Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 1st, 2022
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava’s recent blog post on the California Privacy Protection Agency’s (CPPA) proposed regulations to the California Consumer Privacy Act is cited in the article, “Calif. Privacy Agency Unveils Long-Awaited Draft Regulations” published by Law360.
"As expected, the Regs clarify that businesses must recognize Do Not Sell or Share (DNS) opt-out preference signals," Daniel and Maria Nava wrote. "While some privacy professionals have argued that businesses have a choice between posting a DNS link or honoring an opt-out preference signal, the Regs expressly state that interpretation is incorrect."
“However, the new proposal fails to clarify what exactly constitutes a valid opt-out signal, declining to recognize the Global Privacy Control or other technical specifications that have been developed to allow consumers to exercise their opt-out rights across the internet” and "As written, businesses arguably must respond to any signal, which will create compliance hurdles," said Daniel and Maria, adding that the regulations also don't prohibit opt-out signals from being set to "on" by default by a browser, like the new consumer privacy law that was recently enacted in Connecticut does.
Daniel and Maria note, “Under the CPRA regulations, companies that receive an opt-out request also need to notify any downstream third parties to stop selling or sharing the information as well” and "This appears to be a higher burden than currently required under CCPA or the CPRA text, and reemphasizes the need for a signal that can be read by downstream parties."
Lastly, Contracts with third parties "must also expressly require the third-party to check for opt-out signals," they added. If implemented, this and other proposed requirements, including that these agreements "expressly identify" the specific service for which the third party is processing information, would result in contracts with third parties needing to be much more robust, Daniel and Maria said.
Read full article here. (Behind paywall)
Other Quoted
Televerse Day 2 Highlights: Shrinking, Henry Winkler and More
The Television Academy in its Televerse News quoted Daniel M. Goldberg, who spoke about AI at the academy’s three-day festival. Televerse featured television industry professionals both in front of and behind the camera, expert panelists, FYC (For Your Consideration) discussions, and screenings of shows nominated for this year’s Emmy Awards. Mr. Goldberg spoke on a panel covering “how federal and state lawmakers, courts, content creators and other stakeholders are responding to the evolving technology's impact on copyright, licensing and rights protection.” When asked for future predictions for six months from now, Mr. Goldberg responded, "'It's so hard to predict even two weeks from now. But I think you're going to see the states continue to pick up [on regulating AI] where the federal government is not.’” View Article
August 18 2025
Attorney Cautions That Privacy Laws Cover All Platforms, Not Just Sites
Privacy Daily quotes Daniel M. Goldberg in an article on growing trends in privacy laws and enforcement. The publication covered a webinar presented by Mr. Goldberg and Privado CEO Vaibhav Antil. Mr. Goldberg stated, '“although several enforcement actions have targeted websites, mobile apps are also subject to all privacy laws'” He noted how it’s no longer enough for companies to rely on privacy vendors for compliance but must practice due diligence. Mr. Goldberg reviewed California enforcement actions against Honda, Todd Snyder, and Healthline.
“With all three of these examples, ‘these are not companies that did nothing,” he said. ‘These are companies that had measures in place, that had actually used a vendor to implement them, but the way that it was configured was not tracking the law perfectly.’” He also pointed out how enforcements and fines are rising. View Article. (Registration required.)
July 31 2025
Data Privacy Roundup
The AdExchanger newsletter quotes Daniel M. Goldberg, highlighting key privacy enforcement trends. He provided an example of how opting in cookie tracking by clicking a bold “Allow All” button contrasted with declining tracing, which required a more involved two-step process. Mr. Goldberg pointed out that regulators saw this process as a “potential dark pattern.” “‘Symmetry of choice is the idea that it should be just as easy to accept as it is to reject,’” Goldberg said. ‘It’s an area regulators are looking very, very closely at.’” He also noted dark pattern fines, especially with the CPPA could become substantially larger. He underscored due diligence in programs, referencing recent privacy enforcement setttlements and fines. “‘All these cases involve vendor solutions that did not work,’ Goldberg said. ‘In almost all of them, the company did have privacy compliance in place; it just wasn’t working.’” View Article
July 25 2025
