Early this month, a Northern District of California judge dismissed, with prejudice, a putative class action complaint asserting five privacy-related causes of action, concluding the “issue of consent defeat[ed] all of Plaintiffs’ claims.” Lakes v. Ubisoft, Inc., –F. Supp. 3d–, 2025 WL 1036639 (N.D. Cal. Apr. 2, 2025). Specifically, the Court dismissed plaintiffs’ claims under the (1) Video Privacy Protection Act (“VPPA”); (2) Federal Wiretap Act; (3) California Invasion of Privacy Act (“CIPA”) § 631; (4) common law invasion of privacy; and (5) Article I, Section 1 of the California Constitution. Continue Reading California Court Holds Plaintiffs’ Consent Defeats Claims Involving Use of Website Pixel
California
District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act
On March 13, 2025, the U.S. District Court for the Northern District of California issued an order granting NetChoice’s preliminary injunction against the entire California Age-Appropriate Design Code (CA AADC). The court held that NetChoice is likely to succeed on the merits of its facial First Amendment challenge because CA AADC is content-based, and it likely fails strict scrutiny. It is yet to be seen whether California will appeal; however, this order has the potential to be persuasive in challenges of other AADC-style state laws.Continue Reading District Court Enjoins Enforcement of the California Age-Appropriate Design Code Act
FTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI
On July 9, 2024, the FTC and California Attorney General settled a case against NGL Labs (“NGL”) and two of its co-founders. NGL Labs’ app, “NGL: ask me anything,” allows users to receive anonymous messages from their friends and social media followers. The complaint alleged violations of the FTC Act, the Restore Online Shoppers’ Confidence Act (ROSCA), the Children’s Online Privacy Protection Act (COPPA), and California laws prohibiting deceptive advertising and prohibiting unfair and deceptive business practices.Continue Reading FTC Reaches Settlement with NGL Labs Over Children’s Privacy & AI
California Appeals Court Vacates Enforcement Delay of CPPA Regulations
On February 9, the Third Appellate District of California vacated a trial court’s decision that held that enforcement of the California Privacy Protection Agency’s (“CPPA”) regulations could not commence until one year after the finalized date of the regulations. As we previously explained, the Superior Court’s order prevented the…
Continue Reading California Appeals Court Vacates Enforcement Delay of CPPA RegulationsCPPA Releases Draft Risk Assessment Regulations
Ahead of its December 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft risk assessment regulations. The CPPA has yet to initiate the formal rulemaking process and has stated that it expects to begin formal rulemaking next year, at which time it will also consider draft regulations covering “automated decisionmaking technology” (ADMT), cybersecurity audits, and revisions to existing regulations. Accordingly, the draft risk assessment regulations are subject to change. Below are the key takeaways:Continue Reading CPPA Releases Draft Risk Assessment Regulations
California Amends Data Broker Law
On October 10, 2023, California Governor Gavin Newsom signed S.B. 362, the Delete Act (the “Act”), into law. The new law represents a substantive overhaul of California’s existing data broker statute, which requires data brokers to register with the California Attorney General annually. The passage of the Act follows a renewed interest in data broker activity nationwide, including a request for comments from the Consumer Financial Protection Bureau and the introduction of similar legislation at the federal level. Below, we outline a number of key provisions:Continue Reading California Amends Data Broker Law
California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information
In a new post on the Covington Digital Health blog, our colleagues discuss a recent amendment to California’s Confidentiality of Medical Information Act (“CMIA”) that expands the scope of the law to cover mental health services that are delivered through digital health solutions and the associated health information generated from these services. Continue Reading California Expands the Scope of the CMIA to Cover Certain Digital Mental Health Services and Information
California Privacy Protection Agency Holds Informational Hearings
The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year. While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program. The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings
2021 Trends in Privacy Regulatory Enforcement and Litigation
2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.
Data Privacy Regulatory Enforcement Trends
Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.
An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent. The allegations note that the app included a “Kids” category that was targeted to children. The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation
Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws
Last Friday, October 1, the Protecting DNA Privacy Act (HB 833), a new genetic privacy law, went into effect in the state of Florida establishing four new crimes related to the unlawful use of another person’s DNA. While the criminal penalties in HB 833 are notable, Florida is not alone in its focus on increased genetic privacy protections. A growing number of states, including Utah, Arizona, and California, have begun developing a net of genetic privacy protections to fill gaps in federal and other state legislation, often focused on the privacy practices of direct-to-consumer (“DTC”) genetic testing companies. While some processing of genetic information is covered by federal law, the existing patchwork of federal genetic privacy protections do not clearly cover all forms of genetic testing, including DTC genetic tests.
Continue Reading Newly Effective Florida Law Imposing Criminal Sanctions Adds to Developing Nationwide Patchwork of State Genetic Privacy Laws