Proposed State Privacy Law Update: March 20, 2023

By David Stauss on March 19, 2023

Posted in Arizona 2023, California 2023, Connecticut 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Kentucky 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Mississippi 2023, Montana 2023, Nevada 2023, New Hampshire 2023, New Mexico 2023, Oklahoma 2023, Oregon 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Vermont 2023, Washington 2023

Keypoint: Last week Iowa’s legislature passed a consumer privacy bill, and the Kentucky Senate passed a consumer privacy bill.

Below is the tenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Privacy Litigation Update: SDNY Dismisses Video Privacy Protection Act Claim

By Dustin Taylor on March 16, 2023

Posted in Privacy Litigation

Keypoint: The Southern District of New York dismissed a VPPA claim after finding use of the Meta Pixel does not violate the VPPA when used to transmit information about a visitor’s general activity on a webpage, even where that webpage also hosts video.

In June 2022, a plaintiff filed a complaint in the Southern District of New York that alleged the defendants violated the Video Privacy Protection Act (“VPPA”) by using the Meta Pixel. More than eight months later, the court dismissed the complaint after finding the plaintiff failed to state a claim for relief under the VPPA. Taking all the plaintiff’s allegations as true, the court nevertheless found a website that used the Meta Pixel to send information to Meta when a website visitor visited a webpage that contained both video and non-video content did not violate the VPPA.

Iowa Legislature Passes Consumer Data Privacy Bill

By David Stauss on March 15, 2023

Posted in Iowa 2023

Keypoint: Pending the governor’s signature, Iowa will become the sixth state to pass consumer data privacy legislation.

On March 15, 2023, the Iowa House voted 97-0 to pass SF 262. The bill previously passed the Senate by a vote of 47-0. The bill was procedurally messaged back to the Senate. Pending any remaining procedural hurdles and the governor’s signature, Iowa will become the sixth state to pass consumer data privacy legislation with a bill that rivals Utah as the most business-friendly legislation passed to date.

In the below post, we provide a comparison of the Iowa bill to the five existing state privacy laws. You also can access a PDF of the comparison charts here. In addition, Keir Lamont and Mercedes Subhani from the Future of Privacy Forum prepared a very useful chart comparing the Iowa bill to the Connecticut Data Privacy Act.

Analyzing the Washington State My Health My Data Act

By David Stauss & Ashton Harris on March 13, 2023

Posted in Washington 2023

Keypoint: In the aftermath of the Supreme Court’s Dobbs decision, Washington legislators introduced legislation to enhance privacy protections for consumer health data.

In early March, lawmakers in Washington state’s House passed an amended version of the My Health My Data Act (HB 1155). The Act seeks to implement sweeping changes to how companies treat the consumer health data of Washington residents. The Act is supported by the Attorney General’s office and was filed in response to the United States Supreme Court’s Dobbs decision overturning Roe v. Wade. The Act is currently scheduled for a March 14 public hearing in the Senate Committee on Law & Justice.

In the below post, we provide a brief summary of the Act as it passed the House on March 4. The Act underwent significant amendments prior to passing the House and could undergo further amendments in the Senate. Consequently, this post is intended only to provide a point-in-time analysis.

Proposed State Privacy Law Update: March 13, 2023

By David Stauss on March 12, 2023

Posted in Arizona 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Kentucky 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Missouri 2023, Montana 2023, New Hampshire 2023, New Jersey 2023, New Mexico 2023, New York 2023, Oklahoma 2023, Oregon 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Vermont 2023, Washington 2023, West Virginia 2023

Keypoint: Last week chambers in Hawaii, Iowa, and Oklahoma passed consumer privacy bills.

Below is the ninth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

Legislating Data Privacy Series: A Conversation with California Assemblymember Buffy Wicks

By David Stauss on March 7, 2023

Posted in Legislating Data Privacy Series

In the eighteenth episode of our Legislating Data Privacy podcast series, we talk with California Assemblymember Buffy Wicks.

In 2022, Assemblymember Wicks was the primary author of the California Age-Appropriate Design Code Act (AB-2273), a first-in-the-nation law based on the United Kingdom’s Age-Appropriate Design Code. This year, seven other states are currently considering bills modeled off the California law. During this interview, Assemblymember Wicks discusses the background of drafting and negotiating the bill, the bill’s provisions, and her thoughts on children’s data privacy.

Click here or below to listen to the full interview.

Privacy Litigation Update: California courts strike back against claims that website chat functionality violates wiretapping statutes

By Dustin Taylor on March 6, 2023

Posted in Privacy Litigation

Keypoint: In the wake of a recent California decision that allowed claims alleging use of chat functionality on website violated California wiretapping laws, three California district courts have dismissed nearly identical claims causing a split in Central District of California courts.

Following a February decision that allowed a complaint that alleged a website operator’s use of a customer support chat feature violated California wiretapping laws to proceed past the pleading stage, three California district courts have since dismissed nearly identical claims. The result leaves companies who may find themselves named as defendants in these lawsuits uncertain whether they will be able to escape litigation at the less costly motion to dismiss stage. In the below post, we analyze these decisions and their impact on future litigation over these claims.

Proposed State Privacy Law Update: March 6, 2023

By David Stauss on March 5, 2023

Posted in Arizona 2023, California 2023, District of Columbia 2023, Florida 2023, Hawaii 2023, Illinois 2023, Indiana 2023, Iowa 2023, Kentucky 2023, Maryland 2023, Massachusetts 2023, Minnesota 2023, Mississippi 2023, Missouri 2023, Montana 2023, New Hampshire 2023, New Jersey 2023, New Mexico 2023, New York 2023, Oklahoma 2023, Oregon 2023, Rhode Island 2023, South Carolina 2023, State privacy legislation, Tennessee 2023, Texas 2023, Utah 2023, Vermont 2023, Virginia 2023, Washington 2023, West Virginia 2023

Keypoint: Last week the Utah legislature passed two bills targeted at social media companies’ interaction with individuals under the age of 18, the Montana Senate passed a consumer privacy bill, and the Washington House passed the My Health My Data Act.

Below is the eighth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

NYC to Finalize Rules and Begin Regulating AI Employment Tools in Coming Months After Public Hearing

By Owen Davis & Keith Ybanez on February 27, 2023

Posted in Artificial Intelligence, New York

Keypoint: After a January hearing, New York City continues to consider comments to a new law regulating employers’ use of automated employment decision tools, with enforcement to begin “in the coming months.”

New York City moves closer to implementing Local Law 144, the first major U.S. law governing the use of AI employment technologies. On January 23, 2023, the New York City Department of Consumer and Worker Protection (DCWP), the agency charged with enforcing the law, held a second public hearing on the law’s proposed rules to address several ambiguities related to key definitions and the scope of the law. Within the past week, the DCWP published a transcript of the hearing and announced that it would finalize its rules and begin enforcement “in the coming months.”

Proposed State Privacy Law Update: February 27, 2023

By David Stauss on February 26, 2023

Keypoint: Last week lawmakers introduced a consumer privacy bill in Rhode Island and biometric privacy bills in Kentucky and Missouri; advanced consumer privacy bills out of committee in multiple states; and advanced a children’s privacy bill out of committee in New Mexico.

Below is the seventh weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker and new 2023 State Children’s Privacy Law Tracker and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.