Across Europe and other countries, there are numerous data protection authorities with differing goals and enforcement powers. Until 2020, when the California Privacy Rights Act (which amended the California Consumer Privacy Act) (collectively the CCPA) went into effect, did the U.S. government or any states have any similar data protection authorities like Europe; then came
California Consumer Privacy Act
Effective October 1st: Montana’s New Consumer Data Protections Law
On Tuesday this week, Montana’s new consumer protections law took effect, joining many other states with similar consumer privacy rights legislation.
The Montana Consumer Data Privacy Act (MCDPA) provides residents with the right to access or obtain copies of their data collected by online companies, the right to request deletion of personal information maintained by…
California on the Forefront of Tackling AI Risks to Consumers
The State of California, under the leadership of Governor Gavin Newsom, has taken the lead of its sister states in mobilizing resources to investigate the risks of the use of generative artificial intelligence (GenAI) tools and develop policies addressing them.
Following in the steps of Colorado, this week, the Governor signed into law an amendment…
Colorado’s First of its Kind Consumer Protections for Artificial Intelligence
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the United States, the Act takes effect on February 1, 2026, and requires artificial intelligence (AI) developers, and businesses that use high-risk AI systems…
David’s Bridal Hit with Class Actions Over Two Data Breaches
This week, two class actions were filed in the U.S. District Court for the Eastern District of Pennsylvania against David’s Bridal based on two data breaches. The actions allege that David’s Bridal failed to protect the personal information of employees and customers.
In January 2024, David’s Bridal suffered a ransomware attack instigated by ransomware group…
California Privacy Protection Agency Announces Additional Enforcement Focuses
The regulatory enforcement agency for the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the CCPA), the California Privacy Protection Agency (CPPA) announced additional enforcement focuses this week, including an emphasis on dark patterns on businesses’ websites. Michael Macko, Deputy Director of the CPPA, said, “The number of investigations we…
California Attorney General Settles Third CCPA Enforcement Action
Following the Sephora and DoorDash enforcement actions, on June 18, 2024, the California Attorney General announced its third California Consumer Privacy Act (CCPA) enforcement action against Tilting Point Media LLC. Tilting Point is a mobile video game developer, including children’s games. The California AG alleged that Tilting Point collected and shared children’s data without parental…
Vermont Data Privacy Act, Most Robust Consumer Protections Since CCPA
Last week, the Vermont legislature passed H. 121, the Vermont Data Privacy Act. This law will make Vermont the 18th state to grant consumers privacy rights similar to those under the California Consumer Privacy Act (CCPA). It is scheduled to go into effect on July 1, 2025.
While the Vermont Data Privacy Act…
Nebraska Becomes the Latest State to Enact a Comprehensive Consumer Privacy Rights Law
Last month, Nebraska passed the Nebraska Data Privacy Act (NDPA), making it the latest state to enact comprehensive privacy legislation. Nebraska joins California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Oregon, Texas, Florida, Delaware, New Jersey, New Hampshire, Kentucky, and Maryland. The law will take effect on January 1, 2025.
The NDPA applies to…
California Trap & Trace Class Actions on the Rise in the Age of Website Trackers
Future LLC, a magazine and website publisher and owner of the TechRadar.com website, faces allegations that it collected website visitors’ IP addresses without consent in violation of the California Invasion of Privacy Act (CIPA). The class action complaint alleges that the TechRadar website launched three trackers -the TripleLift Tracker, GumGum Tracker, and Audiencerate Tracker –…