- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 1st, 2022
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava’s recent blog post on the California Privacy Protection Agency’s (CPPA) proposed regulations to the California Consumer Privacy Act is cited in the article, “Calif. Privacy Agency Unveils Long-Awaited Draft Regulations” published by Law360.
"As expected, the Regs clarify that businesses must recognize Do Not Sell or Share (DNS) opt-out preference signals," Daniel and Maria Nava wrote. "While some privacy professionals have argued that businesses have a choice between posting a DNS link or honoring an opt-out preference signal, the Regs expressly state that interpretation is incorrect."
“However, the new proposal fails to clarify what exactly constitutes a valid opt-out signal, declining to recognize the Global Privacy Control or other technical specifications that have been developed to allow consumers to exercise their opt-out rights across the internet” and "As written, businesses arguably must respond to any signal, which will create compliance hurdles," said Daniel and Maria, adding that the regulations also don't prohibit opt-out signals from being set to "on" by default by a browser, like the new consumer privacy law that was recently enacted in Connecticut does.
Daniel and Maria note, “Under the CPRA regulations, companies that receive an opt-out request also need to notify any downstream third parties to stop selling or sharing the information as well” and "This appears to be a higher burden than currently required under CCPA or the CPRA text, and reemphasizes the need for a signal that can be read by downstream parties."
Lastly, Contracts with third parties "must also expressly require the third-party to check for opt-out signals," they added. If implemented, this and other proposed requirements, including that these agreements "expressly identify" the specific service for which the third party is processing information, would result in contracts with third parties needing to be much more robust, Daniel and Maria said.
Read full article here. (Behind paywall)
Brands Review Data Privacy Policies After $1.2 Million Sephora Settlement
September 29 2022
Metaverse IRL: Tackling Privacy Amid the Rampant Hype and Burst of Deals
September 27 2022
How CC0 Can Help – or Hurt – NFT Projects
September 14 2022