On November 16, 2023, the European Data Protection Board published its Guidelines 2/2023 on the Technical Scope of Art. 5(3) of the ePrivacy Directive.
Continue Reading EDPB Publishes Guidelines to Clarify Scope of EU “Cookie” Notice and Consent Requirements
Geolocation
Connecticut and Nevada Legislatures Pass Health Data Laws
On June 2 and June 5, 2023, the Connecticut and Nevada state legislatures, respectively, voted in favor of sending legislation to their governors for signature that would impose restrictions, among others, on the processing of consumer health data, including geofencing provisions. Nevada S.B. 370 was signed by Nevada Governor Joe Lombardo on June 16, 2023. …
Continue Reading Connecticut and Nevada Legislatures Pass Health Data Laws
CNIL issues €125,000 Fine Against E-Scooter Rental Company
On March 28, 2023, the French Data Protection Authority announced a €125,000 fine on the e-scooter rental company Cityscoot for breaching EU and French data protection rules, in particular in the context of geolocation and use of Google reCAPTCHA. …
Continue Reading CNIL issues €125,000 Fine Against E-Scooter Rental Company
Google Agrees to $391.5 Million Settlement with 40 States over Misleading Location Tracking Practices
On November 14, 2022, Google LLC agreed to a $391.5 million settlement with the attorneys general of 40 U.S. states over the company’s location tracking controls available in its user account settings. …
Continue Reading Google Agrees to $391.5 Million Settlement with 40 States over Misleading Location Tracking Practices
Google to Pay $85 Million to Settle Arizona Geolocation Tracking Privacy Suit
On October 3, 2022, Google LLC agreed to pay the State of Arizona $85 million to settle a consumer privacy lawsuit that alleged the company surreptitiously collected consumers’ geolocation data on smartphones even after users turned disabled tracking. …
Continue Reading Google to Pay $85 Million to Settle Arizona Geolocation Tracking Privacy Suit
FTC Commences Civil Action Against Data Broker for Selling Geolocation Data
On August 29, 2022, the Federal Trade Commission announced a civil action against digital marketing data broker Kochava Inc. for “selling geolocation data from hundreds of millions of mobile devices that can be used to trace movements of individuals to and from sensitive locations.”…
Continue Reading FTC Commences Civil Action Against Data Broker for Selling Geolocation Data
California Enacts the California Age-Appropriate Design Code Act
On September 15, 2022, California Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act. The Act, which takes effect July 1, 2024, places new legal obligations on companies with respect to online products and services that are likely to be accessed by children under the age of 18.
Continue Reading California Enacts the California Age-Appropriate Design Code Act
California Privacy Protection Agency Officially Commences CPRA Rulemaking Process
On July 8, 2022, the California Privacy Protection Agency Board voted to begin the California Privacy Rights Act rulemaking process.
Continue Reading California Privacy Protection Agency Officially Commences CPRA Rulemaking Process
U.S. State Legislative and Industry Self-Regulatory Efforts to Fill Gaps in Children’s Online Privacy
On April 19, 2022, the California state legislature and an industry self-regulatory group each separately took steps to enhance online privacy protections for children who are not covered by COPPA. …
Continue Reading U.S. State Legislative and Industry Self-Regulatory Efforts to Fill Gaps in Children’s Online Privacy
New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices
On January 18, 2022, New Jersey Governor Phil Murphy signed into law Assembly Bill No. 3950, requiring employers to provide written notice to employees prior to the use of tracking devices in vehicles used by employees. The Act will go into effect on April 18, 2022.
Continue Reading New Jersey Requires Employers to Notify Employees of the Use of Tracking Devices