CCPA

Subscribe to CCPA

Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of biometric information; (ii) impose BIPA-like security measures, and (iii) mandate specific retention criteria, as described below.
Continue Reading Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action

On October 5, 2021, California Governor Gavin Newsom signed into law amendments to the California Consumer Privacy Act (CCPA) via Assembly Bill 694. Businesses are eagerly awaiting clarification on many aspects of the CCPA and the California Privacy Rights Act (CPRA) (the CPRA is set to go into effect on January 1, 2023, with a

Before the dust has even settled on many California Consumer Privacy Act (CCPA) compliance projects, California voters have welcomed the future of privacy by overwhelmingly approving Proposition 24: The California Privacy Rights Act (CPRA).  Building off of the CCPA framework, the CPRA expands the rights of California consumers, adds new responsibilities for both business and service providers, and creates a new state agency, the California Privacy Protection Agency (the Agency), to take over enforcement from the state Attorney General.  Here are the notable changes:

First, every business will be happy to know that the B2B and employee information sunsets have been extended until January 1, 2023 (after being extended by another year until 2022 by the legislature).
Continue Reading CPRA: The next frontier in (California) privacy

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong.

In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 pandemic. The April 2, 2020 promotion post stated: “Dear Teachers: We want to say thank you. During quarantine we see you working harder than ever to educate our children. To show our gratitude, Draper James would like to give teachers a free dress.”

The Instagram post went on to provide further details of the promotion, including that to “apply”, teachers needed to fill out a form  with their name and work email addresses, a photo of their school IDs, the grade level and subjects they teach, as well as their school name and state. In exchange for providing what the teachers alleged to be “sensitive personal, employment information,” teachers thought they would receive a free dress from the brand. While the Instagram post did caveat in a parenthetical that the offer was “valid while supplies last – winners will be notified on Tuesday April 7th” the post did not disclose that only 250 teachers would receive a free dress. The lawsuit claims that the “vague illusory comment” was insufficient to place a reasonable consumer on notice that that this was a sweepstakes or that the brand would “only be making an unreasonably limited number of products available under this offer.”
Continue Reading Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL).

The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, was submitted on June 1, 2020.  A comparison between the most recent second modified regulations – which were released on March 27, 2020 – and the Final Text of Proposed Regulations reveals very few changes.  In fact, the changes were entirely grammatical, with no substantive revisions.  This means that the last round of revisions, summarized here, will be implemented.

Continue Reading The wait is over: Final CCPA regulations have been submitted

Modern businesses have a more global reach than ever before. Technology has fundamentally changed the way employees work, communicate and collaborate. While global connectivity offers businesses opportunities, it also creates substantial challenges when it comes to archiving communications.

Earlier this month, we co-hosted a thought leadership event in New York City with Smarsh, a multinational

Although the California Consumer Privacy Act (CCPA) specifically precludes private lawsuits except for those resulting from certain data breaches, that has not stopped at least one plaintiff from bringing a putative class action based on an alleged CCPA violation.

A proposed class action was filed on February 27, 2020, in the Southern District of California against Clearview AI (Burke v. Clearview AI, Inc., S.D. Cal., No. 3:20-cv-00370-BAS-MSB). The complaint alleges that Clearview’s facial recognition technology – which scrapes, without notice or consent, social media websites for images of consumers’ faces – violates, among other laws, both the CCPA and the Illinois Biometric Information Privacy Act (BIPA). According to the complaint, Clearview’s facial recognition software uses the billions of scraped images in its database to generate a type of biometric information, known as a “faceprint,” to match a face to other personally identifiable information; it then sells access to the faceprint database to law enforcement agencies and private companies. The complaint charges that Clearview improperly collected personal information without properly notifying consumers.

Continue Reading CCPA litigation is here: putative class action filed for alleged notice and collection violations

The onslaught of privacy regulations has impacted every industry and, while it seems that no industry can be flat footed – from auto manufacturers to ecommerce platforms – one in particular has had to remain especially nimble: the advertising technology (Adtech) industry.

 The Adtech industry has struggled with privacy regulations, including the CCPA, but it

As currently drafted, the California Consumer Privacy Act (“CCPA”) leaves many questions unresolved regarding how the law applies to data collected and used in the health care and life sciences industries, particularly in the research context. Clinical research sponsors and other industry participants have raised concerns about how the CCPA may impede care delivery and

A trio of consumer data privacy bills modeled after Europe’s General Data Protection Regulation (GDPR) has been introduced in the Wisconsin State Assembly. The three bills, collectively dubbed the Wisconsin Data Privacy Act (WDPA), were sponsored by Republican State Representative Shannon Zimmerman, who is seeking to make Wisconsin “the most consumer-friendly state in our nation on data privacy.” Collectively, Assembly Bills 870, 871, and 872 seek to grant Wisconsin residents a host of rights related to companies’ collection and processing of their personal data and would impose a number of related regulatory obligations on companies that process personal data.

Consumer rights

  • A right to request information about what personal data a company has processed;
  • A requirement that companies obtain opt-in consent before collecting or making any use of the consumer’s personal data;
  • A right to request that a company stop any processing of the consumer’s personal data and give notice to cease processing personal data to every entity the company has shared the consumer’s data with (unless this is impossible or involves unreasonable efforts); and
  • A right to request deletion of the consumer’s personal data.


Continue Reading Wisconsin representative proposes “groundbreaking” data privacy law modeled after GDPR, including statutory penalties up to $20 million or 4 percent of total annual revenue