On April 12, 2022, Colorado Attorney General Phil Weiser made remarks at the International Association of Privacy Professionals Global Privacy Summit in Washington, D.C., where he invited stakeholders to provide informal public comments on the Colorado Privacy Act rulemaking.
Continue Reading Colorado AG Provides Insights on the Colorado Privacy Act Rulemaking Process
Consent
Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR
Posted on
On February 2, 2022, the Litigation Chamber of the Belgian Data Protection Authority imposed a 250,000 Euro fine against the Interactive Advertising Bureau Europe for several alleged infringements of the GDPR, following an investigation into IAB Europe’s Transparency and Consent Framework.
Continue Reading Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR
India’s Draft Data Protection Bill Moves Closer to Passage
Posted on
Posted in International
In December, the Indian Joint Parliamentary Committee submitted its report on India’s draft Data Protection Bill. The Bill is now likely to be passed by Parliament in its next session, beginning in February 2022, and likely will enter into force in the first half of 2022. This blog entry examines certain key aspects of the revised Bill.
Continue Reading India’s Draft Data Protection Bill Moves Closer to Passage
New FTC Policy Statement Targets Dark Patterns
Posted on
Posted in Enforcement, Marketing
On October 28, 2021, the Federal Trade Commission announced the issuance of a new enforcement policy statement warning companies against using dark patterns that trick consumers into subscribing for services. The policy statement comes in response to rising complaints about deceptive sign-up tactics like unauthorized charges or impossible-to-cancel billing.
Continue Reading New FTC Policy Statement Targets Dark Patterns
South Korean Privacy Regulator Fines Netflix and Facebook
Posted on
On September 1, 2021, the South Korean Personal Information Protection Commission (“PIPC”) issued fines against Netflix and Facebook for violations of the Korean Personal Information Protection Act (“PIPA”).
Continue Reading South Korean Privacy Regulator Fines Netflix and Facebook
China Passes Personal Information Protection Law
Posted on
On August 20, 2021, China passed the Personal Information Protection Law (the “PIPL”). The PIPL will become effective on November 1, 2021.
Continue Reading China Passes Personal Information Protection Law
Google to Prevent App Developers from Using Advertising ID for Any Purpose Following User Opt-Out
Posted on
Posted in Behavioral Advertising, Online Privacy
On June 3, 2021, Google informed app developers that beginning in late 2021, when Android 12 OS users opt out of personalized ads, the advertising ID provided by Google Play services will not be made available to app developers for any purpose.
Continue Reading Google to Prevent App Developers from Using Advertising ID for Any Purpose Following User Opt-Out
New York City Council Passes Tenant Data Privacy Act
Posted on
Posted in Information Security, U.S. State Law
On April 29, 2021, the New York City Council passed the Tenant Data Privacy Act, which would regulate the collection, use, safeguarding and retention of tenant data by owners of “smart access” buildings. The TDPA has now been sent to the New York City Mayor’s desk for signature.
Continue Reading New York City Council Passes Tenant Data Privacy Act
Senate Bill Would Expand Federal Children’s Privacy Protections
Posted on
On May 11, 2021, Senators Edward Markey (D-MA) and Bill Cassidy (R-LA) introduced the Children and Teens’ Online Privacy Protection Act. The Bill, which would amend the existing Children’s Online Privacy Protection Act, would prohibit companies from collecting personal information from children ages 13 to 15 without their consent.
Continue Reading Senate Bill Would Expand Federal Children’s Privacy Protections
Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs
Posted on
On May 2, 2021, the Norwegian data protection authority, Datatilsynet, notified a U.S. company of its intention to issue a fine of 25 million Norwegian Krone (approximately 2.5 million Euros). The preliminary fine was issued for failure to comply with the General Data Protection Regulation’s accountability, lawfulness and transparency requirements, primarily due to the company’s tracking of website visitors.
Continue Reading Norwegian DPA Issues 2.5M EUR Preliminary Fine for U.S. Company Utilizing Web-Tracking IDs