Photo of Miriam Farhi

Miriam Farhi is a partner in the firm’s Technology Transactions & Privacy practice and represents retail and technology companies on issues relating to privacy, data security, ecommerce, social media, Internet of Things (IoT), artificial intelligence, online and mobile advertising, and consumer protection.

The day before the California Privacy Rights Act became enforceable on July 1, we learned that enforcement of the first set of implementing regulations finalized by the California Privacy Protection Agency under the CPRA is delayed until March 29, 2024. Prior to the June 30 ruling by a California Superior Court judge, the Regulations were

Indiana Governor Eric Holcomb signed Senate Bill 5 on May 1 (effective January 1, 2026), making Indiana the seventh state to offer comprehensive privacy protections. Indiana’s new law appears to closely track Virginia’s omnibus privacy law. The law will apply to a person that conducts business in Indiana or produces products or services targeted to Indiana residents, and that meets either of the following requirements in a calendar year: (1) controls or processes the personal data of 100,000 consumers (defined as residents of Indiana “acting only for a personal, family, or household purpose”); or (2) controls or processes personal data of at least 25,000 consumers with more than 50% of annual gross revenue derived from the sale of personal data.

Similarly, both Tennessee and Montana appear to be imminently close to enacting their own state comprehensive privacy bills. The Tennessee and Montana legislatures each passed their own state bills on April 21, 2023, and each bill is expected to be signed into law by the respective governor soon.

Below, we look at some of the key similarities and differences between the new Indiana privacy law compared with the other six state omnibus privacy laws. We also highlight the key provisions of the Tennessee and Montana bills that are expected to be signed into law soon.

Continue Reading Lucky Number 7…8 and 9?: Indiana Passes Privacy Law With Tennessee and Montana Hot on Its Heels

As it did last year, the California Attorney General’s Office recognized Data Privacy Day by announcing its latest investigative sweep under the California Consumer Privacy Act (CCPA). This time, the Attorney General focused on companies that operate mobile apps allegedly without offering CCPA-compliant opt-out mechanisms.

Continue Reading California Attorney General Targets Popular Mobile Apps in CCPA Enforcement Sweep

Last week, the period for comments closed on the California Privacy Protection Agency’s (CPPA) latest version of the draft implementing regulations for the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) (Revised Regs). The Revised Regs were first released with modifications and an Explanation of Modified Text of Proposed Regulations at the end of October. Shortly thereafter, the CPPA released the current version of the Revised Regs, which, compared to the initial draft regulations (Initial Draft Regs), include many substantive modifications to key compliance areas.

Continue Reading One Step Closer: California Privacy Protection Agency Reviews Comments for CCPA Regulations

Online shopping and the use of virtual try-on technology continue to grow in popularity. Retailers today have a number of options when considering how to bring virtual try-ons to consumers. These range from licensing third-party technology to integrate virtual try-on within their own e-commerce channels to partnering with an online shopping network that offers the

Last week, the Consumer Privacy Protection Agency (Agency) Board rounded out the first half of 2022 by releasing draft California Privacy Rights Act (CPRA) regulations. This first set of CPRA regulations focus on updating existing California Consumer Privacy Act (CCPA) regulations to account for the new provisions of the CPRA and addressing specific areas such

Companies doing business in the United States should start preparing for the Utah Consumer Privacy Act, which was signed into law on March 24, 2022, and will go into effect on December 31, 2023. The law is more business-friendly than existing omnibus state privacy laws, in that it generally provides fewer consumer rights and company

The California Consumer Privacy Act of 2018 (CCPA) regulates a company’s offerings of financial incentives and price or service differences related to the collection, retention, or sale of personal information. Cal. Civ. Code Section 1798.125(a)(2); Final Text of CCPA Regulations, 999.301(j), 999.307, 999.336. Although the CCPA became effective on January 1, 2020, the regulations were not issued in final form until June 1, 2020. As a result, many companies are still in the process of developing their approach to complying with the CCPA’s requirements–particularly those that relate to financial incentives. If your company offers programs that may fall within the definition of “financial incentives” or “price or service differences,” you should be aware of the CCPA’s requirements related to those types of offerings, including the requirement to provide notice of the financial incentive and disclose a good faith estimate of the value of the consumer’s data that forms the basis of the offering. The California Attorney General is expected to begin enforcing the CCPA on July 1, 2020.

Continue Reading CCPA Compliance: Financial Incentives Requirements

It’s a new year and it looks like 2021 is going to be another eventful one for privacy. In the past few weeks, we’ve seen several states introduce new privacy legislation, starting with Washington. On January 5, the Washington Privacy Act of 2021 (SB 5062) was introduced in the Washington State Senate and