ccpa

The California Privacy Protection Agency (“CPPA”) will host its next public meeting on Thursday, May 26, 2022 at 11AM PT. Members of the public may attend in person or virtually by following these instructions. CPPA Director Ashkan Soltani will provide an update on the CPPA’s hiring, budget, and rulemaking activities.  Importantly, subcommittees will provide

Dark patterns are top of mind for regulators on both sides of the Atlantic. In the United States, federal and state regulators are targeting dark patterns as part of both their privacy and traditional consumer protection remits. Meanwhile, the European Data Protection Board (EDPB) is conducting a consultation on proposed Guidelines (Guidelines) for assessing and avoiding dark pattern practices that violate the EU General Data Protection Directive (GDPR) in the context of social media platforms. In practice, the Guidelines are likely to have broader application to other types of digital platforms as well.
Continue Reading “Dark Patterns” Are Focus of Regulatory Scrutiny in the United States and Europe

On March 10, 2022, California Attorney General Rob Bonta (Attorney General) published the first official opinion interpreting the California Consumer Privacy Act (CCPA) and concluded that the CCPA’s right to know includes a business’ internally generated inferences about a consumer from either internal or external information sources.

Importantly, the opinion clarifies that inferences made from

As we covered at the end of last month, the California Attorney General is targeting loyalty programs in a recent enforcement sweep alleging noncompliance with the California Consumer Privacy Act (CCPA). CPW’s Kyle Dull, a Senior Associate in Squire Patton Boggs Data Privacy, Cybersecurity & Digital Assets Practice, was recently interviewed by Law360 concerning businesses’ data practices in the operation of their loyalty programs. You can check out the Law360 article and his comments here. From the article:
Continue Reading Loyalty Program CCPA Compliance: Kyle Dull Talks to Law360

On Friday, Feb. 18, California Assemblymember Evan Low (D) introduced two bills (AB 2871 and AB 2891) that propose to extend the CCPA’s HR and B2B data exemptions, one through Dec. 31, 2026 and the other indefinitely. These proposed amendments were introduced just 10 months prior to the main provisions of the California

Last week the Banning Surveillance Advertising Act was introduced in both the U.S. House (H.R.6416) and Senate (S.3520) by Congresswoman Anna G. Eshoo (D-CA), Congresswoman Jan Schakowsky (D-IL), and Senator Cory Booker (D-NJ).

The bill expressly prohibits advertising facilitators (e.g., publishers) from engaging in, or enabling an advertiser or third party

Happy Privacy Week! There are a lot of events and seminars to check out this week and one of the most robust is PrivacyOC’s three-day marathon of panels and discussions: www.privacyoc.net. CPW team members will be speaking on digital advertising and data management. Check it out.

Another good way to give attention to privacy

The California Privacy Protection Agency (CPPA) Board, created by the California Privacy Rights Act (CPRA), has been busy of late. As we recently reported, the CCPA has hired renowned privacy technologist Ashkan Soltani as its new Executive Director to lead the agency. Meanwhile, the agency’s committees have been hard at work. The Regulations Subcommittee has proposed its framework for its rulemaking process. Notably, the subcommittee recommends an immediate start to pre-rulemaking activities such as issuing an invitation for comments, the creation of additional subcommittees, and the identification of informational hearing topics. A pre-rulemaking process gives the agency flexibility to hear from stakeholders outside of the formal and constrained process that will begin once the regulatory process officially commences. The framework also notes that the notice of proposed rulemaking, initial statement of reasons (ISOR), and text of the regulations should be published in winter 2021-2022, with public hearings taking place thereafter. This suggests that stakeholders have a short window of opportunity to take advantage of the pre-regulatory educational period. It will be interesting to see if the agency conducts the kind of “listening tour” the Office of Attorney General (OAG) went on across the Golden State by means of town halls prior to its California Consumer Privacy Act (CCPA) rulemaking process, or elects to spend its time in more intimate and concerted explorations.
Continue Reading California Privacy Agency Moves Forward With Rulemaking Process

On July 19, the Office of the Attorney General of California (OAG) issued a press release summarizing its first year of CCPA enforcement. Seventy-five percent of companies receiving a notice to cure are said to have come into compliance within the 30-day cure period, with 25% reportedly still within that period or under ongoing investigation. The OAG also published summaries of 27 resolved exemplary cases. The OAG was careful to note that the summaries do not constitute advice and do not include all of the facts, however they do offer some insights. Disappointingly, however, the summaries often lack enough detail to allow readers to surmise the enforcement posture that was taken by the OAG, the exact nature of the alleged violations, or the specific actions taken by the company that satisfied the OAG’s inquiry.

Continue Reading California AG Offers Cryptic CCPA Enforcement Summaries, and Launches Complaint Tool

With the stroke of his pen on July 7, Governor Jared Polis (D) signed the Colorado Privacy Act (CPA or Act) into law, making the Centennial State the third U.S. state to pass comprehensive consumer privacy legislation.  The Act, passed by the legislature on June 8, is a combination of elements of California and Virginia