After the conclusion of the public comment period earlier this month, the Colorado Department of Law adopted amendments to the Colorado Privacy Act (CPA). The Act grants rights to Colorado consumers concerning their personal information, including the right to access, delete, and correct their personal data as well as the right to opt out of
consumer protection
Increased Privacy Enforcement Actions Anticipated Under Texas Privacy Law
While California was the first state to implement a comprehensive consumer privacy rights law and the first to bring an enforcement action for violations, Texas is quickly becoming the next privacy regulator to watch. The Texas Privacy and Data Security Act (TPDSA) became effective in July 2024, and the Texas Securing Children Online through Parental…
Colorado’s First of its Kind Consumer Protections for Artificial Intelligence
On May 17, 2024, Colorado Governor Jared Polis signed, “with reservations,” Senate Bill 42-205, “Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (the Act). The first of its kind in the United States, the Act takes effect on February 1, 2026, and requires artificial intelligence (AI) developers, and businesses that use high-risk AI systems…
FCC Proposes Probe into AI in Robocalls
Federal Communications Commission Chair Jessica Ronsenworcel recently announced a proposed directive to focus the FCC on AI’s burgeoning role in scam calls, particularly those targeting the elderly. The proposal will be presented at the November 15 commission meeting and would direct research into the strengths and weaknesses of generative AI, the role that AI plays…
Investigative Sweep of Employers’ CCPA Compliance by the California Attorney General
The California Attorney General recently announced an initiative to investigate employers’ non-compliance with the California Consumer Privacy Act/California Privacy Rights Act (collectively the CCPA).
At the beginning of this year, the CCPA’s disclosure requirements and consumer rights provisions became applicable to job applicants, employees (and their beneficiaries), and independent contractors. Now, the California AG’s office…
Class Action Filed Against Blackhawk Network for Failure to Secure Consumer Data Leading to Breach
A 34-page class action was filed against Blackhawk Network for a data breach that occurred on MyPrepaidCenter.com in September of this year. The plaintiffs allege that Blackhawk Network’s failure to prevent or detect this incident was “particularly egregious” since it operates a website where consumers can activate and manage prepaid gift cards, which requires collection…
Class Action Against Shopify Dismissed for Lack of Jurisdiction
The U.S. District Court for the Northern District of California dismissed a consumer class action against Ledger SAS’s e-commerce vendor Shopify Inc. because of its locale – Shopify is headquartered in Ottawa, Canada. Judge Edward M. Chen said in his decision earlier this week that the plaintiffs failed to satisfy their burden to demonstrate that…
Last Two States Considering Passage of Data Breach Notification Laws
The last two states which have not passed data breach notification laws are Alabama and South Dakota. Sometimes we make jokes about these states as they are so late to the data breach notification table (California was the first state to pass a data breach notification law in 2002) and they seem not to care…