Data Privacy

Subscribe to Data Privacy

The California Privacy Protection Agency (CPPA) recently met to discuss automated decision-making technology, privacy risk assessments and cybersecurity audits under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). However, the CPPA also decided to step outside the anticipated agenda and discuss additional revisions to the existing regulations. Once

Data privacy and cybersecurity risks are critical components of M&A transactions due to the potential exposure for legal liability for non-compliance, as well as the financial and reputational harm and the material impact that lax or failed data privacy compliance and cybersecurity safeguards can have on an entity’s ability to conduct its operations.

Therefore, part

YouTube’s ad blocker detection technology is facing legal challenges from privacy advocates who claim it violates their privacy rights under the General Data Protection Regulation (GDPR). According to the complaint, YouTube violates users’ privacy by using JavaScript-based detection scripts to look for specific HTML page elements rendered by a user’s browser. YouTube began rolling out

Pixels, a piece of tracking software businesses use to assess the success of their advertising campaigns, are creating headaches for in-house counsel as decades-old laws are being revived by litigants. Unlike cookies, pixels cannot be easily blocked with privacy software. The potential consequences for improper use have increased due the Federal Trade Commission’s increasingly close

This week, California’s governor signed a first-in-the-nation law that will impose new regulations on data brokers, requiring such entities to delete personal data pursuant to consumer requests. Data brokers specialize in collecting personal data or data about companies, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties

We have published blog posts before on sharing genetic information and the risk associated with the disclosure of such sensitive information.

Unfortunately, our concerns have been realized. On Monday, October 9, 2023, 23andMe confirmed that its investigation into a data security incident involving customer profile information shared through its DNA Relatives feature “was compiled from

Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications

This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is

On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and issues up for discussion:

Auditing Requirements: If a business processes data that poses a “significant risk to consumers’ security”