The Michigan Attorney General has filed a complaint against Roku, a popular TV content platform, alleging, among other things, violations of the Children’s Online Privacy Protection Act and the Video Privacy Protection Act...more
The New York Attorney General recently entered into an assurance of discontinuance with Root Insurance Company following a 2021 data incident. According to the AG, the threat actors obtained people’s drivers’ license numbers...more
The New York Attorney General recently entered into an assurance of discontinuance with Saturn Technologies, operator of an app used by high school and college students. The app was designed to be a social media platform that...more
As 2024 came to a close, New York Gov. Hochul signed two bills (A8872A and S2376B) amending New York’s data breach law. The modifications change both what constitutes personal information under the law, as well as modifying...more
The Federal Trade Commission recently settled complaints against two data brokers over their handling of consumers’ sensitive location information. The agency alleged that such practices constitute unfair practices. Under the...more
In the fifth in our series of California developments, we turn to data broker obligations. There are two of note. First, the California privacy agency is moving forward Delete Act regulations it proposed earlier this year....more
In the second in our series of new CCPA regulations from California, we look at proposed rules for use of automated decisionmaking technology. As a reminder, CCPA discusses these technologies in relation to profiling, namely...more
12/12/2024
/ Artificial Intelligence ,
Automated Decision Systems (ADS) ,
California ,
California Consumer Privacy Act (CCPA) ,
Data Privacy ,
Legislative Agendas ,
Machine Learning ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Privacy Policy ,
Regulatory Agenda ,
Risk Assessment ,
State and Local Government ,
State Privacy Laws ,
Technology
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft....more
California’s governor has signed an amendment to CCPA, the state’s well-known privacy law. While California was the first to pass a “comprehensive” privacy law, it is the second -with this new amendment- to include “neural...more
The Children’s Advertising Review Unit recently settled with KidGeni – a generative art platform intended for children- for allegedly violating both CARU’s guidelines and COPPA. According to CARU, which is a self-regulatory...more
8/19/2024
/ Artificial Intelligence ,
CARU ,
Class Action ,
COPPA ,
Data Collection ,
Enforcement ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Privacy Laws
Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New...more
4/26/2024
/ Consumer Privacy Rights ,
Data Collection ,
Data Privacy ,
Data Protection ,
New Regulations ,
Opt-Outs ,
Personal Data ,
Personal Information ,
Popular ,
Privacy Laws ,
State Privacy Laws
In anticipation of July 1, 2024, requirements to allow consumers the ability to use “universal opt out mechanisms” in certain circumstances, Colorado has posted its “universal opt out shortlist.” The list is indeed short....more
The CPPA, the California regulatory body charged with enforcing CCPA, recently released draft regulations for use of automated decisionmaking technology. The draft comes under the law’s requirements for the agency to issue...more
12/21/2023
/ Automated Decision Systems (ADS) ,
California ,
California Privacy Protection Agency (CPPA) ,
New Regulations ,
Personal Information ,
Privacy Laws ,
Proposed Regulation ,
Proposed Rules ,
State Privacy Laws ,
Technology Sector ,
Tracking Systems
The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use...more
Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee,...more
The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in...more
Oregon recently joined Vermont and California as the third state requiring data broker registration before collecting, selling, or licensing “brokered personal data.” Several types of entities are exempt from the law. These...more
8/16/2023
/ Customers ,
Data Brokers ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Selling ,
Exemptions ,
Information Sharing ,
New Legislation ,
Oregon ,
Penalties ,
Personal Data ,
Personal Information ,
Subscribers ,
Third-Party
Oregon’s governor has now signed into law the state’s comprehensive privacy law. Meaning, there are now 12 states with these laws, six of which were passed just this year (others passed in 2023 were Iowa, Indiana, Tennessee,...more
7/24/2023
/ Consumer Privacy Rights ,
Covered Entities ,
Data Protection Acts ,
Enforcement Actions ,
Financial Institutions ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Legislative Agendas ,
New Legislation ,
Oregon ,
Personal Data ,
Personal Information ,
State and Local Government ,
State Privacy Laws
The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.
Let’s recap. Since we last wrote at the beginning of the month about preparing...more
As we wrote in November, Pennsylvania amended its data breach notification laws last year, and those changes go into effect tomorrow (May 2, 2023). Beginning tomorrow, if a breach of username/email accounts and their...more
The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security...more
Firefly Games agreed to take corrective action in response to the Children’s Advertising Review Unit’s allegations that the company had violated COPPA by inaccurately (and confusingly) explaining its privacy practices. The...more
The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular...more
4/15/2022
/ Advertising ,
CARU ,
Children's Online Games ,
COPPA ,
Data Collection ,
Data Privacy ,
Disclosure ,
Mobile Apps ,
Parental Consent ,
Personal Information ,
Privacy Policy
The Chinese agency charged with implementing and enforcing the new Personal Information Protection Law has issued draft measures for cross-border data transfers. Comments are due by November 28. As we detailed previously, the...more
California recently updated both its data security and breach notice laws to include genetic data. With the passage of AB 825, the data security law now includes in the definition of “personal information” genetic data. The...more
10/18/2021
/ Amended Legislation ,
Biometric Information ,
California ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Digital Health ,
Healthcare ,
Personal Information ,
Privacy Laws