Photo of David Stauss

 

David routinely counsels clients on complying with privacy laws such as the EU's General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws. David is certified by the International Association of Privacy Professionals as a Privacy Law Specialist, Certified Information Privacy Professional (US and EU), Certified Information Privacy Technologist, and Fellow of Information Privacy.

Keypoint: Last week the Texas legislature passed consumer data privacy, children’s social media, and data broker bills while the Nevada Assembly passed an amended version of its health data privacy bill.

Below is the twentieth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: May 30, 2023

Keypoint: Texas is the fifth legislature to pass a broad consumer data privacy bill this year with a bill that is a more consumer-friendly version of the Virginia law.

On May 28, 2023, the Texas legislature passed Republican Representative Giovanni Capriglione’s Texas Data Privacy and Security Act (HB 4). Subject to the procedural formalities, the bill will move to Texas Governor Greg Abbott who will then have ten days to sign in, veto it, or allow it to become law without his signature.

Assuming the bill becomes law, Texas will become the tenth state – and fifth state this year – to pass a consumer data privacy bill. With a population of over thirty million people, Texas will be the second largest state (after California) to pass such legislation.

Importantly, the Texas bill passed the legislature after a conference committee process that reconciled differences between the versions that passed the House and Senate. The conference committee made changes to the bill such that reports or summaries of the bill before it passed the legislature on May 28 may be outdated.

The bill generally follows the Virginia model with some notable variations discussed below. Click here if you would like to see a more detailed comparison of the Texas bill against the nine other state laws enacted to date.

Continue Reading Texas Legislature Passes Consumer Data Privacy Bill

Keypoint: Last week the Louisiana Senate passed a children’s social media bill, the Texas legislature appointed a conference committee for its comprehensive privacy bill, and various bills continued to advance in committees.

Below is the nineteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: May 22, 2023

Keypoint: Last week the Texas Senate passed a comprehensive data privacy bill, the Tennessee Governor signed HB 1181 into law, and the Connecticut Senate passed a health/children’s privacy bill.

Below is the eighteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: May 15, 2023

Keypoint: Claims brought under the Washington My Health My Data Act’s private right of action will turn on whether a plaintiff can prove actual damages that were caused by a violation effecting the plaintiff’s business or property.

Signed into law by Governor Jay Inslee on April 27, 2023, the Washington My Health My Data Act (MHMD) is a first-in-the-nation consumer health data privacy act with a private right of action.

We have been tracking the MHMD since it was first introduced in early January, provided a detailed analysis of the bill after it first passed the House in mid-March, and recently discussed its definition of “consumer health data” and private right of action. As we previously promised, in this post we take a deeper look at the private right of action with a particular focus on how Washington courts have handled CPA claims based on other conduct. We also provide two takeaways to help businesses better understand and evaluate their risk.

Continue Reading Analyzing the Washington My Health My Data Act’s Private Right of Action

Keypoint: Last week the Florida legislature passed a consumer data privacy bill while the Texas legislature continued to advance both consumer data privacy and data broker bills.

Below is the seventeenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: May 8, 2023

Keypoint: Last week the Washington Governor signed the My Health My Data Act, the Nevada Senate passed a health / biometric privacy bill, the Florida Senate passed a consumer privacy bill, and the Texas House and Florida House passed children’s social media privacy bills.

Below is the sixteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: May 1, 2023

Keypoint: Last week the legislatures in Montana and Tennessee passed consumer data privacy bills and the Washington legislature passed the My Health My Data Act.

Below is the fifteenth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker, 2023 State Children’s Privacy Law Tracker, and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Continue Reading Proposed State Privacy Law Update: April 24, 2023

Keypoint: Montana becomes first Republican-controlled legislature to pass a consumer data privacy bill requiring controllers to recognize universal opt out mechanisms, providing additional rights for children, sunsetting the right to cure, and adjusting the applicability threshold to take into account a state’s smaller population.

On April 21, 2023, the Montana legislature unanimously passed Republican Senator Daniel Zolnikov’s SB 384. In doing so, Montana became the first Republican-controlled legislature to pass a consumer privacy bill with provisions that closely align with last year’s Connecticut Data Privacy Act (CTDPA). As a result, Montana joins California, Colorado, and Connecticut as states with the strongest consumer data privacy bills passed to date. In a first, the Montana bill lowers the traditional 100,000 consumer threshold to 50,000 to presumably take into account Montana’s smaller population.

Pending any remaining procedural formalities, the bill will be sent to Montana Governor Greg Gianforte in the coming days. Governor Gianforte can sign the bill, veto it, or allow it become law without his signature.

In the below post, we provide a summary of some of the bill’s more notable provisions. Click here for a more detailed comparison of the Montana bill against the seven bills passed to date.

Continue Reading Montana Legislature Passes Consumer Data Privacy Bill

Keypoint: With a private right of action, broad applicability to businesses of all sizes and types, a scope that is broader than its name suggests, and strong consent-based requirements and privacy rights, the Washington My Health My Data Act will be a transformative privacy law for the United States.

On April 17, 2023, the Washington legislature passed the My Health My Data Act (MHMD) (HB 1155). The bill now heads to the Washington Governor who can sign it, veto it, or allow the bill to become law without signature.

We have been tracking MHMD since it was first introduced in early January, provided a detailed analysis of the bill after it first passed the House in mid-March, and discussed its definition of “consumer health data” and private right of action in our April 10 weekly post. In the below post, we add to our analysis by providing five key takeaways about MHMD.

Continue Reading Washington Legislature Passes My Health My Data Act