Edward Holman

Subscribe to all posts by Edward Holman

Colorado Attorney General’s Office Releases Modified Draft Rules for Colorado Privacy Act: Key Takeaways

On December 21, 2022, the Colorado Attorney General’s office published an updated version of proposed draft rules (“modified draft rules”) to the Colorado Privacy Act (ColoPA), which revise the initial draft rules issued in October 2022, based on feedback received during the prior comment period.1 Notably, the Colorado Attorney General’s office explained that it modified some of the rules to … Continue Reading

FTC Extends Deadline to Comply with the Updated Safeguards Rule Until June 9, 2023

On November 15, 2022, the Federal Trade Commission (FTC) announced it is extending the deadline for covered financial institutions to comply with the updated Safeguards Rule of the Gramm-Leach-Bliley Act (GLBA) by six months. The FTC originally published updates to the Safeguards Rule in October 2021. Under the updated rule, covered financial institutions had until … Continue Reading

California Privacy Protection Agency Releases Modified Proposed CPRA Regulations: An In-Depth Analysis

Written Comments Due by November 21 On November 3, 2022, the California Privacy Protection Agency (CPPA, or the Agency) issued modified proposed regulations implementing the California Privacy Rights Act (CPRA),[1] which revise the initial proposed regulations released on July 8, 2022. The Agency’s Notice of Modifications to Text of Proposed Regulations triggers a 15-day public … Continue Reading

Colorado Attorney General Issues Draft Rules for the Colorado Privacy Act

On October 10, 2022, the Colorado Secretary of State published draft rules for the Colorado Privacy Act (ColoPA) in the Colorado Register, thus initiating a public comment period that will run through February 1, 2023.1 The draft rules generally cover the topics that the Colorado Attorney General’s Office identified in the April 2022 “Pre-Rulemaking Considerations for … Continue Reading

California Legislature Passes Far-Reaching Online Privacy and Content Regulation Bill for Minors

On August 30, 2022, the California legislature passed the California Age-Appropriate Design Code Act (the Act). Modeled after the UK’s Age-Appropriate Design Code, California’s act drastically changes the landscape of online privacy and content availability for minors in California. The Act goes beyond the current federal protections of the Children’s Online Privacy Protection Act (COPPA) and could impose … Continue Reading

California Attorney General Settles First-Ever CCPA Enforcement Action

On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing … Continue Reading

California Privacy Protection Agency Releases Draft CPRA Regulations – An In-Depth Analysis

On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding … Continue Reading

And Then There Were Five: Connecticut Enacts Comprehensive Privacy Law

Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” (SB 6) (CPOMA).1 Substantively, CPOMA largely tracks the Colorado Privacy Act (ColoPA) and Virginia Consumer Data Protection Act (VCDPA). CPOMA’s substantive provisions … Continue Reading

Utah Poised to Become Fourth State with General Privacy Law

Utah is poised to become the fourth state to enact comprehensive consumer privacy legislation, following California, Virginia, and Colorado. Earlier this month, Utah’s legislature passed the Utah Consumer Privacy Act (S.B. 227) (UCPA) with no opposing votes in both the Utah Senate and House of Representatives. The bill was sent to Utah Governor Spencer Cox on March … Continue Reading

California Privacy Protection Agency Issues Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act

The California Privacy Protection Agency (CPPA), the newly formed state agency responsible for implementing the California Privacy Rights Act (CPRA), recently posted its first invitation for public comment on proposed rulemaking activities under the CPRA. Here is what you need to know:… Continue Reading

California Attorney General Mandates CCPA-Covered Businesses Honor the Global Privacy Control and Announces Update on CCPA Enforcement Activity

Recently, the Office of the Attorney General of California announced three major updates that 1) added to the California Consumer Privacy Act’s (CCPA) opt-out rules related to the sale of personal information, 2) made it easier for consumers to participate in enforcing the CCPA, and 3) unveiled other focus areas of CCPA enforcement activities.… Continue Reading

No Harm, No Foul: Supreme Court Narrows Article III Standing to Require That All Class Members Suffer a Concrete Injury in Fact

Overview On June 25, 2021, the U.S. Supreme Court decided TransUnion v. Ramirez, which held that even when a statute has been violated, and that statute provided a private right of action, plaintiffs still need a concrete injury in fact to have standing to bring a lawsuit in federal court. In this case, the statutory framework … Continue Reading

