Less than one month after Utah adopted the nation’s first law restricting the use of social media platforms by minors under 18, Arkansas last week enacted its Social Media Safety Act (the Act), SB396. The Act, which goes into effect on September 1, 2023, similarly bars minors from holding accounts on social media platforms without parental consent and requires social media companies to complete “reasonable age verification” via a third-party vendor.Continue Reading Arkansas Becomes Second State To Enact Social Media Restrictions for Minors
Privacy Compliance
Joining the Privacy Party: Iowa Becomes the Sixth State To Adopt a Comprehensive Privacy Law
On March 28, Iowa Governor Kim Reynolds signed Senate File 262, effective January 1, 2025, making Iowa the sixth state to offer comprehensive privacy protections. Iowa’s new legislation appears to be the most business-friendly omnibus privacy law yet, with fewer requirements than those of other states. The law will apply to a person who conducts business in Iowa or produces products or services targeted to Iowa residents, and who meets either of the following requirements in a calendar year: (1) processes the personal data of 100,000 consumers or more (consumers defined as residents of Iowa “acting only in an individual or household context”) or (2) controls or processes the personal data of at least 25,000 consumers and derives over 50% of annual gross revenue from the sale of personal data.Continue Reading Joining the Privacy Party: Iowa Becomes the Sixth State To Adopt a Comprehensive Privacy Law
Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws
On March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA). The interview was moderated by Samantha V. Ettari, Perkins Coie LLP senior counsel and co-chair of the IAPP KnowledgeNet Dallas Chapter, and Justin L. Koplow, AT&T senior legal counsel and also a co-chair of the IAPP Dallas Chapter. The conversation focused on a variety of subjects, including Rep. Capriglione’s professional technology background and subsequent journey into privacy issues, the development of the TDPSA, its specific provisions, and how the bill compares to privacy regimes in other states, including the Virginia Consumer Data Protection Act (VCDPA), on which it was modeled. This is the third comprehensive consumer privacy bill Rep. Capriglione has advanced, and this one appears to be channeling the momentum of six states’ comprehensive privacy laws, Texas denizens’ apparent interest in consumer privacy, and a significant national conversation around consumers’ and children’s privacy. Continue Reading Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws
FTC Claims Sharing User Health Data With Advertising Platforms Is a “Security Breach”
For the first time, the Federal Trade Commission has brought an enforcement action under its 2009 Health Breach Notification Rule (HBNR). The case was brought against a digital health company, GoodRx Holdings, Inc., for sharing users’ health information with third-party advertising platforms without the authorization of the users whose data was being shared.
FCC Proposes To Strengthen Data Breach Notification Rules for Telecom Operators
In response to the increased frequency and severity of data breaches in the telecommunications industry, the Federal Communications Commission recently published a Notice of Proposed Rulemaking that seeks to strengthen and broaden its breach notification rules arising from the unauthorized disclosure of customer proprietary network information (CPNI).
Four Data Security Safeguards the FTC Would Like Companies To Adopt in 2023
Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.
This Update discusses what these safeguards are and why the FTC believes they are so critical.
One Step Closer: California Privacy Protection Agency Reviews Comments for CCPA Regulations
Last week, the period for comments closed on the California Privacy Protection Agency’s (CPPA) latest version of the draft implementing regulations for the California Privacy Rights Act (CPRA) amendments to the California Consumer Privacy Act (CCPA) (Revised Regs). The Revised Regs were first released with modifications and an Explanation of Modified Text of Proposed Regulations at the end of October. Shortly thereafter, the CPPA released the current version of the Revised Regs, which, compared to the initial draft regulations (Initial Draft Regs), include many substantive modifications to key compliance areas.Continue Reading One Step Closer: California Privacy Protection Agency Reviews Comments for CCPA Regulations
More State Content Moderation Laws Coming to Social Media Platforms
California and New York recently passed laws that seek to change how social media platforms and social media networks design and report their content moderation practices. The New York law will require a hateful conduct policy and reporting mechanism starting in December 2022. The California laws will impose content policy and transparency requirements starting in…
FTC Sues Data Broker for Alleged Unfair Act of Selling Precise Geolocation Data
The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting…
Growing Pains: New Self-Regulatory Framework for Teenage Privacy Proposed
The Better Business Bureau recently announced the launch of the TeenAge Privacy Program, which proposes a self-regulatory framework for companies to use in order to protect teen consumers and guide the responsible collection and management of teen data. The CISR’s new framework helps to address recent attention to the privacy and safety of teens online…