Two more states have enacted consumer privacy protection laws, with Oregon and Delaware joining the existing fray of state comprehensive consumer privacy laws in California, Colorado, Virginia, Utah, Connecticut, Iowa, Indiana, Montana, Tennessee, Florida, and Texas. For a useful chart detailing the applicability, effective dates, and exemptions of all of the state laws enacted thus
privacy
California Privacy Regulator to Review Privacy of Connected Vehicles under CCPA
On July 31, 2023, the California Privacy Protection Agency (“CPPA”) – the state privacy regulatory agency charged with regulating and enforcing the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (“CCPA”) — announced that it will be reviewing the data privacy practices of connected vehicle (CV) manufacturers and related CV technologies. …

Texas is trying to pass the “The Strongest Data Privacy Law in the Country”

On Monday, March 13, 2023, The Texas House Business & Industry committee held a hearing for the main data privacy bill for this legislative session by Representative Capriglione of Southlake, TX, a Dallas suburb. The 34-page bill filed earlier this year aims to comprehensively address how companies and consumers interact with personal data. Similar to California, European, and a handful…
State Legislatures Tackle Children’s Online Privacy, Continue to Introduce Comprehensive Consumer Privacy Bills

As the FTC signals an intention of cracking down on children’s privacy, and as several comprehensive consumer privacy laws take effect in 2023 (with more on the way in legislatures across the country), some states have chosen to tackle children’s privacy more specifically at the state level. So far, only California’s has been enacted…

President Biden Issues Executive Order on Signals Intelligence to Implement EU-US Data Privacy Framework
On October 7, 2022, President Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities. The order aims to address concerns expressed by the Court of Justice of the European Union (CJEU) in the Schrems II case, in which it ruled the E.U.-U.S. Privacy Shield inadequate as a cross-border transfer mechanism. …

California Privacy Protection Agency (CPPA) Invites Comments on Proposed Rulemaking
Background
Yesterday, on September 22, 2021, the California Privacy Protection Agency (“CPPA”) — the new privacy regulatory agency created by the California Privacy Rights Act of 2020 (“CPRA” or “CCPA 2.0”) — issued an invitation for public comment on its proposed rulemaking. Such comments “will assist the Agency in developing new regulations, determining whether…
California Announces Board Appointments to New California Privacy Protection Agency (CPPA)
On March 17, 2021, Governor Gavin Newsome, Attorney General Xavier Becerra, Senate President pro tem Toni Atkins, and Assembly Speaker Anthony Rendon announced the members of the California Privacy Protection Agency (CPPA) the new administrative agency created by the California Privacy Rights Act (CPRA) charged with protecting consumer privacy rights overs personal information.
“Californians deserve…
California’s CPRA (“CCPA 2.0”) Likely to Pass with Majority of Votes Counted
As the nation closely watches the election results coming in, the majority of votes counted in California suggest that the California Privacy Rights Act of 2020 (“CPRA”, or commonly known as “CCPA 2.0”), is on track to pass. Proposition 24 under the California General Election, as of the information available to us at the time…
California Attorney General Proposes Third Set of Modifications to CCPA Regulations
On October 12, 2020, California’s Attorney General proposed a third set of modifications to California Consumer Privacy Act (“CCPA”) regulations. These proposed modifications come nearly two months after the final regulations were approved and made effective by the California Office of Administrative Law (“OAL”) on August 14, and less than a month before the California…
Vermont Amends Data Breach Notification Law, Enacts Student Privacy Act
Vermont Amends Data Breach Notification Law
On July 1, 2020, amendments to Vermont’s Security Breach Notice Act, 9 V.S.A. §§ 2330 & 2335, took effect along with a new “Student Online Personal Information Protection Act.”
Key amendments to the security breach act include:
- An expanded definition of Personally Identifiable Information (“PII”). The definition now
…