U.S. privacy developments are moving quickly, but health data privacy is racing forward. Companies that come into contact with consumers’ health data need to track and respond to a variety of developments. Most notably, these...more
If you follow our blog, you already know that there have been a number of significant developments in the world of advertising law over the past 12 months. In this post, we highlight ten of those developments and consider...more
The Federal Trade Commission (FTC) announced a Notice of Proposed Rulemaking (NPRM) to amend the Children’s Online Privacy Protection Act Rule (COPPA Rule). The COPPA Rule applies to operators of websites and online services...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
For the second time in as many months, the Federal Trade Commission (FTC) last week announced a settlement alleging that a company’s the use and disclosure of consumers’ health information for online advertising violated the...more
Amidst all of the recent news and developments about the privacy of kids and teens (including multiple Congressional hearings; Frances Haugen’s testimony; enactment of the UK’s and California’s Age Appropriate Design Codes;...more
No, we’re not talking about sinister sewing guides, but rather practices or formats that may manipulate or mislead consumers into taking actions they would not otherwise take.
We untangled the topic of so-called “dark...more
Warning that “[t]here are no more excuses,” California Attorney General on August 24, announced the first public settlement under the California Consumer Privacy Act (CCPA). The settlement order, which the court approved on...more
On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
As companies wait to see whether the Utah Consumer Privacy Act (UCPA) becomes the fourth comprehensive state privacy law, we are providing an overview of some of the Act’s key provisions – and how they depart from...more
In the absence of a federal privacy law, privacy has been at the forefront of many states’ legislative sessions this year:
- Utah is poised to be the fourth state to enact comprehensive privacy legislation
- Florida...more
Last week, the Attorney General Alliance hosted a seminar to address the Colorado Privacy Act (CPA)—what it does and how to prepare for its July 1, 2023 effective date. The seminar featured a discussion with the bill’s...more
In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs. The guidance...more
In an unusual warning to companies running Java applications with Log4j in their environments, the Federal Trade Commission (FTC) recently cautioned that it “intends to use its full legal authority to pursue companies that...more
State Attorneys General are already off to the races in 2022 – both with a significant number of election campaigns in full swing and an uptick in their consumer protection enforcement efforts. As a result, State AG consumer...more
On December 13, the New Mexico Attorney General announced a settlement with Google to resolve claims regarding children’s privacy, including in the burgeoning EdTech space. The federal lawsuits Balderas v. Tiny Lab...more
As we’ve all been following in the news, the House reconciliation bill to fund “human infrastructure” is still mired in negotiations, ever on the verge of either passing to monumental fanfare, or cratering in failure. Tucked...more
In a much-anticipated announcement last week, the FTC amended the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule, and proposed a further amendment requiring certain financial institutions to provide the FTC with notice in the...more
On October 6, 2021, the Senate Commerce Committee conducted its second in a series of hearings dedicated to consumer privacy and data, this time addressing Data Security. Similar to last week’s privacy hearing, the witnesses...more
During last month’s California Privacy Protection Agency Board (CPPA) meeting, the only substantive agenda item, addressed in closed session, was a discussion of two key appointments: the first Executive Director and a Chief...more
Last week, we wrote about FTC Chair Khan’s memo describing her plans to transform the FTC’s approach to its work. This week, she followed up with a no-less-ambitious statement laying out her vision for data privacy and...more
On September 29, 2021, the Senate Commerce Subcommittee held a hearing titled Protecting Consumer Privacy. The senators addressed the potential $1 billion earmarked to strengthen the FTC’s privacy work, the future of a...more
On September 22, the California Privacy Protection Agency (CPPA) issued an invitation for public comments as part of its first “preliminary” rulemaking activities. Established by the California Privacy Rights Act (CPRA)...more
In an aggressive expansion of its security and privacy enforcement programs, on September 15, 2021, the FTC issued what it characterized as a “Policy Statement” reinterpreting an old rule about personal health records....more