- Published Articles
- In the Press
- Press Releases
Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 2nd, 2022
Privacy News for Q2 2022
Privacy News for Q2 2022
Upcoming Event: Platform Advertising in a Shifting Multi-Jurisdiction Legal Environment. Join Frankfurt Kurnit Privacy & Data Security Group Chair Daniel M. Goldberg and privacy lawyers from ByteDance, LinkedIn, and Nextdoor during the virtual IAB Public Policy and Legal Summit on June 8th. The panel will discuss compliance for platform advertising in light of shifting multi-jurisdiction privacy requirements in the US and abroad. Topics include the use of first-party data for on-platform advertising, new challenges for “combining” data for measurement and optimization purposes, and new consumer choices around targeted advertising and the use of sensitive data categories. Registration is free. If you would like to attend, please register here.
Chambers USA Guide 2022
Chambers and Partners ranks our Privacy and Data Security practice as "Band 1" Nationwide. Practice Group Chair Daniel is ranked individually as "Band 4" for his broad-based privacy expertise. Read the full review here.
Here is a summary of privacy news and trends we have seen in the first half of 2022:
California’s new privacy regulatory agency, the California Privacy Protection Agency (“CCPA”), has been actively engaged in the draft rulemaking process with respect to the California Privacy Rights Act (“CPRA”). Last Friday, the CPPA released an initial draft of its proposed regulations to CPRA. This draft is only the first part of the proposed regulations, and a second part (not yet released) will cover obligations relating to cybersecurity audits, privacy risk assessments, and automated decision making. The CPPA will hold a public meeting on June 8th to discuss the proposed regulations and other topics, after which there will be a 45 day window for the public to submit comments. CPRA, and any accompanying regulations, take effect January 1, 2023. If you are interested in submitting public comments, please contact us.
Our initial analysis of the proposed regulations is available here.
New State Privacy Laws
Utah: Utah’s new privacy law takes effect December 1, 2023. The law shares much in common with Virginia’s privacy law, but is considered more business friendly. The law notably departs from the general standard followed by other states by implementing a two-step enforcement process and permitting companies to charge differing rates to consumers based on their privacy preferences. Data subject rights are also more limited; consumers will not have the right to correct inaccuracies in their data or opt-out of profiling. Read more.
Connecticut: Connecticut’s new privacy law takes effect July 1, 2023. The law shares much in common with Colorado’s privacy law. The law requires opt-in consent for the processing of sensitive and adolescent data and, similar to Colorado, explicitly requires companies to honor opt-out preference signals for certain types of data processing. We expect preference signals to be a hot topic moving forward. Read more.
In a new policy statement, the FTC made clear that companies that provide educational software and online services to students must comply with the Children’s Online Privacy Protection Act (“COPPA”). Under COPPA, companies cannot deny children access to educational technologies when their parents or school refuse to sign up for commercial surveillance. The FTC policy statement notes that data collection has become more extensive and ad targeting more sophisticated, while education technology has become more prominent in the COVID era. That combination could make children vulnerable to data privacy violations if ed tech companies try to skirt COPPA. Read more.
The collection and processing of biometric information has continued to be a hot topic in 2022. Many states and municipalities, including Illinois, Texas, Washington, and New York City, have laws expressly limiting the processing biometric information, Some jurisdictions, like Portland, outright ban the processing of biometric information.
New comprehensive state privacy laws that take effect in 2023 will have a dramatic impact on the processing of biometric information. CPRA defines biometric information as “sensitive personal information” and will require companies to give consumers the right to opt-out of the use or disclosure of their sensitive personal information. Virginia and other comprehensive state privacy laws will require companies to obtain opt-in consent before processing sensitive data (which includes biometric information).
It appears that the risks associated with biometric information may spur future legislation as well. During public hearings for Connecticut’s new privacy law, lawmakers highlighted the collection of biometric information as a particular concern prompting the need for the law. In California, SB 1189, a bill recently filed by Senator Wieckowski, would also impose requirements similar to Illinois’s privacy law.
We will continue to track these and other changes to the privacy landscape and update as we learn more.
Please visit Advertising Law Updates for additional blogs and alerts, and contact Daniel M. Goldberg at (310) 579-9616 or email@example.com, Maria Nava at (310) 579-9626 or firstname.lastname@example.org or any other member of the firm’s Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023