Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation and takes effect Jan. 1, 2023 (the same date as most of the provisions of … Continue Reading
By Alan L. Friel, Kyle Dull, Kyle R. Fath and Patrick Waldrop on Posted in CDPA
Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s desk, it would need three more readings in the Senate and two more readings in the House, prior to … Continue Reading
By Alan L. Friel and Kyle R. Fath on Posted in CCPA,CPRA
Please join us for a follow-up discussion on AdTech Under the CCPA and CPRA, originally presented as part of the PrivacyOC Privacy Week Forums 2021. Speakers Alan Friel and Kyle Fath will discuss four seemingly overlapping consumer rights under the CPRA: 1) Do Not Sell, 2) Do Not Share, 3) Do Not Profile, and 4) … Continue Reading
With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading
The 2021-22 New York State legislative session started off with a bang, featuring nearly a dozen consumer privacy bills introduced in the House and Senate on the opening day. A number of the proposals, including the New York Privacy Act and the Right to Know Act, are carbon copies of bills that were introduced in … Continue Reading
Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading
During its annual Worldwide Developers Conference this summer, Apple announced a handful of new consumer-oriented privacy features coming to its software and devices. One feature will require app publishers to disclose information regarding their apps’ data collection and use practices in what some are referring to as a privacy “nutrition label.” Another significant privacy feature … Continue Reading
By Alan L. Friel and Kyle R. Fath on Posted in CCPA
The nation awoke the morning after Election Day 2020 with much still unresolved. By early morning Pacific Time, however, it was called by various media outlets that California voters approved a ballot measure, Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA). Referred to by some as CCPA 2.0, the CPRA amends … Continue Reading
The Interactive Advertising Bureau (IAB), a leading advertising industry organization, has launched a CCPA Benchmark Survey to assess how companies across the digital advertising ecosystem are approaching CCPA compliance. The survey provides an opportunity for companies to anonymously report on their handling of various CCPA matters, including to provide statistics relating to the number of … Continue Reading
On Friday, August 14, 2020, California Attorney General Xavier Becerra announced approval by the Office of Administrative Law (OAL) of final regulations (Final Regs) under the California Consumer Privacy Act (CCPA). Proposed final regulations were submitted to the OAL by the Office of the Attorney General (OAG) on June 1, 2020. During OAL’s review process, … Continue Reading
This blog post has been updated to account for additional information related to the California Privacy Rights Act (CPRA) ballot initiative released following original publication of this post. On Friday, June 19, 2020, the Superior Court of California issued a ruling that paved the way for Californians to see the CPRA on the ballot in … Continue Reading
The California Consumer Privacy Act (CCPA) requires the California Attorney General (AG) to issue regulations to “further the purposes of the title” by July 1, 2020. As that date quickly approaches, various rumors have been circulating about the status of the final regulations and whether they will actually be issued by July 1, or at … Continue Reading
On March 11, 2020, the California Attorney General published a third version of the proposed regulations to implement the California Consumer Protection Act available here. A redline showing changes against both the initial draft regulations (published October 11, 2019) and the first modified draft (published February 10, 2020) is available here. Notably, the latest regulations … Continue Reading
Owners of websites and mobile applications that utilize cookies and other tracking technologies, e.g., pixels, app SDKs (tracking technologies), for interest-based advertising and other activities inherently share data across the digital ecosystem and will have to address these activities as part of their greater California Consumer Privacy Act (CCPA) compliance approach. In particular, the CCPA’s … Continue Reading
On Jan. 6, 2020, the California attorney general (AG) released a CCPA advisory press release and reiterated what we already know – that “businesses subject to CCPA [are] required to begin complying with the law on January 1, 2020” and that California residents are afforded new data privacy rights under the CCPA. Unfortunately, the advisory did not provide any details … Continue Reading
The California attorney general (the AG) has concluded the first round of public comments on the proposed regulations that would serve to interpret and implement California’s sweeping new privacy law, the California Consumer Privacy Act (the CCPA). After just under two months since the release of the proposed regulations (the Regs) by the AG and … Continue Reading
The Interactive Advertising Bureau (IAB) publicly released its draft CCPA Compliance Framework for Publishers and Technology Companies (“Framework”) on Oct. 22, 2019. As we reported here, the Framework is being developed by the IAB and the IAB Tech Lab to address the challenges of the CCPA’s Do Not Sell obligation as it relates to interest-based … Continue Reading
On Friday, October 11, 2019, California’s governor signed into law each of the six CCPA amendment bills passed by the legislature, bringing some finality and clarity to the scope of the CCPA (at least with respect to details which will not be affected by the attorney general’s regulations). In addition to signing into law A.B. … Continue Reading
On September 17, 2019, numerous stakeholders in the digital advertising industry, including publishers, advertisers/brands, AdTech companies, and law firms (including numerous representatives from BakerHostetler) convened at the Interactive Advertising Bureau’s (IAB) headquarters in New York for a preview of its CCPA Industry Compliance Framework. Throughout the course of 2019, IAB has solicited input from a … Continue Reading
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and … Continue Reading
In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), … Continue Reading
With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading
The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework. This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading
Liftopia, an e-commerce platform that enables ski resorts to sell advance-purchase tickets online, was cited in a recent decision by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for failing to provide consumers with sufficient notice and choice relating to the collection of data for targeted ads and the serving of interest-based advertising … Continue Reading