California Consumer Privacy Act

With the signature of Governor Jared Polis last week on the Colorado Privacy Act, Colorado became the third state (following California and Virginia) to adopt a comprehensive consumer privacy law.

We will provide you with a more comprehensive summary of the new Virginia and Colorado laws in the coming weeks, but for now, the highlights

This week, Volkswagen AG’s U.S. entity and its Audi brand were hit with a class action for a data breach that allegedly compromised 3.3 million consumers’ personal information. In the U.S. District Court for the District of New Jersey, a California consumer filed a suit against the automakers on behalf of other current and prospective

Ever since the enactment of the Illinois Biometric Information Privacy Act (BIPA), we have been watching the development of laws around the collection, use, disclosure and retention of biometric information. In general, BIPA and other biometric information privacy laws enacted since BIPA, require any company that is collecting biometric information, such as fingerprints, voice recognition,

The California Attorney General recently approved modified regulations under the California Consumer Privacy Act (CCPA). One part of the modified regulations bans “dark patterns” on a website. What are dark patterns? Public comments to the proposed regulations describe dark patterns as deliberate attempts to subvert or impair a consumer’s choice to opt-out on a website.

California Attorney General Xavier Becerra announced this week that the Office of Administrative Law approved additional California Consumer Privacy Act (CCPA) regulations, which became effective March 15, 2021.

The additional changes to the regulations primarily affect businesses that sell the personal information of California residents. The changes include a uniform Opt-Out Icon for the

A federal District Court in California recently dismissed a lawsuit against Walmart that arose from an alleged data breach. (Gardiner v. Walmart, Inc., 20-cv-04618-JSW (N.D. Cal., March 5, 2021). Among other things, the court determined that California’s Consumer Privacy Act (CCPA) does not apply retroactively, dismissing the CCPA claim because the plaintiff had not

This week, Consumer Reports published a Model State Privacy Act. The Consumer advocacy organization proposed model legislation “to ensure that companies are required to honor consumers’ privacy.” The model legislation is similar to the California Consumer Privacy Act, but seeks to protect consumer privacy rights “by default.”  Some additional provisions of the model law

Marriott recently won dismissal of a proposed class action data breach lawsuit alleging several violations, including a violation of the California Consumer Privacy Act (CCPA). The case, Arifur Rahman v. Marriott International, Inc. et al., Case No.: 8:20-cv-00654, was dismissed in an Order by U.S. District Court Judge David O. Carter on January 12, 2021.

The California Privacy Rights Act (CPRA) expands the definition of personal information as it currently exists in the California Consumer Privacy Act (CCPA). The CPRA adds “sensitive personal information” as a defined term, which means:

(l) personal information that reveals:

(A) a consumer’s social security, driver’s license, state identification card, or passport number;

(B) a