Tracy Shapiro

Subscribe to all posts by Tracy Shapiro

California Legislature Passes Far-Reaching Online Privacy and Content Regulation Bill for Minors

On August 30, 2022, the California legislature passed the California Age-Appropriate Design Code Act (the Act). Modeled after the UK’s Age-Appropriate Design Code, California’s act drastically changes the landscape of online privacy and content availability for minors in California. The Act goes beyond the current federal protections of the Children’s Online Privacy Protection Act (COPPA) and could impose … Continue Reading

California Attorney General Settles First-Ever CCPA Enforcement Action

On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing … Continue Reading

Privacy Post-Dobbs: Recent Guidance from U.S. Regulators

On June 24, 2022, the United States Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization,1 opening a legal path to state laws restricting or prohibiting access to certain reproductive health services. To enforce these laws, law enforcement officials may attempt to access individuals’ health information, including from technology platforms that process health information … Continue Reading

California Privacy Protection Agency Releases Draft CPRA Regulations – An In-Depth Analysis

On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding … Continue Reading

Privacy and Security of Health Information: A Primer for Digital Health Companies

COVID-19 has rapidly accelerated our expectations that virtual connection can deliver better and more economical care. As a result, digital health companies have an unprecedented opportunity to innovate, but with that opportunity also comes significant regulatory challenges related to the collection and processing of personal health information. What legal requirements apply to processing of health … Continue Reading

And Then There Were Five: Connecticut Enacts Comprehensive Privacy Law

Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” (SB 6) (CPOMA).1 Substantively, CPOMA largely tracks the Colorado Privacy Act (ColoPA) and Virginia Consumer Data Protection Act (VCDPA). CPOMA’s substantive provisions … Continue Reading

Colorado Attorney General Issues Pre-Rulemaking Considerations for the Colorado Privacy Act

On April 12, 2022, the Colorado Attorney General’s Office released “Pre-Rulemaking Considerations for the Colorado Privacy Act,” which provides a series of topics and questions for which the office seeks informal public feedback.1 Here is what you need to know: The Colorado Attorney General’s Office is currently seeking informal input to guide its future rulemaking efforts. While, at … Continue Reading

FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, … Continue Reading

Utah Poised to Become Fourth State with General Privacy Law

Utah is poised to become the fourth state to enact comprehensive consumer privacy legislation, following California, Virginia, and Colorado. Earlier this month, Utah’s legislature passed the Utah Consumer Privacy Act (S.B. 227) (UCPA) with no opposing votes in both the Utah Senate and House of Representatives. The bill was sent to Utah Governor Spencer Cox on March … Continue Reading

Colorado Attorney General Announces Privacy Rulemaking

The Colorado Attorney General’s office is poised to begin the rulemaking process for the Colorado Privacy Act (ColoPA).1 On January 28, 2022, Colorado Attorney General Phil Weiser issued prepared remarks outlining key rulemaking topics and announcing plans to seek input from Colorado consumers, businesses, and other stakeholders over the coming months. Although the ColoPA does not come into … Continue Reading

California Privacy Protection Agency Issues Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act

The California Privacy Protection Agency (CPPA), the newly formed state agency responsible for implementing the California Privacy Rights Act (CPRA), recently posted its first invitation for public comment on proposed rulemaking activities under the CPRA. Here is what you need to know:… Continue Reading

California Attorney General Mandates CCPA-Covered Businesses Honor the Global Privacy Control and Announces Update on CCPA Enforcement Activity

Recently, the Office of the Attorney General of California announced three major updates that 1) added to the California Consumer Privacy Act’s (CCPA) opt-out rules related to the sale of personal information, 2) made it easier for consumers to participate in enforcing the CCPA, and 3) unveiled other focus areas of CCPA enforcement activities.… Continue Reading

Virginia Legislature Sends Novel Privacy Law to Governor’s Desk

Virginia is poised to become the second U.S. state to enact broad consumer privacy legislation. While the legislation draws some parallels with the California Consumer Privacy Act (CCPA) and upcoming California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA) introduces new requirements that go beyond these laws, such as opt-ins to collect … Continue Reading

Apple Requires Apps to Include New Privacy “Nutrition Label” by December 8, Delays Opt-In for Tracking Requirement Until Early 2021

Apple recently announced that app developers must check a series of yes/no boxes that will generate a “nutrition label”-style summary of the app’s privacy practices. This new summary, formally called “App Privacy,” will be shown to users within the App Store before they install an app. This is the latest move in Apple’s ongoing effort to make … Continue Reading

FTC Announces Unusually Stringent Consent Order in Privacy Shield Case Settlement

On June 30, 2020 the Federal Trade Commission (FTC) announced that it reached a settlement in its litigation against NTT Global Data Centers (formerly RagingWire Data Centers) over allegations that the company misled customers about its adherence to the EU-U.S. Privacy Shield framework.1 As part of the settlement, the cloud service provider is required to hire … Continue Reading

CCPA Update: California Attorney General Submits Final Proposed Regulations to OAL

On June 2, 2020, the California Attorney General announced that it had submitted the final proposed regulations package for the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The OAL now has 30 working days, plus an additional 60 calendar days under COVID-19-related Executive Order N-40-20, to review the package for compliance with … Continue Reading

California Consumer Privacy Act: Industry, Advocate, and Enforcement Concerns and Legislative Amendments

On September 23, 2018, Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the California Consumer Privacy Act (CCPA or the Act). The controversial privacy law, which is set to take effect in 2020, recently sparked a war of words among industry, privacy advocates, and the California Attorney General, each … Continue Reading

Feeling BLU: What You Need to Know About Overseeing Your Service Providers

On April 30,2018, the Federal Trade Commission (FTC) announced a settlement with mobile phone manufacturer BLU Products and its owner over allegations that the company failed to implement appropriate procedures to oversee their service providers’ security practices, which allowed the service provider to install software containing commonly known security vulnerabilities on consumers’ mobile devices and … Continue Reading

California Enacts Sweeping Privacy Law to Avert Potential Ballot Measure

In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into law by Governor Jerry Brown. As strict as the act is, it was enacted to avoid … Continue Reading

FTC Grants Sears’ Petition to Reopen and Modify 2009 Order Concerning Online Browsing Tracking

The Federal Trade Commission (FTC) recently granted a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app. Sears’ 2009 Order On August 31, 2009, the FTC entered … Continue Reading

FTC Carves New Path for Collecting Voice Recordings from Children Without Parental Consent

The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children … Continue Reading

Hello, Dolly: What You Need to Know About Connected Smart Toys and Privacy

As connected devices become ubiquitous, it comes as no surprise that interactive toys that connect to the internet are more popular than ever. At the same time, regulators have taken note of the privacy and security concerns raised by lawmakers and privacy advocates about the proliferation of smart toys that collect personal information from kids. … Continue Reading

FCC Orders Far-Reaching New Privacy and Data Security Rules

As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new rules, which impose strict new requirements for ISPs’ collection, use, sharing, and protection of their customers’ information, including information ISPs … Continue Reading

FTC Approves Facial Recognition as Method of Obtaining Parental Consent to Collect Children’s Information

The Federal Trade Commission (FTC) recently approved a new method for website operators and mobile application developers (“operators”) to obtain parental consent to collect personal information from children.1 Under this new method, which is the first to use biometric identifiers to verify that a parent is providing consent for a child, the FTC will permit … Continue Reading
LexBlog

We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.

I agree