CCPA

Subscribe to CCPA

On April 11, the Indiana legislature passed comprehensive state privacy legislation in the form of S.B. 5. S.B. 5 shares similarities with the state privacy laws in Virginia, Connecticut, Colorado, Utah, and most recently Iowa.  If signed into law, S.B. 5 would take effect on January 1, 2026.  This blog post summarizes the statute’s key takeaways.

Continue Reading Indiana Passes Comprehensive Privacy Statute

The California Privacy Protection Agency (“CPPA”) announced it will hold a special meeting on July 28, 2022 at 9 a.m. PST to discuss and potentially act on proposed federal privacy legislation, including the bipartisan American Data Protection and Privacy Act (“ADPPA”) (H.R. 8152).  The ADPPA is a comprehensive data privacy bill that advanced through

During its June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) voted to initiate the formal California Privacy Rights Act (CPRA) rulemaking process.  The draft rules are expected to be very similar to those previously published in advance of the Board meeting, although Deputy Attorney General Lisa Kim noted during the meeting that minor errors may be updated prior to the formal submission of the draft rules.  The current draft rules and Initial Statement of Reasons (ISOR) continue to be accessible on the CPPA website.

Continue Reading California Privacy Protection Agency Votes To Initiate Formal Rulemaking Process

In advance of the June 8, 2022 board meeting, the California Privacy Protection Agency (CPPA) staff has posted draft rules implementing the California Privacy Rights Act (CPRA).  The draft regulations keep much of the pre-existing California Consumer Privacy Act (CCPA) regulations intact, but modify certain provisions and propose new regulations.  A copy of the proposed

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

The five members of the California Privacy Protection Agency (“CPPA”) were announced today.  The members – who were appointed by Governor Newsom, Attorney General Becerra, Senate President pro Tempore Atkins, and Assembly Speaker Rendon – will lead the new agency, which will have rulemaking and enforcement authority under the California Privacy Rights Act (“CPRA”).
Continue Reading Members of the California Privacy Protection Agency Announced

Last week, a federal district court in San Francisco dismissed a claim under the California Consumer Privacy Act (“CCPA”).  The plaintiff alleged that Google had collected personal information without complying with the CCPA’s notice and consent requirements.  The court held that the CCPA’s private right of action does not extend to these provisions of the law.  It appears that this is the first time a court expressly reached this conclusion.  The case is McCoy v. Alphabet, No. 20‑cv‑05427 (N.D. Cal. Feb. 2, 2021).

For context, the plaintiff alleged that Google used an internal program called “Android Lockbox” on its Android operating system to monitor and collect data from Android users as they used non-Google apps on their phones.  The alleged data collection included when and how often these third-party apps were used and the amount of time users spent on the third-party apps.  Based on these allegations, the plaintiff asserted eleven different claims.  Among these was a claim that Google violated the CCPA by failing to comply with the law’s requirements related to notice and consent.
Continue Reading Court Dismisses CCPA Claim Against Google