On December 21, 2022, the Colorado Attorney General’s office published an updated version of proposed draft rules (“modified draft rules”) to the Colorado Privacy Act (ColoPA), which revise the initial draft rules issued in October 2022, based on feedback received during the prior comment period.1 Notably, the Colorado Attorney General’s office explained that it modified some of the rules to … Continue Reading
The year 2023 promises to be another big year for privacy. In 2022, regulators focused on AI, dark patterns and aggressive remedies for allegedly deceptive and unfair data practices, such as disgorgement of algorithms developed through ill-gotten data, and these trends are likely to continue. Privacy professionals continue to focus on the privacy laws in five states coming into … Continue Reading
On November 15, 2022, the European Data Protection Board (EDPB) adopted draft recommendations (here) for data controllers when applying for approval of their binding corporate rules for international data transfers (Recommendations).… Continue Reading
On October 10, 2022, the Colorado Secretary of State published draft rules for the Colorado Privacy Act (ColoPA) in the Colorado Register, thus initiating a public comment period that will run through February 1, 2023.1 The draft rules generally cover the topics that the Colorado Attorney General’s Office identified in the April 2022 “Pre-Rulemaking Considerations for … Continue Reading
On September 15, 2022, the Federal Trade Commission (FTC) held an open Commission meeting that covered three agenda items: 1) a rulemaking on impersonation scams, 2) a policy statement on enforcement related to gig work, and 3) a staff report on dark patterns. While items (1) and (3) moved forward with a bipartisan 5-0 vote, the policy statement on the gig economy was … Continue Reading
On August 30, 2022, the California legislature passed the California Age-Appropriate Design Code Act (the Act). Modeled after the UK’s Age-Appropriate Design Code, California’s act drastically changes the landscape of online privacy and content availability for minors in California. The Act goes beyond the current federal protections of the Children’s Online Privacy Protection Act (COPPA) and could impose … Continue Reading
On August 24, 2022, the California Attorney General (AG) announced the entry of a final judgment to resolve claims that makeup retailer Sephora violated the California Consumer Privacy Act (CCPA). Notably, this is the California AG’s first enforcement action resulting in a fine and settlement under the CCPA. The California AG alleged that Sephora violated the CCPA by failing … Continue Reading
On August 11, 2022, the Federal Trade Commission (FTC) took the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy. The agency unveiled an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions, ranging from topics such as targeted advertising, … Continue Reading
On June 3, 2022, members of the U.S. Congress released a bipartisan, bicameral discussion draft of a comprehensive national data privacy and data security framework. The draft is notable in that it reflects a compromise on the two issues that have for years vexed lawmakers angling for federal privacy legislation: preemption and private right of … Continue Reading
On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding … Continue Reading
On May 19, 2022, the U.S. Department of Justice (DOJ) revised its policy regarding charging decisions under the Computer Fraud and Abuse Act (CFAA). The new policy makes clear, “for the first time,” that the DOJ “should decline prosecution” of “good faith” security research, even if said research involves a technical violation of the CFAA.1 The … Continue Reading
EU lawmakers are preparing a new Artificial Intelligence Act (AIA). Timing for adoption remains unclear, but once the AIA enters into force, it will impose strict obligations on providers and users of AI systems. In the meantime, EU regulators have started issuing fines against companies using AI systems on the basis of the EU General … Continue Reading
Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” (SB 6) (CPOMA).1 Substantively, CPOMA largely tracks the Colorado Privacy Act (ColoPA) and Virginia Consumer Data Protection Act (VCDPA). CPOMA’s substantive provisions … Continue Reading
Last week, the Federal Trade Commission (FTC) and the District Attorneys of Los Angeles County and Riverside County agreed to an order to settle claims against Frontier Communications Intermediate, LLC and its parent company, Frontier Communications Parent, Inc. (collectively, Frontier). The plaintiffs alleged that Frontier promised internet speeds that Frontier did not deliver. The order, approved by … Continue Reading
As a fintech company, platform offering payment services, or a cryptocurrency business, you may be used to operating in uncharted waters; the Consumer Financial Protection Bureau (CFPB), however, is ready to start drawing some maps. It has announced that it will begin to exercise its supervisory authority over non-bank consumer financial entities that the CFPB has reason … Continue Reading
In anticipation of its new powers to regulate the largest digital platforms, the EU is planning to open a San Francisco base to engage with these companies, which are based mostly in Silicon Valley and the broader Bay Area. The EU’s plans to open its first representative office on Californian soil reflects the EU’s intent … Continue Reading
On April 12, 2022, the U.S. Consumer Financial Protection Bureau (CFPB) filed a lawsuit against TransUnion, two of its subsidiaries, and former TransUnion executive John Danaher in his individual capacity for violating an enforcement order. That order, from January 2017, was part of a settlement in which TransUnion agreed to pay $16.9 million in restitution … Continue Reading
On April 19, 2022, the BBB National Programs’ Center (BBB NP) for Industry Self-Regulation launched the TeenAge Privacy Program (TAPP) Roadmap, a new operational framework to help companies develop digital products and services attuned to privacy risks facing teenage consumers. In the United States, children 12 and under are protected by the Children’s Online Privacy … Continue Reading
On April 12, 2022, the Colorado Attorney General’s Office released “Pre-Rulemaking Considerations for the Colorado Privacy Act,” which provides a series of topics and questions for which the office seeks informal public feedback.1 Here is what you need to know: The Colorado Attorney General’s Office is currently seeking informal input to guide its future rulemaking efforts. While, at … Continue Reading
The European Union (EU) will soon be handed sweeping new rules to regulate the conduct of the largest digital platforms with the long-awaited Digital Markets Act (DMA). Following 15 months of intense negotiations on amendments to the original Proposal, the presidents of the main EU institutions (the Parliament, Council, and Commission) reached a political agreement on the final … Continue Reading
On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. … Continue Reading
As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to … Continue Reading
On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity risk management, expertise, and governance. This alert summarizes the proposed changes, which are subject to public comment until the later of May 9, 2022 … Continue Reading
Thinking of creating a non-fungible token (NFT) marketplace? You’re not alone. Global NFT transactions have risen from $40.96 million in 2018 to around $25 billion in 2021. Organizations from the NBA to Taco Bell have begun implementing NFT strategies. As blockchain-native artifacts, NFTs’ immutability, digital scarcity, and transferability have catalyzed growing interest among consumers and businesses alike, inspiring … Continue Reading
We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.
