On October 10, 2023, California Governor Gavin Newsom signed S.B. 362, the Delete Act (the “Act”), into law. The new law represents a substantive overhaul of California’s existing data broker statute, which requires data brokers to register with the California Attorney General annually. The passage of the Act follows a renewed interest in data broker activity nationwide, including a request for comments from the Consumer Financial Protection Bureau and the introduction of similar legislation at the federal level. Below, we outline a number of key provisions:

Andrew Longhi
Andrew Longhi is an associate in the firm’s Washington, DC office and a member of the Data Privacy and Cybersecurity and Technology and Communications Regulation Practice Groups.
Andrew advises clients on a broad range of privacy and cybersecurity issues, including compliance obligations, commercial transactions involving personal information and cybersecurity risk, and responses to regulatory inquiries.
Andrew is Admitted to the Bar under DC App. R. 46-A (Emergency Examination Waiver); Practice Supervised by DC Bar members.
Oregon Legislature Passes Update to State Telemarketing Law
In late June, the Oregon Legislature passed HB 2759, which would amend the state’s existing “do not call” law. The bill currently is awaiting action by the governor.
If enacted, the bill would make a person “liable for any loss and subject to any penalty” to the same extent as the violator if the…
Maryland and Florida Update Their Telemarketing Laws
This blog post reports on two recent state telemarketing law developments that affect, among other things, marketing calls and text message transmissions.
Maryland Enacts New Law. Earlier this month, on May 3rd, Maryland Governor Wes Moore signed into law the Stop the Spam Calls Act of 2023, which will take effect on January 1, 2024. …
Washington Enacts Update to State Telemarketing Law
On April 20, Governor Jay Inslee signed into law the Robocall Scam Protection Act, which will take effect on July 23, 2023.
As we discuss here, the bill makes a number of updates to the state’s telemarketing law. Notably, the bill prohibits commercial solicitations using an “automatic dialing and announcing device.” It also prohibits…
State Telemarketing Updates: Arizona, Washington, and Maryland
This blog post summarizes recent telemarketing developments emerging from Arizona, Washington, and Maryland. Arizona recently amended its state telemarketing law to include a new text message restriction. Washington and Maryland may soon enact more significant updates of their telemarketing laws, including with respect to automated transmissions. The proposed new law in Maryland is particularly notable, as it seeks to impose the same sort of consent requirements on automated marketing calls and texts that exist now in Florida and Oklahoma.…
Continue Reading State Telemarketing Updates: Arizona, Washington, and Maryland
Iowa Enacts Comprehensive Consumer Privacy Law
On March 28, Governor Kim Reynolds signed into law SF 262, making Iowa the sixth state to enact a comprehensive consumer privacy law. The new law will take effect on January 1, 2025.
As we discuss here, Iowa’s privacy law shares a number of key similarities to existing state privacy frameworks, including providing…
California Privacy Protection Agency Posts Final Draft Regulations
Last night, the California Privacy Protection Agency (CPPA) published agenda materials for its upcoming meeting on February 3, 2023. The materials include:
- Proposed final draft regulations implementing the California Privacy Rights Act (CPRA). These do not reflect further changes since the draft regulations that the CPPA put out for a 15-day comment period on November
Google and iHeartMedia Reach Settlements with FTC and States for Deceptive Endorsements
On November 28, 2022, the Federal Trade Commission (“FTC”) and seven state attorneys general announced that they reached settlements with Google LLC and iHeartMedia, Inc., to resolve claims that the companies aired deceptive advertisements promoting Google’s Pixel 4 phone by arranging for iHeartMedia radio personalities who never actually used the phone to personally endorse it. The companies agreed to pay a combined $9.4 million to the states to settle these allegations.…
Colorado Attorney General Remarks on CPA Rulemaking
On April 12, at the International Association of Privacy Professionals’ global privacy conference, Colorado Attorney General Phil Weiser gave remarks on his office’s approach to the rulemaking and enforcement of the Colorado Privacy Act.
Continue Reading Colorado Attorney General Remarks on CPA Rulemaking
U.S. AI and IoT Legislative Update – Year-End 2021
As 2021 comes to a close, we will be sharing the key legislative and regulatory updates for artificial intelligence (“AI”), the Internet of Things (“IoT”), connected and automated vehicles (“CAVs”), and privacy this month. Lawmakers introduced a range of proposals to regulate AI, IoT, CAVs, and privacy as well as appropriate funds to study developments in these emerging spaces. In addition, from developing a consumer labeling program for IoT devices to requiring the manufacturers and operators of CAVs to report crashes, federal agencies have promulgated new rules and issued guidance to promote consumer awareness and safety. We are providing this year-end round up in four parts. In this post, we detail IoT updates in Congress, the states, and federal agencies.
Part IV: Internet of Things
This quarter’s IoT-related Congressional and regulatory updates ranged from promoting consumer awareness to bolstering the security of connected devices. In particular, the Federal Communications Commission (“FCC”) has taken a number of actions to promote the growth of IoT while the National Institute of Standards and Technology (“NIST”) continues to work to fulfill its obligations under President Biden’s May Executive Order on Improving the Nation’s Cybersecurity (“EO”). The IoT Cybersecurity Improvement Act of 2020 (H.R.1668) additionally tasked NIST with developing security standards and guidelines for the federal government’s IoT devices. This year NIST put out a number of reports to carry out this mandate, including guidance documents to assist federal agencies with evaluating the security capabilities required in their IoT devices (NIST SP 800-213).
Continue Reading U.S. AI and IoT Legislative Update – Year-End 2021