The California Privacy Protection Agency (CPPA) recently met to discuss automated decision-making technology, privacy risk assessments and cybersecurity audits under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). However, the CPPA also decided to step outside the anticipated agenda and discuss additional revisions to the existing regulations. Once
Data Privacy
State Consumer Privacy Laws in M&A Deals: What to Know
Data privacy and cybersecurity risks are critical components of M&A transactions due to the potential exposure for legal liability for non-compliance, as well as the financial and reputational harm and the material impact that lax or failed data privacy compliance and cybersecurity safeguards can have on an entity’s ability to conduct its operations.
Therefore, part…
YouTube’s Adblocker Avoidance Tech May Violate the GDPR
YouTube’s ad blocker detection technology is facing legal challenges from privacy advocates who claim it violates their privacy rights under the General Data Protection Regulation (GDPR). According to the complaint, YouTube violates users’ privacy by using JavaScript-based detection scripts to look for specific HTML page elements rendered by a user’s browser. YouTube began rolling out…
Pixel Litigation Drives Transparency in Privacy Policies
Pixels, a piece of tracking software businesses use to assess the success of their advertising campaigns, are creating headaches for in-house counsel as decades-old laws are being revived by litigants. Unlike cookies, pixels cannot be easily blocked with privacy software. The potential consequences for improper use have increased due the Federal Trade Commission’s increasingly close…
Controversial ‘Keyword Search’ Warrant Leads to Arrests in Murder Case
This week, the Colorado Supreme Court upheld a criminal conviction which relied in part on evidence obtained pursuant to a warrant for Google search data. People v. Seymour, 2023 CO 53 (Oct. 16, 2023) (available at http://www.courts.state.co.us).
In investigating the cause of a 2020 apparent arson fire at a Denver residence which resulted…
New California Law Imposes Regulations on Data Brokers
This week, California’s governor signed a first-in-the-nation law that will impose new regulations on data brokers, requiring such entities to delete personal data pursuant to consumer requests. Data brokers specialize in collecting personal data or data about companies, mostly from public records but sometimes sourced privately, and selling or licensing such information to third parties…
23andMe Confirms Threat Actors Accessed Accounts Without Authorization
We have published blog posts before on sharing genetic information and the risk associated with the disclosure of such sensitive information.
Unfortunately, our concerns have been realized. On Monday, October 9, 2023, 23andMe confirmed that its investigation into a data security incident involving customer profile information shared through its DNA Relatives feature “was compiled from…
Google Workspace’s Privacy Policy Is Changing. Are You Ready?
Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications…
Delaware Consumer Privacy Law Effective in 2025
This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is…
AI and Audits: Proposed CCPA Regulations Up for Discussion
On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and issues up for discussion:
Auditing Requirements: If a business processes data that poses a “significant risk to consumers’ security”…