Jeewon Serrato

Subscribe to all posts by Jeewon Serrato

California’s Landmark Age-Appropriate Design Code Act: What You Need to Know

On Aug. 29, California’s Senate unanimously passed Assembly Bill 2273, known as the Age-Appropriate Design Code Act (the CA AADC or the Bill). The Bill, which is anticipated to be signed into law by Gov. Gavin Newsom, is aimed at promoting online safety and privacy for children under 18. The Bill was inspired by the … Continue Reading

CCPA Employee and B2B Exemptions Set to Expire on Jan. 1, 2023

The California Consumer Privacy Act (CCPA) exemptions for employee and business-to-business Personal Information (PI) likely will not be extended. Aug. 31, 2022 was the last day for each house to pass bills, per the California Constitution (Art. IV, Sec 10(c) and the Joint Rules (J.R. 61(b)(18))), and no legislative proposals or amended bills made it … Continue Reading

CPPA Publishes Notice of Proposed Rulemaking

On July 8, the California Privacy Protection Agency Board (CPPA, Agency or Board) announced the Notice of Proposed Rulemaking (NPRM), which begins the 45-day comment period for the draft regulations. As we previously reported, the California Privacy Rights Act (CPRA) draft regulations were released on May 27, and we had a heads-up about this rulemaking … Continue Reading

CPPA Begins CPRA Rulemaking

On May 26, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to provide updates on the Agency’s rulemaking process. The next day, the CPPA released draft regulations for the California Privacy Rights Act (CPRA). This post includes initial impressions of the proposed regulations and how they square with … Continue Reading

CPRA Rulemaking Explained and CPRA Amendments Push Forward, Including Employee and Business-to-Business Exemptions

On Feb. 18, Chairperson Jennifer Urban of the California Privacy Protection Agency (CPPA) addressed the California state bar and clarified the announcements that were made during the CPPA board meeting on Feb. 17. Read on for an explanation of the California Privacy Rights Act (CPRA) rulemaking process and brief summaries of the privacy bills in … Continue Reading

CPRA Regulations Postponed

On Feb. 17, 2022, the California Privacy Protection Agency (CPPA or the Agency) held a public board meeting to address several topics, including the rulemaking under the California Privacy Rights Act (CPRA). Although the CPRA includes a July 1 deadline for the Agency to promulgate final regulations, it is clear the CPPA will not meet … Continue Reading

California AG Focuses CCPA Enforcement on Loyalty Programs

On Jan. 28, 2022, the California Attorney General Rob Bonta (AG) published a statement putting businesses that operate loyalty programs on notice that the California Consumer Privacy Act (CCPA) requirements for a Notice of Financial Incentive (NOFI) is likely going to be an area of focus for enforcement. This is the first time the AG … Continue Reading

US Facial Recognition Firm Ordered to Stop Processing UK and Australian Data and Pay Fine Over Privacy Law Violations

ICO and OAIC Find ‘Serious Breaches’ of Privacy Law On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company … Continue Reading

Federal Banking Regulators Issue 36-Hour Computer-Security Incident Notification Requirement

As the federal government continues its whole-of-government response to cyber incidents, federal banking regulators took action to impose a new notice requirement on federally regulated banks. In November, the Federal Deposit Insurance Corporation (FDIC), the Office of the Comptroller of the Currency (OCC) and the Federal Reserve Board of Governors (“Board”) jointly issued a final … Continue Reading

California Privacy Protection Agency Board Chair Discusses CPRA Rulemaking Process and Agency Authority

Justin T. Yedor and Jeewon Serrato On October 5, 2021, Jennifer Urban, who serves as Chair of the Board the California Privacy Protection Agency (the CPPA) spoke with members of the California Lawyer’s Association about the Board’s work to get the new Agency off the ground, the challenges it faces in doing so and the … Continue Reading

8 Key Takeaways for Initial Defenses Under the CCPA and CPRA

Authors: Marshall Mattera, Jeewon Serrato, Casie Collignon and Stanton Burke Since the Jan. 1, 2020 kickoff for private enforcement under the California Consumer Privacy Act (CCPA), plaintiffs have filed scores of class actions invoking the CCPA. Such claims, when properly made, present substantial risk to companies including statutory damages up to $750 per consumer. Early … Continue Reading

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”).  In the … Continue Reading

Welcome to the Digital Transformation and Data Economy Newsletter – March 2021 Issue

Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform their businesses altogether. These businesses’ digital strategies and data assets play important roles in their success. Since the advent of the COVID-19 pandemic in the United States in March 2020, companies that had the technology to enable … Continue Reading

New Taxes on the Digital Economy: A Closer Look at the New York Data Tax Proposal

Over the last year, state and local governments have proposed a variety of novel taxes on the digital economy, including taxes on digital advertising and social media platforms. Two factors have motivated these proposals: (1) closing budget gaps by taxing out-of-state companies and (2) addressing perceived public policy concerns with out-of-state companies profiting on information … Continue Reading

Welcome to the Digital Transformation and Data Economy Newsletter – February 2021 Issue

Across the economy, businesses are using digital technology to pivot into innovative service lines, accelerate growth and transform. A business’s digital strategies and data assets play an important role in its success. Digital transformation means, among other things, deploying the latest technologies – including artificial intelligence (AI) and automated decision-making. However, advances in AI raise … Continue Reading

Happy First Birthday to the NIST Privacy Framework!

BakerHostetler partner Jeewon Serrato has contributed a NIST Privacy Framework’s CCPA Crosswalk and is featured in an animated video by the NIST which shows how the NIST Privacy Framework can be used by organizations to build trust with their customers, communicate better about privacy, and help meet their compliance obligations. Jeewon is also featured in NIST’s … Continue Reading

California OAG Proposes New CCPA Regs Two Weeks Before Voters Decide on the Fate of CCPA 2.0

On Monday, Oct. 12, the California Office of the Attorney General (the Attorney General or OAG) released a third set of proposed modifications to the California Consumer Privacy Act (CCPA) regulations (the Regulations). The full text can be found on the Attorney General’s website here. The proposed modifications to the Regulations are limited to four … Continue Reading

Jeewon Kim Serrato Co-Authors Article about Pricing, Value of Consumer Data and CCPA’s Non-Discrimination Requirement

Partner Jeewon Kim Serrato co-authored an article published in the California Lawyer Association’s Fall 2020 issue of the “Competition Journal” of the Antitrust, UCL and Privacy Section.  The article, “Privacy, Pricing, and the Value of Consumer Data: Complex Nature of the CCPA’s Non-Discrimination Requirement,” discusses the intersection of privacy and competition law and provides an in-depth … Continue Reading

Return to Work: What Employers Should Know About AB 1281, CCPA Notice Requirements and Recent Labor Law Guidance

While most privacy news and alerts have been focused on the collection and processing of customer data (see our earlier posts about interest-based advertising and the House Judiciary Committee’s Antitrust Hearing with Big Tech, for example), privacy issues related to data collected from employees and business-to-business (B2B) contacts increasingly are becoming a concern for businesses. … Continue Reading

CCPA Final Regulations, with a Few Unexpected Changes

On Friday, August 14, 2020, California Attorney General Xavier Becerra announced approval by the Office of Administrative Law (OAL) of final regulations (Final Regs) under the California Consumer Privacy Act (CCPA). Proposed final regulations were submitted to the OAL by the Office of the Attorney General (OAG) on June 1, 2020. During OAL’s review process, … Continue Reading

5 Key Things to Know about the Landmark Schrems II Decision

Quick Links CJEU Press Release CJEU Decision Press Releases from the Parties Irish Data Protection Commission Max Schrems U.S. Department of Commerce Electronic Privacy Information Center (EPIC) BSA The Software Alliance DIGITALEUROPE 1. Is the EU-U.S. Privacy Shield framework dead? Yes, the Privacy Shield framework has been invalidated. The Court of Justice of the European … Continue Reading

California AG Begins CCPA Enforcement

Last week, the International Association of Privacy Professionals hosted a keynote session with Stacey Schesser, supervising deputy attorney general (AG) of the California Department of Justice, to discuss the July 1 start of the AG’s enforcement authority under the California Consumer Privacy Act (CCPA). The deputy AG discussed the current scope of the AG’s enforcement authority and confirmed that on July 1, … Continue Reading

Ann O’Brien, Jeewon Serrato, Alyse Stach Author Article Examining Privacy and Antitrust Issues

Partners Ann O’Brien and Jeewon Serrato and Associate Alyse Stach authored an article published by the International Association of Privacy Professionals (IAPP) on June 23, 2020. The article, “The Thin Line Between Privacy and Antitrust,” discusses how the lines between antitrust and privacy objectives and enforcement are becoming increasingly blurred. The authors describe real-world scenarios … Continue Reading
LexBlog