The past two weeks have seen continued developments in the state comprehensive privacy legislative landscape. Maryland, Minnesota, and Texas have entered the fray with new proposals, bringing the total number of states that...more
2/15/2023
/ Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Fair Credit Reporting Act (FCRA) ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Proposed Legislation ,
State Privacy Laws
On February 2, 2023, the Illinois Supreme Court held in a unanimous opinion that individuals have five years after an alleged violation to bring claims under the state’s Biometric Information Privacy Act (BIPA). This ruling...more
On February 1, the Colorado Attorney General’s (AG) Office and the Colorado Department of Law (the “Department”) held a rulemaking hearing on the Proposed Draft Rules for the Colorado Privacy Act (CPA), which goes into effect...more
In a press release on January 27, 2023, California Attorney General (“California AG”) Rob Bonta announced an investigative sweep focused on mobile applications’ compliance under the California Consumer Privacy Act (CCPA),...more
2023 continues to be a busy year for state comprehensive privacy legislation. Since our last post, several new states have entered the fray with legislative proposals, while some of the bills we previously examined have moved...more
The new year has already seen a flurry of state privacy law activity, with legislators in at least nine states (Indiana, Iowa, Kentucky, Massachusetts, Mississippi, New York, Oklahoma, Oregon, and Tennessee) proposing new...more
On October 7, 2022, President Biden signed an Executive Order (“EO”) implementing the new trans-Atlantic EU-U.S. Data Privacy Framework (“EU-U.S. DPF”). The EU-U.S. DPF, previously announced by President Biden and the...more
10/10/2022
/ Biden Administration ,
Binding Corporate Rules ,
Civil Liberties ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
EU ,
EU-US Privacy Shield ,
Executive Orders ,
Foreign Intellgence ,
International Data Transfers ,
National Intelligence Agencies ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
Surveillance ,
UK
On August 29, 2022, the California Age-Appropriate Design Code Act (the Act) was unanimously approved by the California State Senate. It now awaits Governor Gavin Newsom’s signature....more
9/15/2022
/ Children's Online Games ,
COPPA ,
Data Privacy ,
Data Protection Impact Assessments (DPIAs) ,
Enforcement ,
Governor Newsom ,
Minors ,
Online Platforms ,
Penalties ,
Pending Legislation ,
Social Networks ,
Websites
On August 11, 2022, the Federal Trade Commission (the FTC or the Commission) published an Advance Notice of Proposed Rulemaking (ANPR) to request public comment on the prevalence of “commercial surveillance and data security...more
On July 20, the House Committee on Energy & Commerce held an open markup session on the American Data Privacy and Protection Act (ADPPA), which concluded in an affirmative vote (53-2) for an amended version of the bill to...more
This week, the American Data Privacy and Protection Act (ADPPA), H.R. 8152, was formally introduced in the House by Representatives Frank Pallone (D-NJ), Cathy McMorris Rodgers (R-WA), Janice Schakowsky (D-IL), and Gus...more
On June 15, 2022, Senator Elizabeth Warren introduced Senate Bill S.4408, Health and Location Data Privacy Act of 2022 (the “Bill”). The Bill, co-sponsored with Senators Ron Wyden, Patty Murray, Sheldon Whitehouse, and Bernie...more
Last week, Representatives Frank Pallone (D-NJ) and Cathy McMorris Rodgers (R-WA) and Senator Roger Wicker (R-MS) released a draft federal privacy proposal titled the American Data Privacy and Protection Act (ADPPA). ADPPA is...more
6/8/2022
/ California Consumer Privacy Act (CCPA) ,
Congressional Committees ,
Consumer Privacy Rights ,
Covered Entities ,
Data Privacy ,
Duty of Loyalty ,
Enforcement ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Preemption ,
Private Right of Action ,
Proposed Legislation ,
Sensitive Personal Information ,
State Privacy Laws
In our third California Privacy Update, we continue to closely follow potential privacy law updates in California. ...more
U.S. privacy law is undergoing dramatic change on an accelerating pace. New laws across the country address specific industries, certain kinds of data, and various concerning practices. There is international pressure to...more
4/22/2022
/ Antitrust Provisions ,
Competition Authorities ,
Data Privacy ,
Data Protection Authority ,
Facebook ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Legislative Agendas ,
Personal Data ,
Privacy Laws ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Requirements ,
Right to Privacy ,
Social Networks
On March 25, 2022, US President Joe Biden and European Commission President Ursula von der Leyen made the long-awaited announcement that the United States and the European Union have agreed, in principle, to the...more
Several comprehensive privacy bills are being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move through their respective legislatures....more
Utah is close to becoming the fourth state to have a comprehensive privacy law. The Utah Consumer Privacy Act (SB 227) unanimously passed the Utah Senate on February 25. And the Utah House followed suit quickly, unanimously...more
The Colorado AG recently provided guidance on data security best practices. Companies doing business in Colorado, especially those subject to the Colorado Privacy Act, should be paying attention to what is required under...more
Will 2022 be the year for a national privacy law? We are seeing new federal proposals, ongoing negotiations about key issues such as a private right of action and state pre-emption, and new activity at the state level. There...more
12/29/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Privacy ,
Disparate Impact ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Notice Requirements ,
Personal Data ,
Personal Information ,
State Privacy Laws
Despite its antecedents in one of the most widely cited law review articles of all time from more than 130 years ago, modern United States privacy law is roughly twenty years old. Even though still in its relative infancy,...more
7/8/2021
/ Big Data ,
California Consumer Privacy Act (CCPA) ,
Data Breach ,
Data Privacy ,
Data Security ,
Enforcement ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Personal Data ,
Personal Information ,
Preemption ,
Privacy Laws ,
Private Right of Action ,
Sensitive Personal Information ,
State Privacy Laws
In today’s interconnected world, personal information has never been more broadly collected and analyzed by governments and corporations alike, making it imperative that we understand, enforce and update privacy laws in order...more
On June 7, 2021, the Colorado House of Representatives passed the Colorado Privacy Act (CPA), a comprehensive privacy law similar to the California Privacy Rights Act (CPRA) and California Consumer Privacy Act (CCPA), as well...more
6/9/2021
/ Business Associates ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Covered Entities ,
Data Controller ,
Data Privacy ,
Exemptions ,
General Data Protection Regulation (GDPR) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-Outs ,
Pending Legislation ,
Personal Data ,
Sensitive Personal Information ,
State Privacy Laws
Health-care privacy is at a crossroads. For almost 20 years, the health-care industry has addressed the requirements of the HIPAA Privacy and Security Rules, building reasonable and appropriate compliance programs from an...more
Security existed as a business norm long before it became a legal and compliance requirement. Doctors' offices locked their doors at night to ensure no one could access their records. Stores took precautions when they walked...more