On March 15, 2023, the Colorado Attorney General filed final rules implementing the Colorado Privacy Act (“CPA”) with the Secretary of State. The Attorney General first released proposed draft rules on October 10, 2022 and subsequently released revised draft rules on December 21, 2022 and January 27, 2023 after public comment. The final rules will
McHenry Introduces Data Privacy Act of 2023
On February 24, Congressman Patrick McHenry (NC-10) formally introduced his bill to modernize the Gramm-Leach-Bliley Act (“GLBA”) in the House as H.R. 1165. The bill was first released as a discussion draft in June 2022, although the latest version reflects a number of updates as compared to the initial discussion draft. The bill has
FTC Flexes ROSCA Muscle With $100 Million “Dark Patterns” Settlement with Vonage
On November 3, the FTC announced that it entered into a significant $100 million settlement with Vonage to resolve allegations relating to the internet phone service provider’s sales and autorenewal practices. The FTC alleged that Vonage violated both the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA) by failing to provide a simple cancellation mechanism, failing to disclose material transaction terms prior to obtaining consumers’ billing information, and charging consumers without consent.
Continue Reading FTC Flexes ROSCA Muscle With $100 Million “Dark Patterns” Settlement with Vonage
California Privacy Protection Agency Posts Updated Draft Rules
The California Privacy Protection Agency (CPPA) staff has posted updated draft rules implementing the California Privacy Rights Act (CPRA). The CPPA Board will discuss the updated draft rules during two virtual public meetings on Friday, October 21 and Saturday, October 22. Agency staff and counsel will also be present at these meetings, which could follow
California Privacy Protection Agency Provides Update on CPRA Rulemaking
During its September 23, 2022 board meeting, the California Privacy Protection Agency (CPPA) provided an update on the status of the ongoing California Privacy Rights Act (CPRA) rulemaking. Since the closure of the required 45-day comment period, the agency staff have been reviewing the written and oral comments submitted by the public. The agency will be promulgating revised regulations, which will be drafted by the staff and presented to the Board. These revisions will be followed by an additional public comment period of 15 to 45 days depending on the scope of the revisions.
Continue Reading California Privacy Protection Agency Provides Update on CPRA Rulemaking
California Privacy Protection Agency Holds Public Hearings on Proposed Regulations
The California Privacy Protection Agency (“CPPA”) held two public hearings last week on its proposed regulations.
Continue Reading California Privacy Protection Agency Holds Public Hearings on Proposed Regulations
California Attorney General Announces First CCPA Settlement
Today, the California Attorney General announced the first settlement agreement under the California Consumer Privacy Act (“CCPA”). The Attorney General alleged that online retailer Sephora, Inc. failed to disclose to consumers that it was selling their information and failed to process user requests to opt out of sale via user-enabled global privacy controls. The Attorney General also alleged that Sephora did not cure these violations within the cure period.
Continue Reading California Attorney General Announces First CCPA Settlement
Congressman McHenry Releases Discussion Draft of Financial Data Privacy Bill
On June 23, Congressman Patrick McHenry released a discussion draft of new legislation to modernize federal financial data privacy law. The draft legislation would amend and build on the Gramm-Leach-Bliley Act (“GLBA”). The draft includes notable provisions on consumer rights, data minimization, and disclosures. It also updates the definition of “financial institution” to include data
California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process
During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process. The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules. The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.
Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process
California Privacy Protection Agency Staff Posts Draft Rules Implementing the CPRA
In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA). The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations. A copy of the proposed