As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass. Proposition 24 under the California General Election, as of the information available to us at the time
consumer privacy
California Attorney General Submits Final Proposed CCPA Regulations
On June 1, 2020, California Attorney General Xavier Becerra submitted a finalized package of CCPA regulations to the California Office of Administrative Law (OAL). The package included not only the final text of the regulations, but also the final statement of reasons for amendments to the previous drafts. There have been multiple rounds of drafts…
“CCPA 2.0” Amendments Qualify for November 2020 Ballot

On May 4, the Californians for Consumer Privacy (led by Alistair McTaggart, the real estate investor and activist behind the original ballot initiative that led to the CCPA), announced in a letter that it had collected over 900,000 signatures to qualify the California Privacy Rights Act (“CPRA”) for the November 2020 ballot. This version of…
U.S. Senate Announces Introduction of COVID-19 Consumer Data Protection Act

On April 30, 2020, U.S. Sens. Roger Wicker (R-MS), chairman of the Senate Committee on Commerce, Science, and Transportation, John Thune (R-SD) chairman of the Subcommittee on Communications, Technology, Innovation, and the Internet, Jerry Moran (R-KS), chairman of the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security, and Marsha Blackburn (R-TN), announced plans…
Governor Signs Five Amendments to CCPA
Last Friday, October 11, 2019, one day after the California Attorney General issued proposed regulations to implement the California Consumer Privacy Act of 2018 (“CCPA”), the California Governor, Gavin Newsom, announced that he signed all five of the September 2019 legislative amendments to the CCPA into law. Those amendments include AB-25, AB-874, AB-1146, AB-1355, and…

FTC Seeks Public Comment on Sears’ Petition to Modify Order Regarding Software Tracking Application

The FTC is seeking public comment on a petition by Sear’s to reopen and modify its 2009 consent order to restrict the broad definition of “tracking application”.
Background. In 2009, the FTC issued an order settling charges that Sears Holdings Management Corporation (“Sears”) had failed to adequately disclose the scope of consumers’ personal information…

Could Your Website Be Collecting Information from Kids? Federal Trade Commission Issues 6-Step Plan for Complying with the Children’s Online Privacy Protection Act
This month, the Federal Trade Commission (FTC) issued guidance for businesses operating websites and online services looking to comply with the Children’s Online Privacy Protection Act (“COPPA”). COPPA addresses the collection of personal information from children under 13. Importantly, the determination of whether a business’s website is “directed to children under 13” (and thus subject…
Target and States Resolve 2013 Data Breach Investigation with $18.5M Settlement

Target Corporation has reached an $18.5 million settlement with 47 states and the District of Columbia to resolve the investigation into the retailer’s 2013 data breach, officials announced on May 23, 2017. The 2013 data breach incident triggered various state consumer protection and data breach laws when hackers accessed consumer data for over 110 million…
VIZIO Pays $2.2 Million to FTC and New Jersey for Collecting Viewing Histories on 11 Million Smart TVs Without Users’ Consent; Order Suggests Viewing History is Sensitive Information
Today, Vizio, Inc., agreed to pay $2.2 million to settle charges by the FTC and the New Jersey Attorney General that it installed software on its Smart TGVS to collect viewing data on 11 million consumer televisions without the consumers’ knowledge or consent. The $2.2 million payment includes a $1.5 million payment to the FTC,…
Standing on the Precipice: The Actual Injury Requirement After Spokeo

Courts and litigants find themselves standing on the precipice of Spokeo v. Robins, a monumental Supreme Court decision that could have potentially wide-ranging implications for data breach cases. Given the Court’s holding in Spokeo that a plaintiff must allege and prove more than just “a bare procedural violation” to satisfy the “concrete injury” component of standing’s injury-in-fact requirement, it may prove difficult for data-breach plaintiffs to survive challenges to their allegations of standing. For example, even if a consumer’s data has been stolen, a third party (such as a bank) may ultimately pay for any out-of-pocket losses (for instance, in the case of stolen credit card numbers). Thus, in the absence of any actual monetary losses, which is often the case, plaintiffs are forced to rely on allegations of an increased likelihood of fraud or identity theft. But as the initial influx of post-Spokeo cases make clear, plaintiffs must establish that their risk of future harm is more than speculative, a leap which some courts have been reluctant to take.…
Continue Reading Standing on the Precipice: The Actual Injury Requirement After Spokeo