A California judge recently entered a temporary injunction delaying the California Age-Appropriate Design Code Act. The trade association, NetChoice, requested the injunction.
Continue Reading California Judge Enjoins California Age-Appropriate Design Code Act
The CPPA, the California regulatory body charged with enforcing CCPA, has now issued draft regulations on risk assessments and cybersecurity audits. The draft was released ahead of a public board meeting to discuss those topics (among other things).
The enforcement division of the California Privacy Protection Agency (CPPA) recently announced it intends to review the privacy practices of connected vehicles. The driving force behind the review is the technologies in connected cars that raise privacy concerns. These include location sharing and smartphone integration. Connected cars often also have cameras and web-based entertainment systems. These cars—and the technologies in them—may monitor people both in the car and outside of it. For many Californians, the car is part of their daily routines. Connected vehicles can effectively becoming a constant data generator.
Continue Reading California Regulator Drives Inquiry into Vehicle Data
A California court recently issued a ruling delaying the CPPA’s ability to enforce the most recent CCPA regulations until March 29, 2024. This does not delay enforcement of the CCPA statute or existing regulations.
Continue Reading Impact of the Last Minute CCPA-Enforcement Delay
When thinking about privacy notice obligations, companies often -incorrectly- leap to the wording in their privacy policies. The new comprehensive state privacy laws are a reminder that notice obligations are a bit broader than mere privacy policies. To the extent that these laws apply to your organization (see our prior applicability post) there are some notice-related obligations to keep in mind.
Continue Reading The Comprehensive Privacy Law Deluge: Approaching Notice Obligations
Of the many worries on privacy compliance teams’ lists as we face the onslaught of state “general” privacy laws are the impacts they have on vendor contracts. Fortunately for those who have already had to deal with contracts with vendors (service providers, processors) in California or EU’s GDPR, the impact should be fairly minimal.
Continue Reading The Comprehensive Privacy Law Deluge: Updating Vendor Contracts
With a little less than a week before the next US state “comprehensive” privacy laws (Colorado and Connecticut) go into effect, many are reviewing existing practices. One that keeps coming up is the concept of “profiling.” As a reminder, we now have 11 states with comprehensive privacy laws: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Tennessee, Texas, Utah, and Virginia.
Continue Reading The Comprehensive Privacy Law Deluge: What to Do About “Profiling”
The California Privacy Protection Agency (CPPA) Board recently met and unanimously voted to finalize the proposed final CPRA regulations. This approved version was first released in January and updated those released in November 2022. Along with the proposed final CPRA regulations, the CPPA published a draft final statement of reasons and appendices containing responses to the comments received during the public comment periods.
The California AG announced an investigative sweep of mobile apps, as we reported in our sister blog. The investigative focus is on companies in the retail, travel and food service industries who may not be complying with the California Consumer Privacy Act (CCPA). As we have written previously, the California law requires entities to provide individuals with a myriad of rights, including as it relates to “sale” of personal information.
Continue Reading Mobile Apps Beware!: California AG’s Current Privacy Sweep
On Friday, February 3, the CPPA is scheduled to meet about current and forthcoming CPRA regulations. The Board had previously signaled that it expected to finalize the draft regulations in late January or early February 2023. The agenda confirms that the CPRA regulations will be discussed, including “possible adoption” or “modification” of the text.
As many are aware, the CPRA regulations are currently in draft status and may continue in that state until April, despite the law’s January 1 effective date. This could result in regulations being in final form after the July 1 date that the California Privacy Protection Agency (CPPPA) has signaled that it will begin enforcement. Last week, during a Dec. 16 CPPA board meeting, the agency’s executive director indicated that the final rules will likely be released at the end of January. Although there will then be a comment period, the director indicated that the agency does not currently anticipate making further revisions to the draft regulations.