Photo of Meredith Halama

Meredith Halama serves as an authority on online and mobile advertising practices.

Building off of the momentum from last year’s torrent of new comprehensive state privacy laws, 2024 has begun with a bang as two more states have now entered the picture. On January 16, 2024, New Jersey became the latest state to enact comprehensive privacy legislation with the New Jersey Data Privacy Act (NJDPA). New Hampshire’s state legislature quickly followed suit by passing Senate Bill 255 and it is currently awaiting finalization before becoming law.Continue Reading Two New States Enter the Privacy Fray

Less than 10 days after announcing its complaint and proposed settlement against location data broker X-Mode, the Federal Trade Commission (FTC) followed its recent spate of enforcement in the location and sensitive data space with the announcement of another enforcement action and proposed settlement with InMarket Media, Inc. (InMarket). Continue Reading The FTC Continues its Focus on Location and Sensitive Data

On January 9, 2024, the Federal Trade Commission (FTC) announced its complaint and proposed settlement with location data broker X-Mode Social, Inc. and its successor Outlogic, LLC (collectively X‑Mode). Under the order, X-Mode will be prohibited from sharing or selling any “sensitive location data”—location data that identifies visits to sensitive locations such as medical facilities, religious organizations, and other locations that allow potentially sensitive inferences. The FTC’s action reflects the FTC’s continued focus on location data, particularly that reflects potentially sensitive information, and is similar to the case it is currently litigating against Kochava regarding its sales of precise geolocation data.Continue Reading FTC Cracks Down on Collection and Sharing of Sensitive Location Data With Proposed X-Mode Settlement

Just a few years ago, the legal landscape governing health-related personal information was relatively simple: Protected Health Information was regulated under Health Insurance Portability and Accountability Act, a discrete set of rules that applies to a specified set of healthcare plans, clearinghouses, and providers. While narrowly targeted statutes governed particular types of health data and

International, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C. They, along with speakers from an array of private organizations, underscored the following takeaways that should be top of mind for businesses:Continue Reading Ten Takeaways From the 2023 IAPP Global Privacy Summit

After years out of circulation, class-action lawsuits asserting claims under the Video Protection Privacy Act are now back in reruns. More than 100 putative class actions alleging violations of the VPPA have been filed against publishers that use the Meta pixel on their websites.

It remains to be seen whether these lawsuits will survive evaluation

The Federal Trade Commission on March 2, 2023, announced a proposed complaint and proposed consent order with BetterHelp, Inc., an online counseling platform that allegedly disclosed consumer health data to third-party advertising platforms. The settlement requires payment of $7.8 million to be used for consumer refunds—the first time an FTC action has required the return

The Board of the California Privacy Protection Agency (CPPA) approved a rulemaking package covering Sections 7000–7304 of their draft regulations on February 3, 2023. The board also initiated preliminary rulemaking activities for risk assessments, cybersecurity audits, and automated decision-making. In approving the rulemaking package, the CPPA did not make substantive changes to the version of its draft regulations published in October 2022, indicating that any changes following from the more than 400 pages of public comment analysis could be advanced in future rulemaking activities.Continue Reading Almost There and Starting Again: CPPA Votes To Finalize Regulations and Launches Round Two

As it did last year, the California Attorney General’s Office recognized Data Privacy Day by announcing its latest investigative sweep under the California Consumer Privacy Act (CCPA). This time, the Attorney General focused on companies that operate mobile apps allegedly without offering CCPA-compliant opt-out mechanisms.Continue Reading California Attorney General Targets Popular Mobile Apps in CCPA Enforcement Sweep