Category: Privacy

January 10, 2024

As we begin the new year, many are wondering whether the growing list of US state privacy laws apply to them, and if so, what steps they should take to address them. For companies that gather information from consumers, especially […]

January 5, 2024

On December 29, 2023, the Colorado Attorney General (the “AG”) announced that the Global Privacy Control (“GPC”) will become the first universal opt-out mechanism (“UOOM”) the AG considers valid under the Colorado Privacy Act (the “CPA”). Effective July 1, 2024, […]

January 2, 2024

The Federal Trade Commission (“FTC”) on December 20, 2023[1] proposed a set of revisions to its rules implementing the Children’s Online Privacy Protection Act (“COPPA Rule”).[2] The COPPA Rule, which became effective in 2000, and was amended in 2013, serves […]

December 29, 2023

BankInfoSecurity.com reported “Google reached a preliminary settlement in a class action lawsuit that alleged the tech giant had misled consumers about their privacy protections when using the private browsing Incognito mode of its Chrome web browser.” The December 28, 2023 […]

December 28, 2023

Looking back sometimes means looking forward. That is absolutely the case for new comprehensive data privacy statutes enacted in a number of U.S. states during 2023, including Indiana, Tennessee, Montana, Florida, Texas and Oregon. While these states have now codified […]

December 28, 2023

As laid out in our earlier blogpost, part of Ropes & Gray’s Data, Privacy & Cybersecurity Group’s “12 Days of Data” series, one thing to look out for in 2024 is an update from the Federal Trade Commission (FTC) on […]

December 27, 2023

Looking back on 2023, the trend of privacy-based class actions has only increased, and it doesn’t seem poised to halt or even slow down in the new year. Businesses are feeling acutely the threat of future litigation. At the end […]

December 26, 2023

In a jurisdictional win for online servicers and web-based platforms, the Ninth Circuit affirmed the dismissal of a putative class action alleging that Shopify violated California privacy and unfair competition laws by deliberately concealing its involvement in online transactions. Briskin […]

December 22, 2023

The General Data Protection Regulation (GDPR) has brought significant changes to how companies handle personal data—and cookies are easily one of the largest sources of personal information for businesses. Find out all about the essentials of the GDPR and cookies, […]

December 15, 2023

On December 8, 2023, the California Privacy Protection Agency (CPPA) moved forward with an insurance regulation that could expand the privacy compliance obligations of insurance companies. The California Privacy Rights Act (CPRA) required the CPPA to undertake a rulemaking to […]

December 14, 2023

On December 12, 2023, the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP (“CIPL”) released a white paper on Privacy-Enhancing and Privacy-Preserving Technologies: Understanding the Role of PETs and PPTs in the Digital Age. The paper explores how […]

December 8, 2023

For the second day of data, we are taking a look around the world. The most significant new international data protection law of 2023 is probably India’s long-awaited comprehensive data protection law, the Digital Personal Data Protection Act, 2023 (the […]

December 7, 2023

On Friday, December 8, 2024, the California Privacy Protection Agency (Agency) will meet to discuss important items, including drafting proposed regulations for employers. While the Agency has not yet commenced the formal rulemaking process on many of the regulations, the […]

December 6, 2023

The California Privacy Protection Agency (“CPPA”) issued and discussed draft regulations on Cybersecurity Audits and Risk Assessments late in the summer. The CPPA Board plans to discuss the draft regulations at its upcoming December 8th public meeting, along with a […]

December 1, 2023

The rise of AI technology has prompted regulatory agencies to take action and protect consumers’ rights, as evidenced by the recent efforts of the Federal Trade Commission (FTC) and the California Privacy Protection Agency (CPPA). On November 16, 2023, the […]

November 27, 2023

On November 27, 2023, the California Privacy Protection Agency (Agency) published draft automated decisionmaking technology regulations as well as revised draft risk assessment regulations. The draft regulations were released in connection with the Agency’s December 8 board meeting. Importantly, the […]

November 13, 2023

The Delaware Personal Data Privacy Act (DPDPA) takes effect January 1, 2025. Delaware generally followed the Connecticut model, but has some unique terms. We provide a non-exhaustive list of some of Delaware’s requirements here. A lower threshold for application; no […]

November 9, 2023

On Oct. 30, in honor of National Cybersecurity Awareness Month, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released a video regarding how the HIPAA Security Rule can help protect healthcare entities against cyberattacks. […]

November 7, 2023

The Situation: California has enacted a groundbreaking new privacy law aimed at data brokers—entities that sell information about consumers with whom they do not have a direct relationship. Under the Delete Act (SB 362), data brokers must allow California consumers […]

November 6, 2023

The NDPR was issued by the National Information Technology Development Agency (NITDA) on 25 January 2019. The NDPR provides a comprehensive set of rules governing data protection in Nigeria, many of which are GDPR-compatible. In November 2020, NITDA issued the […]