On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements.

Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia Parnes, Cédric Burton, Libby Weingarten, and Lore Leitner discussed the legal regime that applies to this technology: new legal requirements, recent case law, and data protection authorities’ decisions affecting the ad tech ecosystem, as well as the differences between EU and U.S. legislation applying to ad tech.Continue Reading WSGR Event Recap: Online Advertising and Privacy—An Overview of Global Legal Developments

ThinkstockPhotos-455670115-webBeginning January 1, 2016, the recently-enacted “Delaware Online Privacy and Protection Act”1 (DOPPA) will take effect and will impact all companies with online services used by Delaware residents. DOPPA consists of three separate online privacy laws: (1) a law prohibiting certain types of online marketing or advertising to minors;2 (2) a law requiring commercial websites and online services to post privacy policies;3 and (3) a law restricting government access to user records kept by online book service providers.4 The laws are substantively similar to online privacy laws already in effect in other states, and are particularly similar to laws in effect in California. The Consumer Protection Unit of the Delaware Department of Justice can enforce DOPPA’s three laws under the same provisions that it enforces other state consumer protection laws.5 DOPPA does not create a private right of action for any of the three laws.6
Continue Reading Delaware Enacts New Online Privacy Laws

Protection of highly sensitive personal information is a growing concern for most Americans in the ever-increasing digital age, especially in the wake of large-scale data breaches from leading retail brands and healthcare providers. Although protections currently exist to counteract unwanted dissemination of private information, as well as rules mandating notification when such unwanted dissemination occurs, this growing concern has prompted the White House and Congress to take steps toward increasing protections in the context of privacy laws.
Continue Reading Privacy Laws in the Digital Age—A Push for Increased Protections

Prompted by data breaches affecting large retailers in the United States, the California legislature recently passed Assembly Bill 1710 (A.B. 1710) to update the state’s breach notification law to require breached entities to provide free credit monitoring services to affected individuals following certain types of data breaches. This change, effective January 1, 2015, was recommended by the California Attorney General’s Office in its 2013 Data Breach Report. The Attorney General’s Office recently published its 2014 Data Breach Report, and its recommendations provide insight into the office’s enforcement priorities. The recommendations may also find their way into California law.
Continue Reading California Amends Data Breach Notification Law and State Attorney General’s Data Breach Report May Lead to More Changes

California, which enacted the pioneering security breach notification law in 2002, again has taken the lead in security breach notification legislation. In an effort to protect consumers against unauthorized access to their online accounts, California has extended its security breach notification law to cover individuals’ online account credentials (i.e., a user name or email address, in combination with a password or security question and answer, that would permit access to an online account) in amendments that will take effect on January 1, 2014.1 This article discusses California’s existing security breach notification obligations, as well as the changes provided for in these amendments.
Continue Reading California Extends Security Breach Notification Requirements to Online Account Credentials