Regulators are intensifying efforts to address the complex challenges of protecting children’s privacy and safety in an increasingly digital world. As experts warn of the psychological and developmental risks of growing up...more
Partner Aaron Burstein was quoted in “Ad Tracking Tools Subject to Further Scrutiny Under US Bulk Data Rule” published by MLex. The article covers the bulk data rule, also known as the Data Security Program, which restricts...more
On October 13, 2025, California Governor Gavin Newsom signed AB 1043, the Digital Age Assurance Act, into law. The Big Tech-supported measure, which takes effect on January 1, 2027, adopts an app-store centric age assurance...more
10/21/2025
/ App Developers ,
Big Tech ,
California ,
California Consumer Privacy Act (CCPA) ,
Consumer Privacy Rights ,
Digital Platforms ,
Mobile Apps ,
New Legislation ,
Online Safety for Children ,
Regulatory Requirements ,
Software Developers ,
State Privacy Laws
On September 26, 2025, the California Privacy Protection Agency (CPPA) announced a $1.35 million fine against Tractor Supply Company, resolving allegations that the company violated the California Consumer Privacy Act (CCPA)....more
10/13/2025
/ California ,
California Consumer Privacy Act (CCPA) ,
California Privacy Protection Agency (CPPA) ,
Consumer Privacy Rights ,
Contract Terms ,
Data Privacy ,
Data Protection ,
Do Not Sell ,
Employees ,
Enforcement Actions ,
Opt-Outs ,
Personal Information ,
Settlement ,
State Privacy Laws
On Thursday, the U.S. House Committee on Financial Services Subcommittee on Financial Institutions held a hearing entitled, “Framework for the Future: Reviewing Data Privacy in Today’s Financial System.” Hearing testimony...more
Most businesses that send texts to their target audiences are focused on compliance with the federal Telephone Consumer Protection Act (TCPA) – and understandably so, given the explosion in class action litigation stemming...more
3/25/2025
/ Class Action ,
Compliance ,
Consumer Protection Laws ,
Corporate Counsel ,
Marketing ,
Regulatory Requirements ,
Settlement ,
TCPA ,
Telecommunications ,
Telemarketing ,
Text Messages
It’s been a week since the Trump administration fired FTC Commissioners Slaughter and Bedoya because their “continued service on the FTC is inconsistent with . . . administration priorities.” In the days since, we’ve been...more
As its first policy initiative under Chair Andrew Ferguson, the FTC announced a Request for Information (RFI) “to better understand how technology platforms deny or degrade users’ access to services based on the content of...more
2/24/2025
/ Antitrust Provisions ,
Big Tech ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Online Platforms ,
Request For Information ,
Rulemaking Process ,
Section 5 ,
Social Media ,
Unfair or Deceptive Trade Practices
Under many circumstances, state privacy laws require businesses to pass a consumer’s valid deletion request to any entity that processes the data on behalf of the business or otherwise is a recipient of the data. These...more
Join Kelley Drye privacy attorneys for an upcoming webinar, "Privacy and AI in the Trump 2.0 Era." This session will explore the potential shifts in privacy regulation and AI oversight with the new administration, including...more
U.S. privacy developments are moving quickly, but health data privacy is racing forward. Companies that come into contact with consumers’ health data need to track and respond to a variety of developments. Most notably, these...more
If you follow our blog, you already know that there have been a number of significant developments in the world of advertising law over the past 12 months. In this post, we highlight ten of those developments and consider...more
The Federal Trade Commission (FTC) announced a Notice of Proposed Rulemaking (NPRM) to amend the Children’s Online Privacy Protection Act Rule (COPPA Rule). The COPPA Rule applies to operators of websites and online services...more
With the continuing onslaught of state privacy laws, it’s easy to become overwhelmed by the number of new legal obligations while also trying to stay focused on identifying and mitigating the most pressing legal and business...more
For the second time in as many months, the Federal Trade Commission (FTC) last week announced a settlement alleging that a company’s the use and disclosure of consumers’ health information for online advertising violated the...more
Amidst all of the recent news and developments about the privacy of kids and teens (including multiple Congressional hearings; Frances Haugen’s testimony; enactment of the UK’s and California’s Age Appropriate Design Codes;...more
No, we’re not talking about sinister sewing guides, but rather practices or formats that may manipulate or mislead consumers into taking actions they would not otherwise take.
We untangled the topic of so-called “dark...more
Warning that “[t]here are no more excuses,” California Attorney General on August 24, announced the first public settlement under the California Consumer Privacy Act (CCPA). The settlement order, which the court approved on...more
On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking...more
On Friday May 27, 2022, the California Privacy Protection Agency (CPPA) Board announced its next public meeting will be on June 8, 2022. The announcement simply stated the date of the meeting, that there are “some discussion...more
As companies wait to see whether the Utah Consumer Privacy Act (UCPA) becomes the fourth comprehensive state privacy law, we are providing an overview of some of the Act’s key provisions – and how they depart from...more
In the absence of a federal privacy law, privacy has been at the forefront of many states’ legislative sessions this year:
- Utah is poised to be the fourth state to enact comprehensive privacy legislation
- Florida...more
Last week, the Attorney General Alliance hosted a seminar to address the Colorado Privacy Act (CPA)—what it does and how to prepare for its July 1, 2023 effective date. The seminar featured a discussion with the bill’s...more
In guidance released last week, the New York State Office of the Attorney General urged businesses to incorporate safeguards to detect and prevent credential-stuffing attacks in their data security programs. The guidance...more
In an unusual warning to companies running Java applications with Log4j in their environments, the Federal Trade Commission (FTC) recently cautioned that it “intends to use its full legal authority to pursue companies that...more