Four states have adopted laws regulating data brokers, but only one – California – has established a universal deletion mechanism whereby consumers are able to request that all data brokers registered in the state delete...more
Though Colorado, Texas, and other states have been active in enacting new privacy protections in the past year, California continues to lead the way in U.S. privacy regulation. With key provisions of the Delete Act set to...more
On December 17, the California Privacy Protection Agency (CalPrivacy) issued Enforcement Advisory No. 2025-01, clarifying that under California’s Delete Act, businesses that operated as data brokers in the prior year must...more
Starting August 1, 2026, registered data brokers will need to access California’s new one-stop-shop deletion platform to process deletion requests or risk significant fines. Last month the California Office of...more
In this November edition of Hinshaw’s Privacy, Cyber and AI Decoded, in celebration of the U.S. Thanksgiving holiday, we are recommending that our readers Keep Calm as they are faced with a new surge of legal requirements,...more
On November 7, 2025, the California Privacy Protection Agency (CalPrivacy) voted to advance three legislative proposals that, if enacted, would materially reshape certain compliance obligations under the California Consumer...more
California once again sets the pace in consumer privacy and digital-platform regulation with the enactment of Assembly Bill 656 (“AB 656” or the “Act”), detailing new obligations for large social-media platforms to facilitate...more
On October 21, 2025, the California Privacy Protection Agency (CPPA) launched a webpage previewing the Data Rights Opt-out Portal (DROP), a tool designed to fulfill the California Delete Act’s mandate to create a centralized...more
On August 27, 2025, the Office of the Privacy Commissioner of Canada (OPC) released its report of findings relating to its investigation into whether Google LLC (Google) contravened the Personal Information Protection and...more
On July 28, the CPPA released a stipulated final order to impose a $55,400 administrative fine on a data broker for failing to register with the agency by the January 31, 2024, deadline as required by California’s Delete Act....more
There once was a time when the publication of personal information had a defined readership life span. This life span was short and the public’s interest surrounding the publication of personal information would usually...more
Does your state have its own version of the TCPA? Yes. California has what is known as the California Consumer Privacy Act of 2018, which is located in sections 1798.100 to 1798.199.100 of the California Civil Code. The...more
The European Data Protection Board (EDPB) recently announced the launch of its 2025 Coordinated Enforcement Framework (CEF) action, which will focus on the right to erasure, also known as the “right to be forgotten,” or, in...more
On February 27, the California Privacy Protection Agency (CPPA) announced it reached a settlement with a data broker company that failed to register and pay an annual registration fee as required under the Delete Act. The...more
Businesses that sell data regarding California residents have been put on notice by the California Privacy Protection Agency’s (the CPPA’s) recent aggressive enforcement of the California Delete Act. On October 30, 2024, the...more
The old saying goes, “Don’t mess with Texas.” The same can be said of the Texas Privacy Act. The Texas Department of Information Resources recently issued an implementation status for the act....more
Earlier this month, after the conclusion of the public comment period, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA), which grants rights to Colorado consumers concerning their personal...more
Under many circumstances, state privacy laws require businesses to pass a consumer’s valid deletion request to any entity that processes the data on behalf of the business or otherwise is a recipient of the data. These...more
On October 30, the California Privacy Protection Agency (CPPA) announced an investigative sweep to ensure data brokers comply with the Delete Act. Effective January 1, the Delete Act requires parties to register by January 31...more
A group of 21 Republican AGs filed an amicus brief with the U.S. Court of Appeals for the D.C. Circuit in TikTok Inc. v. Merrick Garland, No.24-1113, in support of the U.S. DOJ and urging the court to deny the petition for...more
Public officials should proceed with caution when using social media. The United States Supreme Court, in a recent unanimous decision, articulated a two-part test to determine when a public official’s social media account...more
The U.S. is taking another swing at a federal data privacy law with the American Privacy Rights Act, or APRA. While there’s no guarantee that the APRA will become the law of the land, it’s still worthwhile to study in order...more
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
Over the weekend, lawmakers unveiled the latest push for a federal privacy law – the American Privacy Rights Act (APRA). The bill was circulated as a discussion draft by Sen. Maria Cantwell (D-WA), Chair of the Senate...more
Last week, a bipartisan coalition in Congress introduced the American Privacy Rights Act (“APRA”), a draft federal privacy bill. The APRA represents the latest effort to create a federal consumer data privacy law after its...more