Florida has become the latest state to enact a comprehensive privacy law this year when SB 262 was signed by Governor DeSantis last week. It combines some new, and some familiar, provisions. It has also passed a child privacy law, similar to parts of California’s Age Appropriate Design Act, going into effect July 1, 2024.Continue Reading Another Governor Signs: Florida Privacy Law Will be Effective July 2024
The US has what appears to be a never-ending list of comprehensive privacy laws, but do they all apply to your organization? Not necessarily.Continue Reading The Comprehensive US Privacy Law Deluge: Which US Privacy Laws Apply to Your Company?
Montana now joins a growing list of states to have a comprehensive privacy law. The law was signed by the governor on May 19, 2023 and will go into effect October 1, 2024. This is before some Iowa (effective January 1, 2025) and Indiana (effective January 1, 2026), which pre-dated it in passage.Continue Reading Montana Governor Signs Big Sky’s Privacy Law
The Tennessee governor has signed Tennessee’s comprehensive privacy law, which as we have indicated will go into effect July 1, 2025. As initially proposed, the law would have been
Continue Reading Another Governor Signs: Tennessee Volunteers to Join the Privacy Patchwork
With January well in the rear view mirror, companies are setting their privacy compliance sights on the next two laws to come into effect on July 1, 2023: Colorado and Connecticut. Knowing, of course, that Utah (December 31, 2023) is not far behind. To say nothing of five more on the horizon, in order of effective date:Continue Reading Preparing for the US Comprehensive Privacy Law Deluge
The UK’s new Code of Practice for App Store Operators and App Developers provides companies with privacy-related resources. It also highlights ICO privacy expectations. Participating in the code is done by voluntarily complying with it (it is not mandatory). The UK Department for Digital, Culture, Media, and Sport, though, is not only working with leading companies to participate in the code, but also is looking at whether current laws should be expanded and/or if code participation should become mandatory. Continue Reading UK App Code Provides Privacy and Security Compliance Direction
Two states recently passed laws with specific data security requirements for entities that are gaming operators or licensees. These new regulations in Nevada and Massachusetts add to the already complex set of data security laws that exist at the federal and state level. In the US, companies may be subject to certain data security laws because of the type of information they collect or because of the industry they are in (financial, healthcare, insurance, telecommunications, etc.). The gaming industry is the latest to add to the mix.Continue Reading Gaming Operators Latest to See Specific Privacy & Cybersecurity Laws
Following its 2021 Dark Patterns enforcement policy, the FTC recently issued a staff report on the practice. The report summarized many of the cases the agency has brought against companies it alleges have engaged in “dark patterns” designed to “get consumers to part with their money or data.” These include using design elements that induce false beliefs, that delay important and material information, that lead to unauthorized charges, or that subvert or confuse privacy choices.Continue Reading FTC Renews Focus on Dark Patterns
Following, by a day, a privacy-related claim challenge brought against another advertiser, the National Advertising Division found that advertiser DuckDuckGo had sufficiently substantiated its privacy claims. These cases are significant reminders in two ways. First, that claims made about privacy and security can be viewed through an advertising lens and examined to see if they are properly substantiated. Second, that the NAD, the self-regulatory body that actively examines truth and accuracy of advertising, is looking at privacy claims. As those familiar with the NAD are aware, it refers those who do not cooperate to the FTC for priority action to examine if there have been violations of Section 5 of the FTC Act.Continue Reading NAD Examines Privacy Statements Made By DuckDuckGo in Online Ads
The National Advertising Division, a self-regulatory body that examines the truth and accuracy of advertising claims, recently examined privacy claims made by Brave, Inc. Using the same analysis given to other advertising claims, the NAD analyzed Brave’s statements about consumer privacy. It assessed both the implied as well as the express claims made by the company as well as the extent to which the substantiation Brave had for the claims supported those claims.Continue Reading NAD Brings False Advertising Claims Over Privacy Representations