California Legislature Declines to Extend the CCPA’s HR and B2B Exemptions
Last week, the California Legislature adjourned its 2022 legislative session without passing proposed legislation (AB 2871, AB 2891, SB 1454, AB 1102) that would have extended or made permanent exemptions under the California Consumer Privacy Act (CCPA) applicable to personal information collected in human resources (HR) and business-to-business (B2B) contexts. […]
Data Disputes: How UK Class Action Landscape Is Shaping Up
Introduction The number of class actions brought in the UK is likely to grow considerably in the coming years. In particular, we expect claimant firms to continue making claims for misuse use of data where an issue affects a large number of individuals. This post: Introduces group and representative actions […]
California Attorney General Announces $1.2 Million CCPA Settlement With Sephora Amid Ongoing Enforcement Sweep
On August 24, 2022, California Attorney General Rob Bonta announced a $1.2 million settlement with cosmetics retailer Sephora to resolve allegations that it violated the California Consumer Privacy Act (CCPA) and failed to cure those violations within the CCPA’s 30-day cure period.
FTC Proposes Change in Regulation, Enforcement of Data Collection and Security
Key Takeaways On August 11, 2022, the Federal Trade Commission announced an advance notice of proposed rulemaking (ANPR) to initiate a process that would allow it to develop and enforce rules on what the FTC has termed “commercial surveillance,” which it broadly defines as the “collection, aggregation, analysis, retention, transfer, […]
US Privacy Compliance Journey: Due Diligence and Gap Assessment
This post relates to Cooley’s US Privacy Compliance Journey – webinar series presenting a holistic roadmap to compliance with a new generation of US privacy laws starting to take effect on January 1, 2023, including the California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the […]
Europe Takes Position on Sending Personal Data to Russia
On 12 July 2022, the European Data Protection Board (EDPB) adopted Statement 02/2022 on Personal Data Transfers to the Russian Federation, in which it confirmed that data transfers to Russia require a data transfer impact assessment (DTIA). A DTIA is a case-by-case evaluation that determines whether a specific data transfer […]
US Legislative Developments in Children’s Privacy
“It’s time to strengthen privacy protections, ban targeted advertising to children, [and] demand tech companies stop collecting personal data on our children.” – President Joe Biden, State of the Union, March 1, 2022 On May 19, 2022, the Federal Trade Commission publicly renewed its focus on children’s privacy . In […]
Companies Respond to SEC’s Proposed Cybersecurity Disclosure Framework
As we reported in our March 2022 client alert, the Securities and Exchange Commission released proposed cybersecurity reporting rules and solicited feedback through a 60-day comment period. The comment period ended on May 9, 2022, and the SEC received 100+ comments from business, legal, nonprofit and government sectors. While the […]