California Consumer Privacy Act

The Commission Nationale de l’Informatique et des Libertés, the French Data Protection Agency, has issued a 150M Euro fine against Google and a 60M Euro fine against Facebook/Meta for cookie consent violations.

Here are some key takeaways, and their US relevance:

  • It must be as easy to refuse cookies as it is to accept them.

U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.

Some of the bill’s key differentiators from CCPA, CDPA and CPA:

  • limitations on the disclosure of personal information to third parties that are not subject to the Act/jurisdiction of the US (Counter-Schrems II) (Section

The U.K.’s Information Commissioner’s Office (ICO) has responded to the U.K.’s Department for Digital, Culture, Media and Sport’s (DCMS) “Data: Unlimited” initiative.

There is a lot to unpack. Here is an analysis I wrote for OneTrust DataGuidance that may be helpful.

Key points:

  • The current approach does not work for people or businesses and commitment

Can consent be considered “freely given” if the alternative is to pay 10, 20 or 100 times the market price of your data to keep it to yourself?

That is what noyb.eu is asking in new complaints against seven major German and Austrian news websites.

It’s important to note that a somewhat similar test requiring

Have you been leisurely following California Consumer Privacy Act (CCPA) litigation thinking, “That’s only for data breaches, not ‘soft’ violations.”

Think again.

California Attorney General Rob Bonta’s office has been busy enforcing CCPA for the past year.

Per a new enforcement report, you had better make sure that:

  • Your privacy policy is easily understood.
  • You

The Ohio Personal Privacy Act, also known as House Bill 376, is being considered in the Buckeye State.

Here are a few takeaways:

  • Enforcement by Attorney General only
  • Affirmative defense for companies that maintain and comply with a written privacy program that reasonably conforms with the NIST Privacy Framework.
  • “Business” include non-profits
  • Similar to Virginia

Children’s data isn’t child’s play.

If you have a product or service that collects information from children, you should:

  • Be transparent. No, really. And figure out the best ways to be transparent for kids, which includes just in time notices, video and audio. It is a good idea to enlist the help of UX/CX experts

U.S. Senator Edward J. Markey of Massachusetts has introduced the “Algorithmic Justice and Online Platform Transparency Act.”

If signed into law, the bill will impose several new requirements on online platforms:

  • Transparency – including explaining the information collected, how it is used (for advertising and/or content moderation), method by which the type of algorithmic process

North Dakota, Utah, Washington State. .. all three have recently introduced new pieces of data privacy legislation.

UTAH

Utah State Rep. Walt Brooks, has introduced House Bill 80, which creates an “affirmative defense” for companies in lawsuits over data breaches, provided they can prove that they maintain up-to-date data security.

“It doesn’t give them immunity and it doesn’t release them from liability especially if they’re negligent,” said Brooks.

Another bill introduced in the legislature regulates the state’s use of facial recognition technology.

House Majority Leader Francis Gibson, has introduced House Bill 243, which creates a statewide “privacy officer” to look at how state and local governments use some tech and whether or not people’s personal information is protected.

Details from Fox 13 in Salt Lake City


Continue Reading New Data Privacy Legislation Introduced in West, Mountain States

Assembly Bill 335 has been introduced in the California legislature to amend the California Consumer Privacy Act (CCPA) to include an exception for watercraft-related information.

The bill would expand the “vehicle information” exception, and states that if a vessel dealer shares vessel information or ownership information with a vessel manufacturer for the purpose of effectuating,