Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed "An Act Concerning Personal...more
Utah is poised to become the fourth state to enact comprehensive consumer privacy legislation, following California, Virginia, and Colorado. Earlier this month, Utah's legislature passed the Utah Consumer Privacy Act (S.B....more
The California Privacy Protection Agency (CPPA), the newly formed state agency responsible for implementing the California Privacy Rights Act (CPRA), recently posted its first invitation for public comment on proposed...more
Recently, the Office of the Attorney General of California announced three major updates that 1) added to the California Consumer Privacy Act's (CCPA) opt-out rules related to the sale of personal information, 2) made it...more
7/27/2021
/ California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Management ,
Data Privacy ,
Data Protection ,
Personal Data ,
Personally Identifiable Information ,
Privacy Laws ,
State and Local Government
On June 25, 2021, the U.S. Supreme Court decided TransUnion v. Ramirez, which held that even when a statute has been violated, and that statute provided a private right of action, plaintiffs still need a concrete injury in...more
7/16/2021
/ Article III ,
Class Action ,
Class Members ,
Credit Reporting Agencies ,
Credit Reports ,
Fair Credit Reporting Act (FCRA) ,
Injury-in-Fact ,
SCOTUS ,
Standing ,
TransUnion ,
TransUnion LLC v Ramirez
Colorado may soon enter the national stage for its new privacy legislation. On June 8, 2021, Colorado's legislature passed the Colorado Privacy Act (SB21-190) (ColoPA). The bill was recently sent to the Colorado governor's...more
Virginia is poised to become the second U.S. state to enact broad consumer privacy legislation. While the legislation draws some parallels with the California Consumer Privacy Act (CCPA) and upcoming California Privacy Rights...more
Apple recently announced that app developers must check a series of yes/no boxes that will generate a "nutrition label"-style summary of the app's privacy practices. This new summary, formally called "App Privacy," will be...more
On Election Day, November 3, 2020, California voters overwhelmingly voted in favor of Proposition 24—a ballot measure that creates the California Privacy Rights Act (CPRA). The CPRA revises and expands the California Consumer...more
On June 2, 2020, the California Attorney General announced that it had submitted the final proposed regulations package for the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The...more
On March 11, 2020, the California Attorney General issued further revisions to the proposed regulations implementing the California Consumer Privacy Act (CCPA)....more
Updates to Compliance Likely Required -
On February 10, 2020, the California Attorney General issued the proposed text of modified regulations implementing the California Consumer Privacy Act (CCPA). This draft is a...more
Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers -
While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed...more
The U.S. Supreme Court has handed down a major decision, Carpenter v. United States, concerning the Fourth Amendment’s application to the rapidly evolving technological landscape. The 5-4 decision dramatically alters the...more
7/26/2018
/ Carpenter v US ,
Cell Phones ,
Cell Site Location Information (CSLI) ,
Electronically Stored Information ,
Fourth Amendment ,
Geolocation ,
Location Data ,
Probable Cause ,
Reasonable Expectation of Privacy ,
SCOTUS ,
Third-Party ,
Warrantless Searches
In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into...more
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC),...more
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement....more
On February 27, 2018, the Federal Trade Commission (FTC) announced that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and...more
On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen...more
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and...more
1/30/2018
/ Article 29 Working Party (WP29) ,
Carpenter v US ,
Court of Justice of the European Union (CJEU) ,
Cybersecurity ,
EU ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
NHTSA ,
Pending Legislation ,
Uber ,
US v Microsoft
The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the...more
The U.S. District Court for the Northern District of California recently issued a mixed ruling on D-Link Systems’ motion to dismiss in FTC v. D-Link Sys., Inc. D-Link sells routers and Internet protocol (IP) cameras that it...more
On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its...more
On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo regarding the company's practice of pre-loading software on its laptops that...more
On December 17, 2015, the Federal Trade Commission (FTC) announced its first Children's Online Privacy Protection Act (COPPA) enforcement actions challenging the use of persistent identifiers to engage in targeted advertising...more