (NOPR) ,
Opt-Outs ,
Personal Information ,
Popular ,
Privacy Policy ,
Right to Delete ,
Sensitive Personal Information ,
Third-Party Service Provider
Keypoint: The requirements for recognizing opt-out preference signals for certain types of processing vary widely depending on which state laws apply.
This is the sixth post in our ten-part weekly series comparing key...more
Keypoint: California legislators introduced eight bills to amend or supplement the CPRA, including AB2891 that seeks to extend the employee and business-to-business exemptions, and AB2871 that seeks to make those exemptions...more
Keypoint: The CPRA, CPA and VCDPA require data protection assessments for certain processing activities; however, when and how entities must conduct and prepare assessments varies....more
Keypoint: The CPRA, CPA, and VCDPA’s definitions of “publicly available information” are broader than the CCPA’s definition, thereby expanding the types of personal information companies may process outside the confines of...more
Keypoint: China’s Personal Information Protection Law is a complicated regulatory regime that will require U.S. entities subject to its requirements to undertake substantial compliance efforts.
Effective November 1, 2021,...more
Keypoint: The California Privacy Protection Agency initiates preliminary rulemaking activities under the California Privacy Rights Act.
On Wednesday, September 22, 2021, the California Privacy Protection Agency (Agency)...more
Keypoint: The 2022 legislative session of proposed state consumer privacy legislation kicks off with the filing of a new bill in Oklahoma.
On September 9, 2021, Rep. Collin Walke (D) and Majority Leader Rep. Josh West...more
Keypoint: A detailed analysis of the Attorney General’s twenty-seven published examples of noncompliance notices sent during the first year of CCPA enforcement reveals key learnings for CCPA compliance efforts.
In July,...more
Keypoint: Businesses that sell personal information under the CCPA are now required to honor Global Privacy Control signals.
In an update to its CCPA FAQs, the California Attorney General’s office has stated that...more
Keypoint: If signed by the Governor, entities doing business in Nevada will need to examine their data transfers to determine whether they constitute “sales” under the broader definition....more
Keypoint: This week the Colorado Privacy Act passed out of the Senate Appropriations Committee, Alaska’s House Labor and Commerce Committee held another hearing on its bill, Connecticut’s bill was sent to the Senate...more
Keypoint: If passed, the bill would, among other changes, broaden Nevada’s existing right to opt out of sales of covered information.
In late March, we first reported that the Nevada legislature is considering a bill...more