Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 12th, 2022
Connecticut Privacy Law Adds Stitch to Confusing Legal Patchwork
Privacy & Data Security Group Chair Daniel M. Goldberg and Privacy & Data Security Associate Maria Nava are quoted in the article, “Connecticut Privacy Law Adds Stitch to Confusing Legal Patchwork” published by Bloomberg Law. The article discusses Connecticut’s newly enacted consumer privacy law which gives Connecticut residents the right to opt out of the processing and sale of their personal data and the right to ask that it be deleted while requiring companies to limit collecting personal data. With Connecticut being the fifth state to pass consumer privacy legislation after California, Virginia, Colorado, and Utah, the growing national patchwork complicates business compliance. Daniel is quoted saying, “Putting the laws into practice—making consumers’ rights easily accessible, for example—is another major problem stemming from the country’s patchwork system.” California, Colorado, and Connecticut require businesses to honor universal opt-out signals, while Utah and Virginia do not require those universal opt-outs. Daniel says, “Adding functionality for that type of tool to websites can be a challenge, especially with such differences” and “This is one area where I’m hopeful California will clarify specifics with regulations, and there’s a good chance other states could follow suit.”
With respect to children’s data, the Connecticut law requires opt-in consent for the processing of children’s sensitive data and requires that the processing be done in accordance with the federal Children’s Online Privacy Protection Act, which applies to those under 13. It goes further by prohibiting companies from processing the data of minors known to be ages 13 to 16 for purposes of targeted advertising and from selling it without consent. Maria says, “The new law defines ‘biometric data’ in a similar fashion to Virginia and Utah, which isn’t as comprehensive as the definition in California’s statute” and “There are exceptions in the law that weren’t originally in the bill, like photographs and audio recordings.”
Unlike the California Privacy Rights Act, which created a standalone privacy agency tasked with rulemaking, the Connecticut measure doesn’t establish a regulator or call for rules. The Connecticut attorney general isn’t tasked with rulemaking, as is the case in Colorado. Daniel says, “But it does convene a task force in the General Assembly where the topics for exploration range from algorithmic decision-making to children’s privacy.” He concludes by saying, “The findings could be considered for future tweaks or future laws.”
Read the full article here.
Other Quoted
Televerse Day 2 Highlights: Shrinking, Henry Winkler and More
The Television Academy in its Televerse News quoted Daniel M. Goldberg, who spoke about AI at the academy’s three-day festival. Televerse featured television industry professionals both in front of and behind the camera, expert panelists, FYC (For Your Consideration) discussions, and screenings of shows nominated for this year’s Emmy Awards. Mr. Goldberg spoke on a panel covering “how federal and state lawmakers, courts, content creators and other stakeholders are responding to the evolving technology's impact on copyright, licensing and rights protection.” When asked for future predictions for six months from now, Mr. Goldberg responded, "'It's so hard to predict even two weeks from now. But I think you're going to see the states continue to pick up [on regulating AI] where the federal government is not.’” View Article
August 18 2025
Attorney Cautions That Privacy Laws Cover All Platforms, Not Just Sites
Privacy Daily quotes Daniel M. Goldberg in an article on growing trends in privacy laws and enforcement. The publication covered a webinar presented by Mr. Goldberg and Privado CEO Vaibhav Antil. Mr. Goldberg stated, '“although several enforcement actions have targeted websites, mobile apps are also subject to all privacy laws'” He noted how it’s no longer enough for companies to rely on privacy vendors for compliance but must practice due diligence. Mr. Goldberg reviewed California enforcement actions against Honda, Todd Snyder, and Healthline.
“With all three of these examples, ‘these are not companies that did nothing,” he said. ‘These are companies that had measures in place, that had actually used a vendor to implement them, but the way that it was configured was not tracking the law perfectly.’” He also pointed out how enforcements and fines are rising. View Article. (Registration required.)
July 31 2025
Data Privacy Roundup
The AdExchanger newsletter quotes Daniel M. Goldberg, highlighting key privacy enforcement trends. He provided an example of how opting in cookie tracking by clicking a bold “Allow All” button contrasted with declining tracing, which required a more involved two-step process. Mr. Goldberg pointed out that regulators saw this process as a “potential dark pattern.” “‘Symmetry of choice is the idea that it should be just as easy to accept as it is to reject,’” Goldberg said. ‘It’s an area regulators are looking very, very closely at.’” He also noted dark pattern fines, especially with the CPPA could become substantially larger. He underscored due diligence in programs, referencing recent privacy enforcement setttlements and fines. “‘All these cases involve vendor solutions that did not work,’ Goldberg said. ‘In almost all of them, the company did have privacy compliance in place; it just wasn’t working.’” View Article
July 25 2025
