Erin Delaney

Subscribe to Erin Delaney's Posts

On August 16, 2024, the U.S. Court of Appeals for the Ninth Circuit issued an opinion partially upholding—and partially vacating—the District Court for the Northern District of California’s preliminary injunction preventing the California Age-Appropriate Design Code Act (CAADCA or the Act) from going into effect. Specifically, the Ninth Circuit upheld the district court’s injunction related to Data Protection Impact Assessment (DPIA) provisions while the district court further considers whether the remaining portions of the law are likely to be severable or unconstitutional on their own. Although the Ninth Circuit’s decision has not yet gone into effect, businesses subject to the CCPA may soon find themselves on the hook for complying with many provisions in the CAADCA.Continue Reading Ninth Circuit Ruling Paves the Way for California Age-Appropriate Design Code to Partially Come into Effect

On July 16, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss advancing its over 200-page draft rulemaking package to formal proceedings.[1] The proposed regulations include 37 pages of significant new obligations spanning cybersecurity audits, automated decision-making technology (e.g., artificial intelligence, (AI)), privacy risk assessments, and 72 pages of other updates to existing regulations. Together, these regulations would create new compliance obligations for tens of thousands of California businesses and are preliminarily estimated to generate a staggering $4.2 billion in compliance costs for those businesses in their first year alone. Critically, these estimates do not include the many businesses that are based outside of California, yet subject to the California Consumer Privacy Act (CCPA) because they do business in California, meaning the real economic burden is likely to be far more significant.Continue Reading Substantial New CCPA Regulations Inch Closer to Reality: A Detailed Overview of the New Requirements and Their Projected $4 Billion Cost to California Businesses

On April 19, 2022, the BBB National Programs’ Center (BBB NP) for Industry Self-Regulation launched the TeenAge Privacy Program (TAPP) Roadmap, a new operational framework to help companies develop digital products and services attuned to privacy risks facing teenage consumers. In the United States, children 12 and under are protected by the Children’s Online Privacy Protection Act (COPPA). Once these children become teenagers, they age out of COPPA’s protections and, with limited exceptions, are treated as adults online. Yet a growing body of research indicates that these teenage consumers are uniquely affected by privacy risks resulting in harms ranging from cyberbullying, to platform addiction, to amplified insecurities.1 Regulators are increasingly interested in investigating these harms. For instance, in a widely publicized incident, a coalition of state Attorneys General recently opened an investigation into Instagram following news reports of a whistleblower’s allegations that Facebook’s privacy practices harmed teenage users. Despite increased public and regulatory scrutiny, no federal law has been enacted to provide companies with guidance on these issues. While it is not legally binding, the TAPP Roadmap aims to help fill this guidance gap by providing organizations with concrete operational considerations and best practices to address teen privacy risks.
Continue Reading BBB National Programs’ Center for Industry Self-Regulation Launches Roadmap for Teen Privacy