California Consumer Privacy Act

Ever since the enactment of the Illinois Biometric Information Privacy Act (BIPA), we have been watching the development of laws around the collection, use, disclosure and retention of biometric information. In general, BIPA and other biometric information privacy laws enacted since BIPA, require any company that is collecting biometric information, such as fingerprints, voice recognition,

The California Attorney General recently approved modified regulations under the California Consumer Privacy Act (CCPA). One part of the modified regulations bans “dark patterns” on a website. What are dark patterns? Public comments to the proposed regulations describe dark patterns as deliberate attempts to subvert or impair a consumer’s choice to opt-out on a website.

California Attorney General Xavier Becerra announced this week that the Office of Administrative Law approved additional California Consumer Privacy Act (CCPA) regulations, which became effective March 15, 2021.

The additional changes to the regulations primarily affect businesses that sell the personal information of California residents. The changes include a uniform Opt-Out Icon for the

A federal District Court in California recently dismissed a lawsuit against Walmart that arose from an alleged data breach. (Gardiner v. Walmart, Inc., 20-cv-04618-JSW (N.D. Cal., March 5, 2021). Among other things, the court determined that California’s Consumer Privacy Act (CCPA) does not apply retroactively, dismissing the CCPA claim because the plaintiff had not

This week, Consumer Reports published a Model State Privacy Act. The Consumer advocacy organization proposed model legislation “to ensure that companies are required to honor consumers’ privacy.” The model legislation is similar to the California Consumer Privacy Act, but seeks to protect consumer privacy rights “by default.”  Some additional provisions of the model law

Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman v. Marriott International, Inc. et al., Case No.: 8:20-cv-00654, was dismissed in an Order by U.S. District Court Judge David O. Carter on January 12, 2021.

The California Privacy Rights Act (CPRA) expands the definition of personal information as it currently exists in the California Consumer Privacy Act (CCPA). The CPRA adds “sensitive personal information” as a defined term, which means:

(l) personal information that reveals:

(A) a consumer’s social security, driver’s license, state identification card, or passport number;

(B) a

DataGrail recently released a mid-year report on trends related to the California Consumer Privacy Act (CCPA) and how it has affected consumers and businesses. The report indicates that consumers are regularly opting out of the sale of their personal information, with the “do not sell” right being the most exercised right, occurring 48 percent of

The California Consumer Privacy Act (CCPA), touted as the toughest privacy act in the country, went into effect on July 1, 2020. Although the enforcement regulations have been tweaked three times during the last year, this week California Attorney General Xavier Becerra (AG) issued the final set of rules that his office will use to