The California Privacy Protection Agency (CPPA) Board recently met and unanimously voted to finalize the proposed final CPRA regulations. This approved version was first released in January and updated those released in November 2022. Along with the proposed final CPRA regulations, the CPPA published a draft final statement of reasons and appendices containing responses to the comments received during the public comment periods.
Virginia edges closer to its privacy law January 2023 implementation. A new working group report gives some insight on implementation focus. The working group is tasked with giving advice on implementing the Virginia Consumer Data Protection Act. It held a series of meetings with companies and other stakeholders throughout the year. This current report summarizes “points of emphasis” from those meetings. Those included that law be interpreted strictly. For example, sunseting companies “right to cure” after two years. Another point raised was whether to let the attorney general seek actual damages based on harm.
Continue Reading Virginia Privacy Law Continues to Progress Towards 2023 Implementation
Google Play’s “data safety form” is now live. Developers can now submit the form for early review and feedback. Starting in April 2022, Google will require this label and a privacy policy for all new and existing apps. This is similar to Apple. Before, only apps that collected personal and sensitive user data needed to share a privacy policy in Google’s store.
Continue Reading Google’s Privacy “Data Safety” Form Is Now Available
New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery service, in turn, must tell consumers about the potential sharing “in a conspicuous manner” on its website and give people the ability to opt-out of such sharing. That notice needs to indicate that the person’s information will be shared with the restaurant, and needs to identify the restaurant.
Continue Reading Impact of NYC’s New Delivery Service Data Sharing Requirement
The California attorney general has created a tool for consumers to report situations where companies sell information but do not have an opt-out of sale link on their website. The release of the tool came at the same time as the AG’s update on its CCPA enforcement actions. In that update, the AG highlighted one of the most common problems it had found: not having appropriate disclosures around “sales.”
Continue Reading AG Implements Tool to Allow Consumer Reporting of Alleged DNS Violations
Google recently announced that beginning next year it will require Android mobile apps to provide privacy disclosures. These disclosures will live in a new “safety section” in Google Play. The requirements include disclosing:
On March 15, 2021, the California Office of Administrative Law (“OAL”) approved additional regulations to the CCPA. These regulations were originally proposed at the end of 2020 (which we covered here). The changes are effective immediately. The modifications largely focus on (1) changes impacting those companies that “sell” information, and (2) the verification process for rights requests made by authorized agents.
Continue Reading Changes to CCPA Regulations are Approved and in Effect
The new acting FTC chair, Rebecca Kelly Slaughter, recently signaled that the FTC may increase enforcement and penalties in the privacy and data security realm. Slaughter pointed to several areas of focus for the FTC this year, which companies will want to keep in mind:
Continue Reading What Is FTC’s Course Under Biden?
Virginia is now the second state, after California, to pass a comprehensive privacy law. The Consumer Data Protection Act (“CDPA”) will come into effect January 1, 2023 (the same time as the modification to California’s Consumer Privacy Act (“CCPA”), namely the California Privacy Rights Act). Although this new Virginia law has been compared by many to California’s current CCPA and the EU’s GDPR, there are some differences. Businesses will find most of the differences a relief, although the law does introduce a few new concepts.
Continue Reading Virginia is for…Privacy: Comprehensive Law Passed, Effective January 2023
The Federal Trade Commission recently entered the biometric fray. It settled with a now-defunct photo-storage app over its use of facial recognition technology. According to the FTC, the company engaged in a variety of deceptive and unfair acts, in violation of Section 5 of the FTC Act.
Continue Reading Defunct Photo App Agrees to Erase Biometric Data in FTC Settlement
As it closed out 2020, the Federal Trade Commission (FTC) sent out requests to nine social media and video streaming companies asking them to provide more information about how they treat consumer information. The FTC indicated that it wanted to learn more about the companies’ activities in order to inform the FTC’s approach to privacy and data security. The FTC, in particular, is focused on how the privacy practices of these entities affect children and teenagers. The FTC exercised its authority under a provision of the law that allows it to gather information generally from a particular company or industry (without bringing a specific action against the company or industry). One FTC commissioner did dissent, arguing that the request the FTC made of these companies was too broad.
Continue Reading FTC Focuses on Privacy Practices of Social Media and Video Streaming Companies