The proposed Washington Privacy Act (WPA) continues to move forward with new enforcement provisions, including a limited private right of action. The Washington House Committee on Civil Rights and Judiciary narrowly approved the so-called “striker” amendment, which would enable state residents to sue companies for injunctive relief over alleged violations; but does not allow suit for monetary damages. The bill had already passed in the Washington Senate by a vote of 48-1.
Continue Reading Proposed Washington Privacy Act Gets a Different Set of Teeth with Private Right of Action for Injunctive Relief
Supreme Court Hears Arguments on FCRA Class Certification
The Supreme Court heard arguments Tuesday morning, March 30, regarding class certification related to Article III standing in TransUnion v. Ramirez, where only 25% of a certified class suffered injury. In its briefing and in yesterday’s arguments, TransUnion argued that class certification should only apply where every class member has standing and the lead plaintiff does not allege atypical injuries.
Continue Reading Supreme Court Hears Arguments on FCRA Class Certification
Yet Another Round of CCPA Regulations
The California Attorney General’s Office of Administrative Law has approved additional amendments to the California Consumer Privacy Act (CCPA) regulations, which went into effect March 15, 2021. A preliminary version of these new regulations were initially to be submitted as part of the CCPA regulations that went into effect on August 14, 2020, but were ultimately removed from that set of regulations. Instead these four new regulations were pulled from the proposal last minute and were not submitted for review, only to be reintroduced in October 2020 (see article here).
Continue Reading Yet Another Round of CCPA Regulations
China Updates its Personal Information Security Specification
On March 6, 2020, the China Standardization Administration and the State Administration for Market Regulation jointly released an updated version of the Personal Information Security Specification (the “Specification”) which will become effective on October 1, 2020.[1] The updated Specification updates the current Specifications[2] that have been in effect since May 1, 2018, and is the result of a revision effort by the Specification’s drafters, that included a series of interim drafts published for public comment on January 30, 2019, June 21, 2019, and most recently, on October 22, 2019, in order to address certain loopholes and practices leading to excessive collection of personal information.
Continue Reading China Updates its Personal Information Security Specification
Returning to the Office – Data Privacy Concerns for Companies in Latin America
Latin American privacy laws may pose special challenges for businesses considering when and how to reopen their facilities during the coronavirus pandemic. As elsewhere, many companies operating in Latin America may decide to screen employees for their COVID-19 risk-levels before allowing them to enter a shared workspace. Already in place in many European and Asian countries, screening options primarily involve contact tracing or temperature checks. As they focus on health and safety, however, companies should also bear in mind a potentially competing interest: protecting employees’ privacy.
Continue Reading Returning to the Office – Data Privacy Concerns for Companies in Latin America
New California Privacy Initiative Certified for November Ballot
On November 3, 2020, Californians will vote on whether to approve a ballot initiative to enact a new California Privacy Rights Act (CPRA). If, as current polling suggests, California voters pass the CPRA into law in November, it will significantly revise the California Consumer Privacy Act (CCPA) of 2018, which entered into force only in January of this year.
The CPRA expands the provisions of the CCPA, removes the ability of businesses to remedy some violations before they are penalized, and creates a new agency – the California Privacy Protection Agency – to implement and enforce it. The CPRA’s substantive provisions would take effect on January 1, 2023, but its new obligations would apply to personal information collected after January 1, 2022.
Continue Reading New California Privacy Initiative Certified for November Ballot
Pandemic-Related Privacy Bill May Be Unconstitutional
This article appeared in Law360 on May 14, 2020. A group of Republican senators have introduced a new privacy bill that would impose strict privacy obligations on contact tracing apps operated by entities not subject to the Health Insurance Portability and Accountability Act.
Most notably, the COVID-19 Consumer Data Protection Act would obligate such entities to obtain express affirmative consent from individual consumers before using their geolocation, proximity or personal health data.
Continue Reading Pandemic-Related Privacy Bill May Be Unconstitutional
2020 Ballot Initiative to Expand California Privacy Law Receives 900,000 Signatures
Businesses within the scope of California’s groundbreaking privacy law, the California Consumer Privacy Act (CCPA), which went into effect January 1, 2020, may need to revise privacy policies and change their compliance programs once again if a new ballot initiative passes this November. Californians for Consumer Privacy, the group that sponsored the CCPA, announced last week that it is submitting over 900,000 signatures in favor of the California Privacy Rights Act (CPRA) to qualify the initiative for the November 2020 ballot.
Continue Reading 2020 Ballot Initiative to Expand California Privacy Law Receives 900,000 Signatures