Colorado Attorney General Issues Pre-Rulemaking Considerations for the Colorado Privacy Act

By Tracy Shapiro & Clinton Oxford on April 20, 2022

On April 12, 2022, the Colorado Attorney General’s Office released “Pre-Rulemaking Considerations for the Colorado Privacy Act,” which provides a series of topics and questions for which the office seeks informal public feedback.¹ Here is what you need to know:

The Colorado Attorney General’s Office is currently seeking informal input to guide its future rulemaking efforts. While, at this phase, public input will not be considered part of the official rulemaking record, the AG’s office “hopes to hear from a diverse group of stakeholders to guide the drafting of balanced and impactful regulations.”
The AG’s office identified eight specific topics—each with several targeted questions—for which “pre-rulemaking feedback will be particularly beneficial.” However, the public is permitted to offer input on any aspect of the upcoming rulemaking.
Feedback is being collected through a publicly available comment form and at a series of informal listening sessions.
This fall, the AG’s office will begin the formal notice-and-comment rulemaking by providing a notice of rulemaking and accompanying draft regulations.

Continue Reading Colorado Attorney General Issues Pre-Rulemaking Considerations for the Colorado Privacy Act

Privacy in the Metaverse

By Dan Chase & Maneesha Mithal on April 4, 2022

Posted in Privacy

Coined in Neal Stephenson’s 1992 best-selling novel, Snow Crash, the term “metaverse” has recently reentered the general public’s lexicon to denote a technology hailed by some as the successor to the mobile internet and the next step in humankind’s technological evolution. Though there is no consensus on the definition’s precise contours, the metaverse has generally been described as an embodied internet where, instead of passively viewing content in two-dimensional space, users are in the content and experiencing it with others.
Continue Reading Privacy in the Metaverse

EU Adopts New Rules to Significantly Limit the Power of Tech Platforms

By Deirdre Carroll, Laurine Daïnesi Signoret, Cédric Burton & Beau Buffier on March 30, 2022

Posted in European Union, Privacy, Regulatory

The European Union (EU) will soon be handed sweeping new rules to regulate the conduct of the largest digital platforms with the long-awaited Digital Markets Act (DMA). Following 15 months of intense negotiations on amendments to the original Proposal, the presidents of the main EU institutions (the Parliament, Council, and Commission) reached a political agreement on the final text of the DMA on March 24, 2022. The final vote is planned for July 2022, with the rules expected to come into effect in October 2022. It is expected that designated gatekeepers will need to comply by early 2024.
Continue Reading EU Adopts New Rules to Significantly Limit the Power of Tech Platforms

Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

By Laura De Boel, Cédric Burton, Maneesha Mithal & Rossana Fol on March 29, 2022

Posted in Privacy, Regulatory

On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.
Continue Reading Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

Rules of the Road for Advertisers and Marketers: The Basics

By Maneesha Mithal on March 24, 2022

Posted in Privacy, Regulatory

As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to follow these rules can lead to regulator or competitive lawsuits, reputational harm, loss of consumer trust, significant fines or damages, and in some cases, requirements for corrective disclosures.
Continue Reading Rules of the Road for Advertisers and Marketers: The Basics

FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

By Roger Li, Megan Kayo, Maneesha Mithal, Tracy Shapiro & Beth George on March 23, 2022

Posted in Cybersecurity, Privacy

On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, among other things, failed to implement reasonable security measures, and misrepresented that it would use email addresses for order notification and receipt, when in fact it used email addresses for marketing purposes. As part of the proposed settlements with Residual Pumpkin and Planet Art, each is required, among other things, to implement, annually assess, test, and monitor a comprehensive written information security program. Residual Pumpkin also would be required to pay a $500,000 penalty.
Continue Reading FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

The Data Advisor