On March 8, 2023, the U.K. Secretary of State for Science for Innovation and Technology announced the publication of the Data Protection and Digital Information (No.2) Bill. This new version of the Data Protection and Digital...more
In a landmark decision that will have widespread effects, the Illinois Supreme Court ruled that a claim accrues each time—rather than just the first time—that data is collected in violation of the Biometric Information...more
2022 proved to be an historic year for privacy and data security, and 2023 is likely to follow suit. With privacy compliance deadlines looming under three state laws, a surge in data privacy litigation, new federal...more
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Bonta alleges failed to comply with the California...more
On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Banta alleges failed to comply with the California...more
With Colorado joining California as the only other state with rules implementing a comprehensive privacy law, businesses and practitioners have been anxiously watching to see whether a California-compliant privacy policy...more
2022 proved to be an historic year for privacy and data security. Connecticut and Utah joined the list of states that have now passed comprehensive data privacy laws, bringing the total to five (5) states. For the first...more
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the...more
On December 21, the Colorado Attorney General released a revised draft of the Colorado Privacy Act Rules....more
With its draft rules, Colorado has set forth a new model for state privacy laws. While there are many areas that are interoperable with the California model, the Colorado draft rules include important differences, as well as...more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On November 15, 2022, the FTC announced that it was extending by six months the deadline for companies to comply with some portions of the updated Safeguards Rule. The extension comes as a welcome relief to companies racing...more
On November 9, 2022, New York Department of Financial Services (NYDFS) Superintendent Adrienne Harris announced that the NYDFS formally proposed an updated cybersecurity regulation. Although the updates had previously been...more
On October 20, 2022, Texas Attorney General Ken Paxton brought suit in Texas district court against Google for alleged violations of the Texas Capture or Use of Biometric Identifier Act (“CUBI”). The petition claims that...more
In the past several months, plaintiff’s lawyers have filed dozens of class action lawsuits under state wiretap laws, some of which provide for statutory damages of $5000 per occurrence or more. The lawsuits focus on the use...more
The Third Circuit recently became the first federal appellate court to address the question of whether the victim of a data breach has Article III standing to bring a claim for damages based on the fear of identity theft...more
On October 17, the California Privacy Protection Agency (“CPPA”) published the first revisions to the CPRA regulations. This draft includes an extensive list of proposed changes in advance of the CPPA Board public hearing,...more
The jury returned a verdict in favor of the plaintiffs in the first trial for violations of the Illinois Biometric Privacy Act (“BIPA”), which was conducted in the District Court for the Northern District of Illinois. Rogers...more
Although the replacement for the Privacy Shield has garnered bigger headlines, the United States government also took another step towards a more coordinated international privacy framework by entering into the data access...more
The first jury trial for violations of the Illinois Biometric Privacy Act (“BIPA”) is underway in the District Court for the Northern District of Illinois. Rogers v. BNSF Ry. Co., No. 1:19-cv-03083. A jury will decide...more
On August 24, California Attorney General Rob Bonta announced a $1.2 million settlement with Sephora over allegations that the cosmetic retailer had violated the California Consumer Privacy Act (CCPA). This first public...more
With the CPRA set to become effective in a little more than three months, Ballard Spahr partners Phil Yannella and Greg Szewczyk discuss CPRA rule-making, the recent Sephora settlement, and outline key compliance steps that...more
On October 1, 2022, the Colorado Attorney General‘s Office announced that it had submitted the first draft of its Rules implementing the Colorado Privacy Act....more
Colorado Attorney General Philip Weiser gave his first public comments since April last Thursday at Ballard Spahr LLP’s 2022 Annual Colorado Privacy Summit. In an hour-long fireside chat with Ballard Spahr’s Co-Chair of...more
Our discussion examines the FTC’s Advanced Notice of Proposed Rulemaking relating to what it describes as “commercial surveillance” and the CFPB’s circular confirming that covered persons and service providers may violate the...more