Photo of Alan Friel

Alan Friel

On November 3, 2022, the CCPA officially released the CPRA Modified Regulations (Modified Regs) for the expected 15-day comment period. The public comment period will end on November 21, 2022, and interested parties may submit written comments about the Modified Regs until 8AM Pacific Time on that date. This update came following a two-day meeting

At a two-day meeting that took place on October 28th and 29th, the CPPA considered the CPRA Modified Regulations (Modified Regs) that were published on October 17th of this year. We analyze the initial proposed CPRA regulations here.

On the proposed changes of the Modified Regs, the CPPA Board (the Board) considered clarifying amendments while maintaining the initial intent of the (i.e., no further substantive changes). There are three amendments of particular importance that were discussed:
Continue Reading The California Privacy Protection Agency (CPPA) Decides on a Roadmap for Revised California Privacy Rights Act (CPRA) Regulations

Continuing the recent trend of holding company executives personally liable for a company’s alleged violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), the Federal Trade Commission (FTC) announced a complaint and consent agreement with Drizly, LLC (“Drizly”), an alcohol delivery app, and Chief Executive Officer James Cory Rellas over the failure

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

The California Privacy Protection Agency sent a Notice of Cancellation of Regular Meeting canceling its upcoming public meeting where it was scheduled to discuss (and possibly take action on) the Modified Text of Proposed Regulations (“Modified Regs”). The Modified Regs are now scheduled to be considered during the October 28-29, 2022 public meeting,

On October 17, 2022, the California Privacy Protection Agency (“CPPA” or “Agency”) published Modified Text of Proposed Regulations (“Modified Regs”) and Explanation of Modified Text of Proposed Regulations (“Explanation of Modified Regs”). The CPPA review of the Modified Regs has been postponed and is now scheduled to be considered during the October 28-29, 2022 public meeting.

Recall that earlier this year, on May 27, 2022, the CPPA published the first draft of the proposed CPRA Regs and initial statement of reasons. The Agency commenced the formal rulemaking process to adopt the Regs on July 8, 2022, and the 45-day public comment period closed on August 23, 2022. The comments submitted in response to the first draft of the Regs are available here.
Continue Reading Revised Proposed CPRA Regs To Be Considered At October 28, 2022 Meeting

Background

On October 7, 2022, US President Joe Biden signed the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the Executive Order), introducing new safeguards to protect the personal data shared between the EU and the US.

The Executive Order is the first tangible step towards a new transatlantic framework for personal data transfers, following the March 25, 2022, joint announcement by the European Commission president, Ursula von der Leyen, and US President Biden that they had reached an agreement in principle on a successor to the Privacy Shield.

While details of the actual content leaked over time, here is a summary of what the Executive Order is providing, but, more importantly, what the signature of the order means, not only for those who will be able to certify to the revised Privacy Shield, but also for all others.
Continue Reading We Have an EO, but Not (Yet) a New Transfer Mechanism

This week, the Supreme Court decided to take up a pair of cases concerning complex issues regarding the previously broad immunity that has been awarded to media and tech companies under Section 230 of the Communications Decency Act. These are a must-watch going forward, as the statute historically facilitated freedom of speech and innovation on the internet.

Continue Reading Supreme Court to Hear Pair of Cases Concerning Immunity Under Section 230 of the Communications Decency Act

On September 30, 2022, the Colorado Attorney General’s Office (“Colorado AG”) issued its proposed draft Colorado Privacy Act (“CPA”) Rules (the “CPA Rules” or “Rules”). The draft Rules, which add significant complexity and obligations on businesses, go far beyond what was expected of the Colorado AG and, despite the repeated insistence for interoperability with other

We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations