Privacy

California Legislature Passes Far-Reaching Online Privacy and Content Regulation Bill for Minors

By Tracy Shapiro, Edward Holman & Roger Li on September 1, 2022

On August 30, 2022, the California legislature passed the California Age-Appropriate Design Code Act (the Act). Modeled after the UK’s Age-Appropriate Design Code, California’s act drastically changes the landscape of online privacy and content availability for minors in California. The Act goes beyond the current federal protections of the Children’s Online Privacy Protection Act (COPPA) and could impose onerous new requirements on companies that were and were not previously covered by COPPA. These requirements include, among other things, estimating the ages of minors using the company’s online services; conducting detailed Data Protection Impact Assessments (DPIAs) for new and existing products; significantly restricting the collection, use, and sharing of minors’ personal information; and configuring default privacy settings to a “high level of privacy.” If the bill is signed into law by Governor Newsom, the Act would come into effect July 1, 2024.
Continue Reading California Legislature Passes Far-Reaching Online Privacy and Content Regulation Bill for Minors

California Attorney General Settles First-Ever CCPA Enforcement Action

By Edward Holman, Tracy Shapiro & Roger Li on August 29, 2022

Posted in Privacy, Regulatory

On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing to disclose that it was selling the personal information of California consumers through the use of third-party website advertising and analytics tools, failing to provide a “Do Not Sell My Personal Information” link for consumers to opt out of those sales, and failing to honor Global Privacy Control (GPC) signals as a means of opting out. As part of the relief, Sephora was ordered to pay a $1.2 million penalty and, among other things, implement a monitoring and reporting program to demonstrate its ongoing compliance with the CCPA.
Continue Reading California Attorney General Settles First-Ever CCPA Enforcement Action

CFPB: New Sheriff in Town for Tech Companies?

By Maneesha Mithal & Libby Weingarten on August 15, 2022

Posted in Cybersecurity, Privacy

On August 10, 2022, the Consumer Financial Protection Bureau (CFPB) issued a final Interpretive Rule stating that the Consumer Financial Protection Act (CFPA) applies to companies engaged in targeted advertising of financial products and services.
Continue Reading CFPB: New Sheriff in Town for Tech Companies?

The FTC Privacy Rulemaking: What’s Next?

By Maneesha Mithal & Lydia Parnes on August 12, 2022

Posted in Privacy, Regulatory

On August 11, 2022, the Federal Trade Commission (FTC) took the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy. The agency unveiled an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions, ranging from topics such as targeted advertising, security of personal information, algorithmic discrimination, and protection of children and teens. Comments are due within 60 days of publication of the ANPRM in the Federal Register. The ANPRM was issued with a 3-2 vote along party lines. This alert attempts to answer some key questions about the announcement.
Continue Reading The FTC Privacy Rulemaking: What’s Next?

Privacy Post-Dobbs: Recent Guidance from U.S. Regulators

By Tracy Shapiro, Maneesha Mithal, Haley Bavasi & Hale Melnick on July 21, 2022

Posted in Privacy

On June 24, 2022, the United States Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization,¹ opening a legal path to state laws restricting or prohibiting access to certain reproductive health services. To enforce these laws, law enforcement officials may attempt to access individuals’ health information, including from technology platforms that process health information on behalf of individuals or other businesses.
Continue Reading Privacy Post-Dobbs: Recent Guidance from U.S. Regulators

D(MA)-Day: Formal Adoption of the EU Digital Markets Act

By Laurine Daïnesi Signoret & Deirdre Carroll on July 20, 2022

Posted in Cybersecurity, Privacy

On July 18, 2022, the long-awaited Digital Markets Act (DMA) received the final approval of the EU’s co-legislators. The DMA will impose stringent far-reaching obligations on the largest digital platforms: the “gatekeepers.” The regulation will give the European Commission (EC) significant new enforcement powers, including the ability to impose severe fines and remedies in case of non-compliance.

The DMA will profoundly change the way in which big tech platforms operate in the EU. It will capture the largest tech companies and potentially 15-20 other platforms such as Alibaba and Booking.com. It will also create complications for non-gatekeepers, as the rules will impact how data can be shared with a gatekeeper’s commercial partners.
Continue Reading D(MA)-Day: Formal Adoption of the EU Digital Markets Act

The Data Advisor