Utah is poised to become the fourth state to enact comprehensive consumer privacy legislation, following California, Virginia, and Colorado. Earlier this month, Utah’s legislature passed the Utah Consumer Privacy Act (S.B. 227) (UCPA) with no opposing votes in both the Utah Senate and House of Representatives. The bill was sent to Utah Governor Spencer Cox on March 15, 2022 and the Governor has until March 24, 2022 to either sign or veto the bill, otherwise it will become law without his signature. If enacted, as is anticipated, the UCPA will become effective on December 31, 2023, six months after the Colorado Privacy Act (ColoPA) and nearly a year after the Virginia Consumer Data Protection Act (VCDPA) and California Privacy Rights Act (CPRA) come into effect.
Continue Reading Utah Poised to Become Fourth State with General Privacy Law

On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules that would require current and periodic reporting of material cybersecurity incidents as well as more detailed disclosure of cybersecurity risk management, expertise, and governance. This alert summarizes the proposed changes, which are subject to public comment until the later of May 9, 2022 or 30 days after publication in the Federal Register.
Continue Reading SEC Proposes New Cybersecurity Reporting and Enhanced Standardized Disclosure

Thinking of creating a non-fungible token (NFT) marketplace? You’re not alone. Global NFT transactions have risen from $40.96 million in 2018 to around $25 billion in 2021. Organizations from the NBA to Taco Bell have begun implementing NFT strategies. As blockchain-native artifacts, NFTs’ immutability, digital scarcity, and transferability have catalyzed growing interest among consumers and businesses alike, inspiring companies of all sizes to explore potential use-cases ranging from standalone art pieces, to NFTs tied to physical products, to NFTs with real-world or virtual components.
Continue Reading FYI on NFTs: Consumer Protection and Privacy Considerations

The EU Parliament and the EU Council recently adopted their respective versions of the Digital Markets Act (DMA) and Digital Services Act (DSA), which intend to create new antitrust-related (DMA) and regulatory (DSA) rules applicable to digital platforms.1

The adoption of the draft amendments by the EU Parliament and the EU Council constitutes a critical step towards final adoption of these laws. Now, the EU Commission (EC), Parliament, and Council are undergoing negotiations (so-called “trilogues“) to agree on a final version of the laws. The institutions could reach an agreement on the DMA and the DSA within the coming months, but it may take some time before it is enacted.
Continue Reading EU Parliament and Council Take Next Steps to Advance Major New Rules for Digital Platforms

On February 16, 2022, the Federal Trade Commission (FTC) filed a proposed settlement order in federal court in its case against WW International, Inc (formerly known as Weight Watchers International, Inc.) and its subsidiary Kurbo, Inc. (Kurbo) to resolve allegations that the defendants violated the Children’s Online Privacy Protection Act and its implementing rules (COPPA).1 The FTC alleged that the defendants violated COPPA by failing to provide required notices and obtain verifiable parental consent prior to collecting, using, and disclosing personal information from children using their weight loss app. As part of the proposed settlement, the defendants are required to, among other things: 1) update their procedures to ensure that they obtain verifiable parental consent before collecting personal information from children, 2) destroy all of the personal information they obtained in violation of COPPA as well as any models or algorithms based on that information, and 3) pay a civil penalty of $1.5 million.
Continue Reading FTC Settles with Weight Watchers in First Children’s Privacy Case Requiring Deletion of Algorithms