Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 1st, 2022
Calif. Privacy Agency Unveils Long-Awaited Draft Regulations
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava’s recent blog post on the California Privacy Protection Agency’s (CPPA) proposed regulations to the California Consumer Privacy Act is cited in the article, “Calif. Privacy Agency Unveils Long-Awaited Draft Regulations” published by Law360.
"As expected, the Regs clarify that businesses must recognize Do Not Sell or Share (DNS) opt-out preference signals," Daniel and Maria Nava wrote. "While some privacy professionals have argued that businesses have a choice between posting a DNS link or honoring an opt-out preference signal, the Regs expressly state that interpretation is incorrect."
“However, the new proposal fails to clarify what exactly constitutes a valid opt-out signal, declining to recognize the Global Privacy Control or other technical specifications that have been developed to allow consumers to exercise their opt-out rights across the internet” and "As written, businesses arguably must respond to any signal, which will create compliance hurdles," said Daniel and Maria, adding that the regulations also don't prohibit opt-out signals from being set to "on" by default by a browser, like the new consumer privacy law that was recently enacted in Connecticut does.
Daniel and Maria note, “Under the CPRA regulations, companies that receive an opt-out request also need to notify any downstream third parties to stop selling or sharing the information as well” and "This appears to be a higher burden than currently required under CCPA or the CPRA text, and reemphasizes the need for a signal that can be read by downstream parties."
Lastly, Contracts with third parties "must also expressly require the third-party to check for opt-out signals," they added. If implemented, this and other proposed requirements, including that these agreements "expressly identify" the specific service for which the third party is processing information, would result in contracts with third parties needing to be much more robust, Daniel and Maria said.
Read full article here. (Behind paywall)
Other Quoted
Pay Attention to the Delete Act (Even If You Don’t Think You’re A Data Broker)
AdExchanger quotes Daniel M. Goldberg in an article on California’s Delete Act, noting data brokers are required to register by January 31. He explains the definition of data broker extends to any company that collects and sells personal data about consumers, which includes companies using third-party data for targeted advertising. Mr Goldberg also anticipates more enforcement in 2025. View Article
January 21 2025
Understanding Interactive Entertainment
Games Industry Law Summit quotes S. Gregory Boyd and Sean F. Kane on two decades shaping video game law. The discussion covers key insights on industry evolution and emerging legal challenges. View Article
December 30 2024
Advertising Opt Outs Drive New Privacy Strategies in 2025
Cybersecurity Law Report quotes Daniel M. Goldberg in an article on how the advertising industry is facing greater scrutiny from state attorneys general as more people opt out of targeted ads. Speaking on a California Lawyers Association (CLA) panel, Mr. Goldberg noted how adtech is now a key focus for regulators. Due to the extensive marketing of many companies, privacy program leaders across industries must assess the impact of adtech on their companies and mititgate risks. View article (available through trial or paid subscription).
December 18 2024