Colorado Becomes Third State to Pass New General Privacy Law

Colorado may soon enter the national stage for its new privacy legislation. On June 8, 2021, Colorado’s legislature passed the Colorado Privacy Act (SB21-190) (ColoPA). The bill was recently sent to the Colorado governor’s desk, where he will have until July 8 to sign or veto the bill, otherwise it will become law without his signature. If … Continue Reading

Virginia Legislature Sends Novel Privacy Law to Governor’s Desk

Virginia is poised to become the second U.S. state to enact broad consumer privacy legislation. While the legislation draws some parallels with the California Consumer Privacy Act (CCPA) and upcoming California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) introduces new requirements that go beyond these laws, such as opt-ins to collect … Continue Reading

Apple Requires Apps to Include New Privacy “Nutrition Label” by December 8, Delays Opt-In for Tracking Requirement Until Early 2021

Apple recently announced that app developers must check a series of yes/no boxes that will generate a “nutrition label”-style summary of the app’s privacy practices. This new summary, formally called “App Privacy,” will be shown to users within the App Store before they install an app. This is the latest move in Apple’s ongoing effort to make … Continue Reading

CCPA Update: California Attorney General Submits Final Proposed Regulations to OAL

On June 2, 2020, the California Attorney General announced that it had submitted the final proposed regulations package for the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The OAL now has 30 working days, plus an additional 60 calendar days under COVID-19-related Executive Order N-40-20, to review the package for compliance with … Continue Reading

Third Time’s the Charm? Newest Round of Modifications to Proposed CCPA Regulations Issued by the California Attorney General

On March 11, 2020, the California Attorney General issued further revisions to the proposed regulations implementing the California Consumer Privacy Act (CCPA). For context, in passing the CCPA, the legislature directed the California Attorney General to solicit broad public participation and adopt regulations to further the purposes of the CCPA. On October 11, 2019, the California Attorney … Continue Reading

CCPA Update: California Attorney General Issues Modifications to Proposed CCPA Regulations

Updates to Compliance Likely Required On February 10, 2020, the California Attorney General issued the proposed text of modified regulations implementing the California Consumer Privacy Act (CCPA). This draft is a correction of a version that the California Attorney General issued on February 7, 2020. While the California Attorney General previously indicated that major changes to the … Continue Reading

Data Brokers Must Register with California Attorney General by January 31

Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay … Continue Reading

Proposed CCPA Regulations: Clarity or Confusion?

On October 10, 2019, the California Attorney General’s office issued the proposed text of its California Consumer Privacy Act (CCPA) regulations (the Regulations). The Regulations propose detailed rules regarding required notices for consumers, business practices for handling consumer requests, verification of requests, special rules regarding minors, and non-discrimination. Accompanying the Regulations are the Attorney General’s … Continue Reading

FTC Data Security Settlement with Auto Dealer Software Provider Goes Further than Ever Before

Provides Detailed Specifications Both for Information Security Program and Third-Party Assessments On June 12, 2019, the Federal Trade Commission (FTC) announced it had reached a proposed settlement with LightYear Dealer Technologies, LLC (doing business as “DealerBuilt”) over allegations that the automobile software provider’s inadequate data security practices had resulted in a data breach in 2016.1 … Continue Reading

Nevada Follows California in Enacting New Privacy Law Giving Consumers the Right to Opt Out of Certain Data Sales

On May 29, 2019, in the midst of the legislative amendment process taking place in Sacramento for the California Consumer Privacy Act (CCPA), Nevada has passed its own CCPA-like privacy law, SB 220, taking effect on October 1, 2019, just three months before the CCPA becomes operative. The law’s main focus is to give consumers … Continue Reading

U.S. Supreme Court Requires Warrant for Law Enforcement Requests for Location Information from Third Parties

The U.S. Supreme Court has handed down a major decision, Carpenter v. United States,1 concerning the Fourth Amendment’s application to the rapidly evolving technological landscape. The 5-4 decision dramatically alters the status quo concerning government requests for data about individuals that is collected and held by third parties. Under Carpenter, personal location information maintained by … Continue Reading

California Enacts Sweeping Privacy Law to Avert Potential Ballot Measure

In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into law by Governor Jerry Brown. As strict as the act is, it was enacted to avoid … Continue Reading
LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree