On September 14, 2023, the California legislature passed S.B. 362, a bill that would impose new requirements on data brokers and grant residents new rights designed to facilitate control over their personal data.
Continue Reading California Legislature Passes Bill Regulating Data Brokers
U.S. State Law
Federal Judge Blocks the California Age-Appropriate Design Code
On September 18, 2023, Judge Beth Labson Freeman of the U.S. District Court for the Northern District of California granted NetChoice’s request for preliminary injunction in NetChoice v. Bonta, finding that NetChoice is likely to succeed on its claim that the California Age-Appropriate Design Code violates the First Amendment. …
Continue Reading Federal Judge Blocks the California Age-Appropriate Design Code
NetChoice Seeks to Block the California Age-Appropriate Design Code
On August 31, 2023, NetChoice, a national trade association of large online businesses, filed supplemental briefing in its challenge to the California Age-Appropriate Design Code. …
Continue Reading NetChoice Seeks to Block the California Age-Appropriate Design Code
CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit
On August 29, 2023, the California Privacy Protection Agency Board issued draft regulations on Risk Assessment and Cybersecurity Audit.
Continue Reading CPPA Issues Draft CPRA Regulations on Risk Assessment and Cybersecurity Audit
First Report from the California Children’s Data Protection Working Group Delayed
On July 10, 2023, California Governor Newsom signed into law A.B. 127, which places the working group for the California Age-Appropriate Design Code Act (the “Act”) under the California Office of the Attorney General. The Act creates a working group, formally named the California Children’s Data Protection Working Group, to produce a report on recommendations for best practices concerning children’s access to online services. Under A.B. 127, the deadline for the first report from the working group will be pushed back from January 1, 2024, to July 1, 2024, and the working group will be required to consist of only nine members, instead of the original 10-member requirement.…
Continue Reading First Report from the California Children’s Data Protection Working Group Delayed
Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
On June 30, 2023, the Delaware House of Representatives passed the Delaware Personal Data Privacy Act (H.B. 154), a day after the Delaware Senate passed the legislation. The DPDPA heads to Governor John Carney for a final signature. …
Continue Reading Delaware Could Become the 13th State to Enact a Comprehensive State Privacy Law
California AG Bonta Announces New Enforcement Sweep Aimed at Employers
On July 14, 2023, California Attorney General Rob Bonta announced a new enforcement sweep aimed at ensuring that companies comply with the California Consumer Privacy Act of 2018 with respect to the personal information of employees and job applicants.
Continue Reading California AG Bonta Announces New Enforcement Sweep Aimed at Employers
Oregon Consumer Privacy Act
On June 22, 2023, the Oregon House of Representatives passed the Oregon Consumer Privacy Act (S.B. 619), which was previously passed by the Oregon Senate on June 20, 2023. The OCPA has been sent to the Oregon governor’s desk for signature. If signed, the OCPA would make Oregon the 12th state to have enacted comprehensive privacy legislation.
Continue Reading Oregon Consumer Privacy Act
New Washington State Geofencing Ban Set to Take Effect in July
On April 27, 2023, Washington adopted the My Health My Data Act. Most of the law’s provisions are not effective until March 31, 2024 (or June 30, 2024 for small businesses). The law’s geofencing prohibition, however, is set to take effect on July 23, 2023.
Continue Reading New Washington State Geofencing Ban Set to Take Effect in July
NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation
On June 28, 2023, the New York Department of Financial Services published an updated proposed Second Amendment to its Cybersecurity Regulation, 23 NYCRR Part 500.
Continue Reading NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation