On February 9, 2024, a California state court of appeal unanimously vacated a lower court ruling, green-lighting the California Privacy Protection Agency’s authority to commence enforcement of the Agency’s first set of regulations. Until now, the Agency’s authority to enforce regulations it has promulgated under the California Consumer Privacy Act (“CCPA”) has been delayed. The Agency had been poised to begin enforcing its latest batch of completed privacy regulations on July 1, 2023, but a trial court’s ruling put this work on hold until March 29, 2024. That hold has now evaporated, and so the Agency can commence enforcement activities with immediate effect. The decision also impacts future Agency rulemaking such as the Agency’s draft regulations on cybersecurity audits, privacy impact assessments, and automated decision-making, which will no longer be subject to the 12-month stay of enforcement.Continue Reading California Court of Appeal Restores CPPA Authority to Enforce Privacy Regulations

In the wake of the Supreme Court’s 2021 decision in Facebook v. Duguid—which held that most smartphones and similar modern technology do not qualify as “automated telephone dialing systems,” under the Telephone Consumer Privacy Act (TCPA)—there has been a spike in state legislative activity aimed at strengthening local telemarketing laws. Florida’s Telephone Solicitation Act (FTSA) became the first state telemarketing law of its kind on July 1, 2021. The FTSA, which does not clearly define the types of automated technology covered by the statute, creates room for a broader interpretation of the types of devices that can qualify as regulated dialing technology. Oklahoma has now become the next state to enact such legislation, the Oklahoma Telephone Solicitation Act (OTSA), which largely mimics the FTSA and came into effect on November 1, 2022.Continue Reading Oklahoma’s New Restrictive Telemarketing Law: Could Other States Be Next?