In the latest of a flurry of FTC actions, the agency recently announced that it had entered into a consent order with CafePress, an online customized merchandise platform, over allegations that it failed to secure consumers’...more
3/22/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
FTC Act ,
NIST ,
Personal Information ,
Popular ,
Unfair or Deceptive Trade Practices
In the first of its kind “opinion” from the California Office of the Attorney General (“OAG”), the agency addressed the question of whether a consumer’s “right to know” what personal information a business holds about the...more
The Virginia Consumer Data Privacy Act (CDPA) - which is set to go into effect on January 1, 2023 - will likely be amended in the coming days. The Virginia House and Senate have passed four amendments which, most notably,...more
The Federal Trade Commission (FTC) reached a settlement with WW International Inc., formerly known as Weight Watchers (WW), over allegations that the company collected children’s information without parental consent in...more
Utah is close to becoming the fourth state to have a comprehensive privacy law. The Utah Consumer Privacy Act (SB 227) unanimously passed the Utah Senate on February 25. And the Utah House followed suit quickly, unanimously...more
Several comprehensive privacy bills are being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move through their respective legislatures....more
In our second California Privacy Update, we continue to closely follow updates in California privacy law, especially those to the California Privacy Rights Act (CPRA). Below are the recent updates to the California’s privacy...more
Russia’s full-scale military invasion of Ukraine is raising cybersecurity risks for American businesses. Corporate America must take immediate additional precautions to protect their networks in light of what is quickly...more
The European Commission has presented its draft Data Act, which will affect a broad range of companies and heavily emphasizes data accessibility and fairness. Companies should begin to evaluate their current practices and...more
Several comprehensive privacy bills are being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move through their respective legislatures. We will...more
Last week, two bills were proposed in Congress aimed at improving consumer privacy protection. These proposals focus on specific areas of privacy law – health data that falls outside of HIPAA and do-not-track signals....more
French regulators have held that the use of Google Analytics violates the GDPR, a decision that likely has broad implications for web analytics companies and website operators.
On February 10, 2022, the French Data...more
2/16/2022
/ Analytics ,
CNIL ,
Corporate Counsel ,
Data Protection Authority ,
Facebook ,
FISA ,
France ,
General Data Protection Regulation (GDPR) ,
Google ,
International Data Transfers ,
Schrems I & Schrems II
The California Consumer Privacy Act (CCPA) may seem like old news, especially now that Virginia and Colorado have also passed comprehensive privacy laws, but businesses must continue to pay attention to California if they...more
The Colorado AG recently provided guidance on data security best practices. Companies doing business in Colorado, especially those subject to the Colorado Privacy Act, should be paying attention to what is required under...more
Businesses that transfer personal data to and from the United Kingdom will soon have clarity regarding transfers from the UK to recipients outside the EU/EEA.
On February 2, 2022, the United Kingdom Secretary of State...more
Last week, the Belgian Data Protection Authority ruled that the IAB’s cookie consent framework violated the GDPR. This decision has tremendous potential implications on the ad tech industry, as both publishers and advertisers...more
2/8/2022
/ Adtech ,
Advertising ,
Belgium ,
Consent ,
Cookies ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Publishers
As we had written about previously, there are several comprehensive privacy bills being considered at the state level. This blog post provides notable updates on bills companies should be paying attention to as they move...more
Last week, the Federal Trade Commission (“FTC”) released two guidance documents to aid in compliance with its Health Breach Notification Rule (“the Rule”), which requires “vendors of personal health records” or “PHR related...more
As companies prepare for new privacy laws to go into effect in California, Virginia, and Colorado, they should also keep an eye out on other states that are looking to pass their own “comprehensive” privacy legislation....more
Virginia lawmakers are considering multiple amendments to Virginia’s Consumer Data Protection Act (CDPA). These amendments mostly address a variety of open issues under the law, including the right to cure, how businesses can...more
Will 2022 be the year for a national privacy law? We are seeing new federal proposals, ongoing negotiations about key issues such as a private right of action and state pre-emption, and new activity at the state level. There...more
12/29/2021
/ Biden Administration ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
Consumer Privacy Rights ,
Data Privacy ,
Disparate Impact ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Legislative Agendas ,
Notice Requirements ,
Personal Data ,
Personal Information ,
State Privacy Laws
On October 27, 2021, the Federal Trade Commission (FTC) announced a newly updated rule under the Gramm-Leach-Bliley Act (GLBA) intended to require financial institutions to strengthen their data security safeguards to protect...more
11/1/2021
/ Cybersecurity ,
Data Protection ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Personal Information ,
Risk Assessment ,
Safeguards Rule ,
Security Risk Assessments ,
Third-Party Service Provider
On September 16, 2021, the Federal Trade Commission (“FTC” or “Commission”) held its third Open Commission Meeting in as many months. The Commission addressed four items: (1) whether to issue a policy statement affirming that...more
10/13/2021
/ Acquisitions ,
American Recovery and Reinvestment Act ,
Committee Meetings ,
Data Breach ,
Department of Justice (DOJ) ,
Federal Trade Commission (FTC) ,
Hart-Scott-Rodino Act ,
Mobile App Privacy Guidelines ,
Mobile Apps ,
Non-Compete Agreements ,
PHI ,
Rulemaking Process ,
Size of Transaction Test ,
Technology Sector ,
Vertical Mergers
On July 21, 2021, the Federal Trade Commission (“FTC” or “Commission”) held its second Open Commission Meeting. There were three items on the agenda: (1) whether or not to rescind a 1995 policy statement on prior approval and...more
8/9/2021
/ Competition ,
Enforcement ,
Federal Trade Commission (FTC) ,
FTC Act ,
Hart-Scott-Rodino Act ,
Magnuson-Moss Act ,
Manufacturers ,
Mergers ,
Policy Statement ,
Product Labels ,
Public Comment ,
Public Meetings ,
Right to Repair
On Thursday, July 1, the Federal Trade Commission held its first meeting under Chair Lina M. Khan and first open business meeting in over twenty years. The Commission considered four items during the nearly two hour long...more
7/13/2021
/ Administrative Procedure ,
Antitrust Provisions ,
Antitrust Violations ,
Enforcement Authority ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
FTC Act ,
Labeling ,
Made in the USA ,
Magnuson-Moss Act ,
Public Comment ,
Unfair or Deceptive Trade Practices