Consumer Privacy

Subscribe to Consumer Privacy via RSS

Right of erasure (or “right to be forgotten”) has been selected by the European Data Protection Board as its priority enforcement topic for 2025. This work is being done under the “Coordinated Enforcement Framework” or “CEF.” The EDPB created the CEF in 2022 as a way to streamline and coordinate enforcement across EU data protection authorities. Past topics have included the right of access, and the role of data protection officers in organizations.Continue Reading Forget It!: EDPB Announces Focus on Right to Erasure in 2025

Are you ready for the next set of US state privacy laws going into effect? Delaware, Iowa, Nebraska, and New Hampshire are effective January 1, and New Jersey’s law go into effect two weeks later (January 15).Continue Reading Coming to a State Near You: 5 State Privacy Laws Take Effect in January 2025

The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft.Continue Reading How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts

The EDPB released guidance last month to help companies understand their obligations when using newer tracking tools. These include pixels, URL tracking, IP-tracking, and the like. First, some background: an EU law that predates GDPR (Directive 2002/58/EC or the Cookie Directive), impacted how companies could interact with users on their computers. That directive was updated in 2009 (Directive 2009/136/EC or the ePrivacy Directive). Under the ePrivacy Directive, among other things, companies cannot “store” or “access” someone’s “terminal equipment” without consent. (There are some exceptions to the consent requirement.) In this recent guidance, the EDPB provided direction on when and whether passive tracking technologies were storing or accessing information on a users’ computer (or other device) such that the ePrivacy Directive requirements would apply.Continue Reading EDPB Provides Insight for Use of Tracking Tools

2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join Texas, Oregon and Florida as the fourth effective privacy law of 2024. This brings to total to nine state privacy laws in effect (with California, Colorado, Connecticut, Utah, and Virginia). Check out our tracker for the status of the remaining -signed- state laws, along with a comparison between their key provisions.Continue Reading October 1st Reminder – Big Sky Privacy Law Goes into Effect

Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into effect on July 31, 2025, thirty days after Tennessee’s.Continue Reading The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray

Tennessee recently amended its 1984 right of publicity statute with passage of the ELVIS Act. The existing law already protected individuals’ rights in their image and likeness. As amended, the statute will specifically call out voice as another protected element. It will become the first right of publicity statute to address copying someone’s likeness or voice with AI technologies in two ways.Continue Reading Tennessee’s ELVIS Act Incorporates AI Considerations into Right of Publicity Protections

Maryland’s new comprehensive data privacy law, the Maryland Online Data Privacy Act, was recently signed into law by Governor Moore. This brings the total number of state “comprehensive” privacy laws to 18, five of which have been passed in 2024. Maryland’s law will take effect in 2025 along with several others. Maryland’s effective date is October 1, 2025 (after Tennessee (July 1, 2025) and before Indiana and Kentucky (January 1, 2026)). For a full list of effective dates, as well as other details of these state privacy laws, visit our resource page.Continue Reading Maryland, the Old Line State, Creates New Lines with Consumer Privacy Law

The Utah legislature has been busy, with another law effective May 1. This one is “privacy adjacent” but worth keeping in mind. The law, the Artificial Intelligence Policy Act, was signed into law in March. Among other things, it will require companies to respond “clearly and conspicuously” to an individual who asks if they are interacting with artificial intelligence and the communications are made in connection with laws regulated by the Utah department of commerce. (This includes the Utah Privacy Act, the state’s sales practices law, its telephone solicitation laws, and many others.)Continue Reading Utah’s New AI Disclosure Requirements Effective May 1

Nebraska’s governor has now signed into law the state’s “comprehensive” privacy law making it the fourth one this year, and the 17th overall. It will take effect on January 1, 2025 – the same day as Delaware, Iowa, and New Hampshire. (For a round-up of all of the recent state privacy laws visit our new online resource.)Continue Reading Nebraska Fourth State to Enact Privacy Law in 2024