The Federal Trade Commission recently announced an enforcement order against edtech company Edmodo for allegedly violating the Children’s Online Privacy Protection Act. In its complaint, the FTC alleged that Edmodo violated COPPA by collecting, using, and disclosing personal information from children without obtaining “verifiable parental consent,” and retaining the personal information collected for longer than
Full Steam Ahead: Updates in Enforcement of California Privacy Law
A court-ordered stay on enforcement of updates to certain parts of the California privacy regulation (the Ruling) has not slowed down enforcement of the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In fact, the hot summer months of July and August are poised to be busy months of regulator activity. On Friday, July 14, the California Attorney General distributed a series of “inquiry letters” to certain businesses as part of an investigative sweep concerning employee privacy. Simultaneously, the California Privacy Protection Agency (CPPA) detailed its enforcement strategy for California state privacy laws in a public meeting, announcing the Agency’s plans to continue with enforcement where it is able, despite the stay on updates to the regulations. Most recently, on July 31, the CPPA announced a review of privacy practices around connected automobile data. This increased level of activity should encourage companies that have been slow to implement a compliant privacy program, including the updates that went effective on January 1, 2023.
Continue Reading Full Steam Ahead: Updates in Enforcement of California Privacy Law
The Beaver State Joins Growing List of States To Pass Comprehensive Consumer Privacy Law: The Oregon Consumer Privacy Act
As of July 18, 2023, Oregon has joined 11 other states to pass a comprehensive consumer privacy law. The Oregon Consumer Privacy Act requires various disclosures around the collection and processing of personal data, provides consumers with rights to their data, and imposes obligations on controllers and processors, including honoring global opt-out signals. This Update
Crossing the Finish Line: California Regulations Effective Immediately
The California Privacy Protection Agency (CPPA) released a statement on March 30, 2023, announcing that the California Office of Administrative Law (OAL) had approved the first substantive rulemaking package for the California Consumer Privacy Act (CCPA), amended by the California Privacy Rights Act (CPRA). As a result of this, the CCPA regulations in this rulemaking package are finalized and, according to their terms, effective immediately.
Continue Reading Crossing the Finish Line: California Regulations Effective Immediately
Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws
On March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA). The interview was moderated by Samantha V. Ettari, Perkins Coie LLP senior counsel and co-chair of the IAPP KnowledgeNet Dallas Chapter, and Justin L. Koplow, AT&T senior legal counsel and also a co-chair of the IAPP Dallas Chapter. The conversation focused on a variety of subjects, including Rep. Capriglione’s professional technology background and subsequent journey into privacy issues, the development of the TDPSA, its specific provisions, and how the bill compares to privacy regimes in other states, including the Virginia Consumer Data Protection Act (VCDPA), on which it was modeled. This is the third comprehensive consumer privacy bill Rep. Capriglione has advanced, and this one appears to be channeling the momentum of six states’ comprehensive privacy laws, Texas denizens’ apparent interest in consumer privacy, and a significant national conversation around consumers’ and children’s privacy.
$228M Verdict in First Illinois Biometric Information Privacy Act Trial
After a five-day trial and only an hour of deliberation, the nation’s first trial under the Illinois Biometric Information Privacy Act (BIPA) ended with a bang. The jury found that the defendant, BNSF Railway Company, recklessly or intentionally violated BIPA 45,600 times (once per class member), resulting in a $228 million judgment.
Growing Pains: New Self-Regulatory Framework for Teenage Privacy Proposed
The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online
Rip Van Wrinkle: The Grandfather of Biometric Laws Awakens
In February, the Texas attorney general brought the first enforcement action under Texas’ Capture of Use of Biometric law. CUBI was the first state law to govern the collection and use of biometric data, predating the more well-known Illinois law by seven years.
This update explores (1) the key differences between CUBI and the Illinois
Requiem for a Cookie Part 2: The AdTech Phoenix is Reborn
As the world turns anew in 2022, a seismic shift is underway in the AdTech industry as detailed in the first part of this Requiem for a Cookie series: online tracking technology as we know it is likely undergoing a permanent change. More specifically, the third-party cookie, which has been the dominant method for
The City That Never Peeps? NY City’s Biometric Identifier Information Ordinance Goes Into Effect July 9, 2021
What Is the Ordinance?
New York City’s new biometrics ordinance goes into effect today, Friday, July 9. The ordinance regulates the use of “biometric identifier information” in “commercial establishments.” It is the first law of its kind in the State of New York.
- “Biometric identifier information” is broadly defined to mean “a physiological or biological