Yesterday, on August 24, 2022, California Attorney General Rob Bonta (“AG”) announced a settlement with Sephora, Inc., resolving allegations that the company violated the California Consumer Privacy Act (“CCPA”). The order includes permanent injunctive relief as well as a $1.2 million fine. This action stems from a June 2021 enforcement sweep by the attorney general
Advertising & Marketing
Business Privacy Law Lessons from Proposed Settlement with Twitter
The Department of Justice (“DOJ”), on behalf of the Federal Trade Commission (“FTC”), filed a complaint and motion for entry of a stipulated order with the Northern District of California, which would require Twitter to pay civil penalties and take other corrective actions for their violation of the FTC Act and a previous 2011 FTC…

California Privacy Protection Agency (CPPA) Invites Comments on Proposed Rulemaking
Background
Yesterday, on September 22, 2021, the California Privacy Protection Agency (“CPPA”) — the new privacy regulatory agency created by the California Privacy Rights Act of 2020 (“CPRA” or “CCPA 2.0”) — issued an invitation for public comment on its proposed rulemaking. Such comments “will assist the Agency in developing new regulations, determining whether…
California’s CPRA (“CCPA 2.0”) Likely to Pass with Majority of Votes Counted
As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass. Proposition 24 under the California General Election, as of the information available to us at the time…
Brazil’s Data Protection Law (“LGPD”) Retroactively Effective
On September 18, 2020, Brazil’s data protection law (Lei Geral de Proteção de Dados Pessoais, or “LGPD”) became retroactively effective August 16, 2020. Penalties do not begin until August 1, 2021, based on a previous delay passed by Brazil’s legislature. Brazil’s legislature previously rejected a provisional measure which would have postponed applicability of…
FTC Issues Opinion and Final Order Against Cambridge Analytica
On December 6, 2019, the FTC issued an opinion finding that Cambridge Analytica, they had engaged in deceptive practices to collect personal information from several users of Facebook for purposes of voter profiling and targeting. In addition, the Commission found that Cambridge Analytica had engaged in deceptive practices regarding its participation in the EU-US Privacy…
California Attorney General Issues Proposed CCPA Regulations
Today, on October 10, 2019, the California Attorney General (“AG”) issued long-awaited proposed regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”). The AG also issued a notice of proposed rulemaking action and an initial statement of reasons elaborating on the purposes of the proposed regulations. The proposed regulations are intended to “establish procedures…
French Data Protection Authority (CNIL) Imposes € 50 Million GDPR Sanction on Google

On January 21, 2019, the French Data Protection Authority, the Commission Nationale de L’Informatique et de Libertés (“CNIL”) announced a sanction of 50 million euros against Google. On May 25 and 28, 2018, the CNIL received complaints from two different associations, asserting that Google did not have a valid legal basis for the processing of…
German Court Rules Facebook’s Use of Personal Data Is Illegal
A Berlin regional court recently ruled that Facebook’s use of personal data was illegal because the social media platform did not adequately secure the informed consent of its users. A German consumer rights group, the Federal of German Consumer Organisations (vzvb) said that Facebook’s default settings and some of its terms of service were in…
The European Union’s General Data Protection Regulation (GDPR) Is Coming: What Does It Mean For U.S. Businesses?

With the May 25, 2018 deadline quickly approaching, many businesses are scrambling to prepare for compliance with the EU’s General Data Protection Regulation (GDPR), and questions and conversations are heating up. Still others are still trying to wrap their arms around what GDPR is and what it means for U.S. businesses. For those of you…