Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 1st, 2022
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava’s recent blog post on the California Privacy Protection Agency’s (CPPA) proposed regulations to the California Consumer Privacy Act is cited in the article, “Calif. Privacy Agency Unveils Long-Awaited Draft Regulations” published by Law360.
"As expected, the Regs clarify that businesses must recognize Do Not Sell or Share (DNS) opt-out preference signals," Daniel and Maria Nava wrote. "While some privacy professionals have argued that businesses have a choice between posting a DNS link or honoring an opt-out preference signal, the Regs expressly state that interpretation is incorrect."
“However, the new proposal fails to clarify what exactly constitutes a valid opt-out signal, declining to recognize the Global Privacy Control or other technical specifications that have been developed to allow consumers to exercise their opt-out rights across the internet” and "As written, businesses arguably must respond to any signal, which will create compliance hurdles," said Daniel and Maria, adding that the regulations also don't prohibit opt-out signals from being set to "on" by default by a browser, like the new consumer privacy law that was recently enacted in Connecticut does.
Daniel and Maria note, “Under the CPRA regulations, companies that receive an opt-out request also need to notify any downstream third parties to stop selling or sharing the information as well” and "This appears to be a higher burden than currently required under CCPA or the CPRA text, and reemphasizes the need for a signal that can be read by downstream parties."
Lastly, Contracts with third parties "must also expressly require the third-party to check for opt-out signals," they added. If implemented, this and other proposed requirements, including that these agreements "expressly identify" the specific service for which the third party is processing information, would result in contracts with third parties needing to be much more robust, Daniel and Maria said.
Read full article here. (Behind paywall)
Other Quoted
Advertising Opt Outs Drive New Privacy Strategies in 2025
Cybersecurity Law Report quotes Daniel M. Goldberg in an article on how the advertising industry is facing greater scrutiny from state AGs as more people opt out of targeted ads. The report covers Google’s backtracking on plans to block third-parties’ tracking cookies amidst adtech’s adoption of cookieless personal identifiers; upcoming legal decisions; and compliance areas that adtech should consider in the coming year. View article. (Behind paywall. Contact author Matt Fleischer-Black for complimentary PDF.)
December 18 2024
The Biggest Copyright Decisions of 2024
Law360 quotes Jacqueline Charlesworth on the Hachette Book Group Inc. v. Internet Archive lawsuit, in which the Second Circuit affirmed a Manhattan federal judge’s ruling that a nonprofit’s scanning books to a create e-books was not fair use. (Behind paywall) View Article
December 17 2024
Deciphering the New CPPA Proposed Regulations for Data Brokers
Cybersecurity Law Report quotes Daniel M. Goldberg on the CPPA's proposed regulations that expand upon and clarify key provisions of the Delete Act, broadening the universe of what entities constitute a data broker. (Behind paywall) View Article
December 12 2024
