Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
June 2nd, 2022
Privacy News for Q2 2022
Privacy News for Q2 2022
Upcoming Event: Platform Advertising in a Shifting Multi-Jurisdiction Legal Environment. Join Frankfurt Kurnit Privacy & Data Security Group Chair Daniel M. Goldberg and privacy lawyers from ByteDance, LinkedIn, and Nextdoor during the virtual IAB Public Policy and Legal Summit on June 8th. The panel will discuss compliance for platform advertising in light of shifting multi-jurisdiction privacy requirements in the US and abroad. Topics include the use of first-party data for on-platform advertising, new challenges for “combining” data for measurement and optimization purposes, and new consumer choices around targeted advertising and the use of sensitive data categories. Registration is free. If you would like to attend, please register here.
Chambers USA Guide 2022
Chambers and Partners ranks our Privacy and Data Security practice as "Band 1" Nationwide. Practice Group Chair Daniel is ranked individually as "Band 4" for his broad-based privacy expertise. Read the full review here.
Here is a summary of privacy news and trends we have seen in the first half of 2022:
California
California’s new privacy regulatory agency, the California Privacy Protection Agency (“CCPA”), has been actively engaged in the draft rulemaking process with respect to the California Privacy Rights Act (“CPRA”). Last Friday, the CPPA released an initial draft of its proposed regulations to CPRA. This draft is only the first part of the proposed regulations, and a second part (not yet released) will cover obligations relating to cybersecurity audits, privacy risk assessments, and automated decision making. The CPPA will hold a public meeting on June 8th to discuss the proposed regulations and other topics, after which there will be a 45 day window for the public to submit comments. CPRA, and any accompanying regulations, take effect January 1, 2023. If you are interested in submitting public comments, please contact us.
Our initial analysis of the proposed regulations is available here.
New State Privacy Laws
Utah: Utah’s new privacy law takes effect December 1, 2023. The law shares much in common with Virginia’s privacy law, but is considered more business friendly. The law notably departs from the general standard followed by other states by implementing a two-step enforcement process and permitting companies to charge differing rates to consumers based on their privacy preferences. Data subject rights are also more limited; consumers will not have the right to correct inaccuracies in their data or opt-out of profiling. Read more.
Connecticut: Connecticut’s new privacy law takes effect July 1, 2023. The law shares much in common with Colorado’s privacy law. The law requires opt-in consent for the processing of sensitive and adolescent data and, similar to Colorado, explicitly requires companies to honor opt-out preference signals for certain types of data processing. We expect preference signals to be a hot topic moving forward. Read more.
Children
In a new policy statement, the FTC made clear that companies that provide educational software and online services to students must comply with the Children’s Online Privacy Protection Act (“COPPA”). Under COPPA, companies cannot deny children access to educational technologies when their parents or school refuse to sign up for commercial surveillance. The FTC policy statement notes that data collection has become more extensive and ad targeting more sophisticated, while education technology has become more prominent in the COVID era. That combination could make children vulnerable to data privacy violations if ed tech companies try to skirt COPPA. Read more.
Biometric Information
The collection and processing of biometric information has continued to be a hot topic in 2022. Many states and municipalities, including Illinois, Texas, Washington, and New York City, have laws expressly limiting the processing biometric information, Some jurisdictions, like Portland, outright ban the processing of biometric information.
New comprehensive state privacy laws that take effect in 2023 will have a dramatic impact on the processing of biometric information. CPRA defines biometric information as “sensitive personal information” and will require companies to give consumers the right to opt-out of the use or disclosure of their sensitive personal information. Virginia and other comprehensive state privacy laws will require companies to obtain opt-in consent before processing sensitive data (which includes biometric information).
It appears that the risks associated with biometric information may spur future legislation as well. During public hearings for Connecticut’s new privacy law, lawmakers highlighted the collection of biometric information as a particular concern prompting the need for the law. In California, SB 1189, a bill recently filed by Senator Wieckowski, would also impose requirements similar to Illinois’s privacy law.
We will continue to track these and other changes to the privacy landscape and update as we learn more.
Please visit Advertising Law Updates for additional blogs and alerts, and contact Daniel M. Goldberg at (310) 579-9616 or dgoldberg@fkks.com, Maria Nava at (310) 579-9626 or mnava@fkks.com, Elliott Siebers at (212) 705-4821 or esiebers@fkks.com or any other member of the firm’s Privacy & Data Security Group.
Other Privacy & Data Security Law Alerts
Does Your Loyalty Program Violate the CCPA?
California Attorney General Rob Bonta tweeted and released a statement that his office has sent warning letters to businesses in a variety of industries for alleged failure to comply with CCPA. Read more.
February 3 2022
iOS 15 Brings New Privacy Controls That Will Impact Advertising Initiatives
After months in beta, Apple is releasing iOS 15 to the public. Building upon the Privacy Nutrition Labels and App Tracking Transparency (ATT) framework introduced in iOS 14.5, iOS 15 introduces new privacy controls that will impact brand marketing initiatives and the ad tech ecosystem. Although these controls are not an iOS 14.5-caliber seismic event, they are yet another example of how platform providers have become de facto regulators of privacy. Read more.
September 20 2021
New York City Restricts Collection of Biometric Identifiers
Major US municipalities are lining up to regulate business use of technologies to collect biometric identifiers and information. For example, Portland, Oregon, banned the use of face recognition technologies earlier this year. Now, New York City businesses must comply with a new law too: Effective July 9, 2021, any commercial establishment in New York City that collects, retains, converts, stores or shares biometric identifier information of customers must disclose such activity using clear and conspicuous signage near all customer entrances. Read more.
July 7 2021