Kyle R. Fath

Subscribe to all posts by Kyle R. Fath

Virginia Becomes the Second State with a Comprehensive Privacy Law

Governor Ralph Northam has signed the Consumer Data Protection Act (CDPA), making Virginia the second state with a comprehensive privacy law. The CDPA is inspired by both the California Consumer Privacy Act (CCPA) and the EU’s General Data Protection Regulation and takes effect Jan. 1, 2023 (the same date as most of the provisions of … Continue Reading

Virginia Poised to Enact the Consumer Data Protection Act, the Nation’s Second Comprehensive Consumer Privacy Law

Having passed both houses of the Virginia General Assembly, the proposed Consumer Data Protection Act (CDPA) may become the second comprehensive consumer privacy bill to be enacted in the United States. However, to reach the governor’s desk, it would need three more readings in the Senate and two more readings in the House, prior to … Continue Reading

AdTech Under the CCPA and CPRA

Please join us for a follow-up discussion on AdTech Under the CCPA and CPRA, originally presented as part of the PrivacyOC Privacy Week Forums 2021. Speakers Alan Friel and Kyle Fath will discuss four seemingly overlapping consumer rights under the CPRA: 1) Do Not Sell, 2) Do Not Share, 3) Do Not Profile, and 4) … Continue Reading

Virginia Likely to Become Second State with Comprehensive Privacy Legislation

With a special session scheduled to begin Feb. 10, Virginia is poised to become the second state to pass comprehensive consumer privacy legislation. The Consumer Data Protection Act (CDPA) passed the Virginia Senate on Friday, Feb. 5, and has been referred back to the Virginia House to be reconciled. Seeing that the House previously passed … Continue Reading

Privacy and Product Counseling: 2020 in Review

Summary Advising our clients on compliance with laws and regulations is, hands down, the most important aspect of our role as attorneys. In addition to seeking counsel on their obligations under laws and regulations, however – motivated by industry trends, utilization of and dependence on third-party services and platforms, and, this year, the COVID-19 pandemic … Continue Reading

Apple to Require New Privacy Disclosures for Apps as of December 8, 2020

During its annual Worldwide Developers Conference this summer, Apple announced a handful of new consumer-oriented privacy features coming to its software and devices. One feature will require app publishers to disclose information regarding their apps’ data collection and use practices in what some are referring to as a privacy “nutrition label.” Another significant privacy feature … Continue Reading

California Voters Approve Reworking of Landmark Consumer Privacy Law – What CCPA 2.0 Will Mean for Businesses and Consumers

The nation awoke the morning after Election Day 2020 with much still unresolved.  By early morning Pacific Time, however, it was called by various media outlets that California voters approved a ballot measure, Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA). Referred to by some as CCPA 2.0, the CPRA amends … Continue Reading

IAB Launches CCPA Benchmark Survey

The Interactive Advertising Bureau (IAB), a leading advertising industry organization, has launched a CCPA Benchmark Survey to assess how companies across the digital advertising ecosystem are approaching CCPA compliance. The survey provides an opportunity for companies to anonymously report on their handling of various CCPA matters, including to provide statistics relating to the number of … Continue Reading

CCPA Final Regulations, with a Few Unexpected Changes

On Friday, August 14, 2020, California Attorney General Xavier Becerra announced approval by the Office of Administrative Law (OAL) of final regulations (Final Regs) under the California Consumer Privacy Act (CCPA). Proposed final regulations were submitted to the OAL by the Office of the Attorney General (OAG) on June 1, 2020. During OAL’s review process, … Continue Reading

California AG Releases Second Set of Modified CCPA Regulations

On March 11, 2020, the California Attorney General published a third version of the proposed regulations to implement the California Consumer Protection Act available here. A redline showing changes against both the initial draft regulations (published October 11, 2019) and the first modified draft (published February 10, 2020) is available here. Notably, the latest regulations … Continue Reading

Ad Industry Split on Cookies and CCPA

Owners of websites and mobile applications that utilize cookies and other tracking technologies, e.g., pixels, app SDKs (tracking technologies), for interest-based advertising and other activities inherently share data across the digital ecosystem and will have to address these activities as part of their greater California Consumer Privacy Act (CCPA) compliance approach. In particular, the CCPA’s … Continue Reading

California AG Press Release Emphasizes CCPA’s Jan. 1 Effective Date and Data Broker Registry, Provides No Update on Draft Regulations

On Jan. 6, 2020, the California attorney general (AG) released a CCPA advisory press release and reiterated what we already know – that “businesses subject to CCPA [are] required to begin complying with the law on January 1, 2020” and that California residents are afforded new data privacy rights under the CCPA. Unfortunately, the advisory did not provide any details … Continue Reading

BakerHostetler Comments on Draft CCPA Regulations

The California attorney general (the AG) has concluded the first round of public comments on the proposed regulations that would serve to interpret and implement California’s sweeping new privacy law, the California Consumer Privacy Act (the CCPA). After just under two months since the release of the proposed regulations (the Regs) by the AG and … Continue Reading

IAB Releases Draft CCPA Compliance Framework for Digital Advertising Industry

The Interactive Advertising Bureau (IAB) publicly released its draft CCPA Compliance Framework for Publishers and Technology Companies (“Framework”) on Oct. 22, 2019. As we reported here, the Framework is being developed by the IAB and the IAB Tech Lab to address the challenges of the CCPA’s Do Not Sell obligation as it relates to interest-based … Continue Reading

CCPA Amendments Signed into Law by California Governor

On Friday, October 11, 2019, California’s governor signed into law each of the six CCPA amendment bills passed by the legislature, bringing some finality and clarity to the scope of the CCPA (at least with respect to details which will not be affected by the attorney general’s regulations). In addition to signing into law A.B. … Continue Reading

IAB Previews Solution for Interest-Based Advertising and CCPA ‘Do Not Sell’ Right

On September 17, 2019, numerous stakeholders in the digital advertising industry, including publishers, advertisers/brands, AdTech companies, and law firms (including numerous representatives from BakerHostetler) convened at the Interactive Advertising Bureau’s (IAB) headquarters in New York for a preview of its CCPA Industry Compliance Framework. Throughout the course of 2019, IAB has solicited input from a … Continue Reading

EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive

Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian Presidency’s oversight of the Council of the European Union passing to Finland as of July 1, and … Continue Reading

EU Regulators Increase Focus on Cookie Practices

In the absence of cookies-related guidance and enforcement by regulators against ordinary website publishers and operators, many e-commerce sites, online publishers and other website operators have taken a “wait and see” approach with respect to implementing GDPR-compliant cookies consent procedures. Recent cookies-related regulatory guidance, however, from the Dutch data protection authority, Autoriteit Persoonsgegevens (“Dutch DPA”), … Continue Reading

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework.  This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

Online Merchant Cited for Inadequate Interest-Based Advertising Disclosures

Liftopia, an e-commerce platform that enables ski resorts to sell advance-purchase tickets online, was cited in a recent decision by the Better Business Bureau’s Online Interest-Based Advertising Accountability Program (OIBAAP) for failing to provide consumers with sufficient notice and choice relating to the collection of data for targeted ads and the serving of interest-based advertising … Continue Reading
LexBlog