CPRA

Dark patterns are top of mind for regulators on both sides of the Atlantic. In the United States, federal and state regulators are targeting dark patterns as part of both their privacy and traditional consumer protection remits. Meanwhile, the European Data Protection Board (EDPB) is conducting a consultation on proposed Guidelines (Guidelines) for assessing and avoiding dark pattern practices that violate the EU General Data Protection Directive (GDPR) in the context of social media platforms. In practice, the Guidelines are likely to have broader application to other types of digital platforms as well.
Continue Reading “Dark Patterns” Are Focus of Regulatory Scrutiny in the United States and Europe

On March 10, 2022, California Attorney General Rob Bonta (Attorney General) published the first official opinion interpreting the California Consumer Privacy Act (CCPA) and concluded that the CCPA’s right to know includes a business’ internally generated inferences about a consumer from either internal or external information sources.

Importantly, the opinion clarifies that inferences made from

On Friday, Feb. 18, California Assemblymember Evan Low (D) introduced two bills (AB 2871 and AB 2891) that propose to extend the CCPA’s HR and B2B data exemptions, one through Dec. 31, 2026 and the other indefinitely. These proposed amendments were introduced just 10 months prior to the main provisions of the California

Last week the Banning Surveillance Advertising Act was introduced in both the U.S. House (H.R.6416) and Senate (S.3520) by Congresswoman Anna G. Eshoo (D-CA), Congresswoman Jan Schakowsky (D-IL), and Senator Cory Booker (D-NJ).

The bill expressly prohibits advertising facilitators (e.g., publishers) from engaging in, or enabling an advertiser or third party

Happy Privacy Week! There are a lot of events and seminars to check out this week and one of the most robust is PrivacyOC’s three-day marathon of panels and discussions: www.privacyoc.net. CPW team members will be speaking on digital advertising and data management. Check it out.

Another good way to give attention to privacy

Updates: California Privacy Rights Act (“CPRA”)

Last month, we reported on the California Privacy Protection Agency’s (“CPPA”) engagement of an Executive Director and its proposal for a rulemaking framework. The CPPA’s efforts are assisted by provisions of Assembly Bill 694 (“AB 694”), which California Governor Gavin Newsom signed last month. AB694 includes changes to California’s consumer privacy law and clarifies the CPPA’s rulemaking process. You can find the changes here.
Continue Reading CPRA Amended and Updates Regarding the CDPA

The California Privacy Protection Agency (CPPA) Board, created by the California Privacy Rights Act (CPRA), has been busy of late. As we recently reported, the CCPA has hired renowned privacy technologist Ashkan Soltani as its new Executive Director to lead the agency. Meanwhile, the agency’s committees have been hard at work. The Regulations Subcommittee has proposed its framework for its rulemaking process. Notably, the subcommittee recommends an immediate start to pre-rulemaking activities such as issuing an invitation for comments, the creation of additional subcommittees, and the identification of informational hearing topics. A pre-rulemaking process gives the agency flexibility to hear from stakeholders outside of the formal and constrained process that will begin once the regulatory process officially commences. The framework also notes that the notice of proposed rulemaking, initial statement of reasons (ISOR), and text of the regulations should be published in winter 2021-2022, with public hearings taking place thereafter. This suggests that stakeholders have a short window of opportunity to take advantage of the pre-regulatory educational period. It will be interesting to see if the agency conducts the kind of “listening tour” the Office of Attorney General (OAG) went on across the Golden State by means of town halls prior to its California Consumer Privacy Act (CCPA) rulemaking process, or elects to spend its time in more intimate and concerted explorations.
Continue Reading California Privacy Agency Moves Forward With Rulemaking Process

A little noticed provision of new consumer privacy laws in California and Virginia, effective January 2023, is the need for detailed data retention schedules and defensible destruction programs. Partner Alan Friel and Counsel Kyle Fath joined data management professionals on a recent panel at the International Association of Privacy Processional’s annual summit to explain these new requirements and how to prepare for them.  You can watch the recording for free here: Trim Costs, Reduce Risks and Improve Compliance: Data Retention the Right Way

Keep reading for tips on how to develop and implement a data retention program by Kyle Fath and Exterro’s Rebecca Perry.
Continue Reading Robust Data Retention Programs Required By New Laws

On Monday, May 4, 2020, Californians for Consumer Privacy – the organization behind the ballot initiative that was the genesis of the California Consumer Privacy Act of 2018 (CCPA) – announced that it is submitting signatures to qualify the California Privacy Rights Act (CPRA) for the November 2020 ballot. According to the announcement, “well over 900,000 signatures” will be submitted in counties across the state over the next several days.
Continue Reading CPRA Proponents Submit Over 900,000 Signatures for Ballot Initiative