Privacy Litigation Trends: Meta Pixels, Cookie Opt-Out, and Sale of Data
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Der gläserne Leser - Wie Tracking-Dienste Leser von E-Books analysieren
E8: Interview with Cookiebot CEO on Technical Solutions to GDPR Readiness
In an earlier piece, we discussed the increase in recently-filed California Invasion of Privacy Act (“CIPA”) TikTok trap and trace device lawsuits. Generally, TikTok trap and trace actions allege that the use of TikTok...more
Wild, wild, west? Web tracking may be the new frontier in class action litigation. With thousands of lawsuits filed in California and increasingly in other states against organizations, including many who may not realize the...more
In a prior alert, we predicted an uptick in class action complaints brought under the California Invasion of Privacy Act (CIPA) alleging that modern website analytical tools such as pixels, cookies and session replay software...more
Enacted in 1988, the Video Privacy Protection Act (VPPA) was intended to regulate the then-booming videotape industry by limiting how video rental and sales data is disclosed. The law was enacted in direct response to the...more
Two recent decisions from the Northern District of California—Shah v. Capital One Financial Corp., No. 24-cv-05985-TLT, 2025 WL 714252 (N.D. Cal. Mar. 3, 2025), and M.G. v. Therapymatch, Inc., No. 23-cv-04422-AMO, 2024 WL...more
On March 3, 2025, the U.S. District Court for the Northern District of California issued a significant ruling that has the potential to broaden the risk of liability under the California Consumer Privacy Act (CCPA). ...more
Yahoo’s ConnectID is a cookieless identity solution that allows advertisers and publishers to personalize, measure, and perform ad campaigns by leveraging first-party data and 1-to-1 consumer relationships. ConnectID uses...more
Keypoint: In this post: (1) How a privacy policy can defeat a plaintiff’s “delayed discovery” argument; (2) Two CA state courts reject plaintiffs’ allegations concerning personal jurisdiction; (3) Three courts dismiss PR/TT...more
A California federal district court recently granted class certification in a lawsuit against a financial services company. The case involves allegations that the company’s website used third-party technology to track users’...more
In what appears to be a first-of-its-kind decision, a California federal court just granted class certification in a wiretapping claim brought against a website operator that used third-party technology to track users’...more
In 2018, there were two comprehensive state data privacy bills introduced across the United States and a whopping zero were in effect. Fast forward six years and there have been 41 new data privacy bills considered this year...more
As Halloween night approaches, the neighborhood air buzzes with thrill and excitement. Ghouls and monsters flood the streets, crunching over leaves while pillowcases fill up with sweets. ...more
On March 18, 2024, the Office for Civil Rights ("OCR") at the U.S. Department of Health and Human Services ("HHS") published updated guidance on the use of online tracking technologies by HIPAA covered entities and business...more
Advertising and privacy. In 2024, it’s hard to talk about one without the other. Almost like peanut butter and jelly. A recent case from the Federal Trade Commission is an important reminder about the privacy and...more
The proliferation of class action lawsuit and arbitration claim filings under the Federal Wiretap Act and various state wiretap statutes has recently grown beyond California, as other states are now beginning to see more...more
Plaintiffs look to the past to take action against modern web tracking - As states rapidly enact new consumer privacy legislation, businesses have been working tirelessly to comply with extensive new data protection...more
Efforts to Address the Lack of Federal Data Privacy Legislation in the U.S. Have Continued - The need for federal data privacy legislation was reiterated in the House Energy and Commerce Committee’s Subcommittee on...more
Washington State (“Washington”) is preparing to break new ground in the privacy law space, as its legislature finalizes the “My Health My Data Act“ which will further regulate how health data of Washington residents should be...more
A patient surfs a hospital system’s website and reads an article about depression and anxiety. The patient then searches the hospital’s website for mental health providers in the area. A few hours later, the patient logs into...more
In a very comprehensive post from the Federal Trade Commission’s Office of Technology, the FTC takes what it calls “[a] deep dive into the technical side of FTC’s recent cases on digital health platforms, GoodRx &...more
California continues to serve as the primary driver of privacy law in the United States, but other state laws now warrant compliance. The California Privacy Rights Act (CPRA), effective January 1, 2023, amends and extends the...more
Last week, two bills were proposed in Congress aimed at improving consumer privacy protection. These proposals focus on specific areas of privacy law – health data that falls outside of HIPAA and do-not-track signals....more
A cynical online commenter once wrote this about the data collection practices of the online news site Digg: “If you are not paying for it, you’re not the customer; you’re the product being sold.” This is true of almost...more