Privacy

Subscribe to Privacy via RSS

On September 15, 2022, the Federal Trade Commission (FTC) held an open Commission meeting that covered three agenda items: 1) a rulemaking on impersonation scams, 2) a policy statement on enforcement related to gig work, and 3) a staff report on dark patterns. While items (1) and (3) moved forward with a bipartisan 5-0 vote, the policy statement on the gig economy was adopted with a 3-2 vote along party lines. This alert provides some insight into the implications for future FTC activity in these areas.
Continue Reading Gig Economy, Dark Patterns, and Impersonation Scams: FTC Signals Priorities in Open Commission Meeting

On August 30, 2022, the California legislature passed the California Age-Appropriate Design Code Act (the Act). Modeled after the UK’s Age-Appropriate Design Code, California’s act drastically changes the landscape of online privacy and content availability for minors in California. The Act goes beyond the current federal protections of the Children’s Online Privacy Protection Act (COPPA) and could impose onerous new requirements on companies that were and were not previously covered by COPPA. These requirements include, among other things, estimating the ages of minors using the company’s online services; conducting detailed Data Protection Impact Assessments (DPIAs) for new and existing products; significantly restricting the collection, use, and sharing of minors’ personal information; and configuring default privacy settings to a “high level of privacy.” If the bill is signed into law by Governor Newsom, the Act would come into effect July 1, 2024.
Continue Reading California Legislature Passes Far-Reaching Online Privacy and Content Regulation Bill for Minors

On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing to disclose that it was selling the personal information of California consumers through the use of third-party website advertising and analytics tools, failing to provide a “Do Not Sell My Personal Information” link for consumers to opt out of those sales, and failing to honor Global Privacy Control (GPC) signals as a means of opting out. As part of the relief, Sephora was ordered to pay a $1.2 million penalty and, among other things, implement a monitoring and reporting program to demonstrate its ongoing compliance with the CCPA.
Continue Reading California Attorney General Settles First-Ever CCPA Enforcement Action

On August 11, 2022, the Federal Trade Commission (FTC) took the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy. The agency unveiled an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions, ranging from topics such as targeted advertising, security of personal information, algorithmic discrimination, and protection of children and teens. Comments are due within 60 days of publication of the ANPRM in the Federal Register. The ANPRM was issued with a 3-2 vote along party lines. This alert attempts to answer some key questions about the announcement.
Continue Reading The FTC Privacy Rulemaking: What’s Next?

On June 24, 2022, the United States Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization,1 opening a legal path to state laws restricting or prohibiting access to certain reproductive health services. To enforce these laws, law enforcement officials may attempt to access individuals’ health information, including from technology platforms that process health information on behalf of individuals or other businesses.
Continue Reading Privacy Post-Dobbs: Recent Guidance from U.S. Regulators