California Privacy Rights Act

Readers of this blog know that we’ve been closely following the California Privacy Rights Act (CPRA) rulemaking process. California passed the law in 2020 to update the California Consumer Privacy Act of 2018 with additional consumer rights and business obligations. The CPRA also established a new government agency, the California Privacy Protection Agency (CPPA), responsible

Since the California Privacy Protection Agency (CPPA) released its draft regulations pursuant to the California Privacy Rights Act (CPRA), the biggest gripe from businesses has been the website tracking opt-out requirements. Recognition of opt-out requests from consumers could potentially cost companies some significant dollars.

The CPRA amends the California Consumer Privacy Act of 2020 and

According to reporting from the Verge and the Markup, several popular e-filing providers have been transmitting sensitive financial information to Meta through Meta Pixel. Meta Pixel is a free advertising analytics service offered by Meta that, similar to cookie files and other persistent user identifiers, collects personalized data about how the users interact with content

As companies hustle to follow the new California Privacy Rights Act (CPRA) regulations, they’ve hit a substantial hiccup: there aren’t any yet. The California Privacy Rights Agency (CPPA), the newly-created body with administrative authority over the CPRA’s implementation, has yet to release its finalized regulations. The CPRA takes effect on January 1, 2023, and covered

California law will soon require businesses to treat their employees and business partners as consumers under the California Consumer Privacy Act (CCPA). The CCPA and its successor legislation, the California Privacy Rights Act (CPRA), grant California consumers dignitary rights over their personal information collected and processed by commercial entities that do business in California. The

Last week, the California Privacy Protection Agency (CPPA) released updated California Privacy Rights Act (CPRA) draft regulations and a summary of the changes. The regulations remain in the proposal stage and it is unclear when to expect finalized rules, although it is likely that this version will include near final requirements and prohibitions.

While most

On Friday, the newly created California Privacy Protection Agency (CPPA) issued its first proposed regulations under the California Privacy Rights Act (CPRA).

The proposed rules have drawn criticism for requiring companies to treat browser-based “Do Not Track” signals as consumers asserting their opt-out rights. This rule came as a surprise to many observers because, as

We all know businesses collect our data. But did you know that businesses can draw inferences from those data to determine whether a consumer is married, or is a homeowner, or is a likely voter? Recently, the question arose whether those inferences constitute personal information under the California Consumer Privacy Act of 2018 (CCPA or

California is the gold standard for state privacy laws, having recently enacted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). Virginia and Colorado also have enacted comprehensive privacy laws, which will take effect in 2023. Recently, the International Association of Privacy Professionals (IAPP) released its state privacy legislation tracker.

The California Privacy Rights Act (CPRA) expands the definition of personal information as it currently exists in the California Consumer Privacy Act (CCPA). The CPRA adds “sensitive personal information” as a defined term, which means:

(l) personal information that reveals:

(A) a consumer’s social security, driver’s license, state identification card, or passport number;

(B) a