Photo of David Stauss [Former Attorney]

David Stauss [Former Attorney]

 

Formerly with Husch Blackwell, David routinely counseled clients on complying with privacy laws such as the EU's General Data Protection Regulation, the California Consumer Privacy Act, the Colorado Privacy Act, and other state privacy laws.

Key Point: The FTC’s fine is the largest for any COPPA-related incident; however, two issues of first impression alleged in the Complaint could have a more significant impact over the long term.

We previously reported that the Federal Trade Commission (“FTC”) entered into a settlement agreement with Facebook, Inc., which included a record-breaking $5 billion fine for repeat violations of consumers’ privacy rights. The FTC recently announced that it had entered into a settlement with Google, LLC (“Google”) and its subsidiary YouTube, LLC (“YouTube”), in which those entities will pay a $170 million fine for violating the Children’s Online Privacy Protection Act (“COPPA”) Rule. The $170 million fine is the largest the FTC has issued in a COPPA case since Congress enacted the law in 1998.

September 13 was the final day for the California legislature to pass bills amending the California Consumer Privacy Act (CCPA) prior to its January 1, 2020, effective date. After months of speculation and anticipation, we finally have clarity (subject to the Governor’s approval) on the CCPA’s provisions.

Although there were changes – and both business and privacy advocates are claiming victories – the CCPA did not undergo a dramatic change. For businesses, the most notable changes are the addition of limited exemptions for the personal information of employees and business to business contacts as well as changes to the definition of personal information. On the other hand, privacy advocates will point to what did not change, namely, the CCPA retained its core privacy rights.

Below we discuss the changes.

Key Point: If signed by the Governor, the legislation will expand the types of personal information covered by the CCPA’s provision authorizing private litigants to seek statutory damages of between $100 and $750, per consumer per incident, for data breaches.

On September 6, the California legislature passed amendments to the state’s data breach notification statutes (Cal.

Friday, September 13 is the final day for the California legislature to pass bills amending the California Consumer Privacy Act (CCPA). Join us on Monday, September 16 for a first look at what bills passed and how any amendments will impact your CCPA compliance efforts. During this webinar, we will review and discuss the fate of numerous

Key Point:  On October 1, 2019, the amendments to Nevada’s privacy policy statute will go into effect, requiring entities subject to the statute to revise their online privacy policies and create an internal process to ensure compliance with the new opt-out right.

As we initially discussed back in May, the Nevada legislature recently amended the state’s existing online

On July 11, Husch Blackwell’s privacy and data security practice group will host a webinar analyzing the Gramm-Leach-Bliley Act (GLBA) exemption in the California Consumer Privacy Act (CCPA). In this webinar, we will discuss the following topics:

  • History of the CCPA’s GLBA exemption
  • Analysis of the GLBA’s definition of nonpublic personal information and relevant definitions from implementing

In March we published an extensive analysis of proposed bills that would amend or supplement the California Consumer Privacy Act (CCPA). With a number of those bills having either passed the Assembly or been withdrawn , it is a good time to update our analysis.

In the below post, we identify and analyze these bills. In doing so, we first provide a summary of where the legislative process stands. We then analyze the most significant proposed changes and takeaways. Finally, we provide a table linking to each bill, identifying the issue to which it is directed, and providing an analysis of the bill’s proposed changes.

Over the next few months, Husch Blackwell’s privacy and data security blog will continue to track these bills. Register here to stay up-to-date.

Those who have spent time critically thinking about the California Consumer Privacy Act (CCPA), can undoubtedly identify a number of ambiguities and uncertainties. Some of those may be resolved through the current legislative amendment process or the forthcoming Attorney General interpretive regulations. However, notwithstanding those efforts, there likely will be many unresolved issues when the CCPA becomes effective.

Key Point:  Although not as far-reaching as the CCPA, the Nevada legislation will require entities subject to the statute to revise their online privacy notices and create an internal process to ensure compliance with the new opt-out right.

As we previously reported, the Nevada legislature has been considering legislation to amend Nevada’s existing online privacy notice statutes, NRS 603A.300 to .360. On May 23, 2019, the Nevada Assembly unanimously passed that legislation. The Senate previously passed it in April. The legislation is now headed to the Governor’s office for signature.

The legislation amends Nevada’s law in two notable ways. First, entities subject to the statute will need to establish a designated request address through which consumers can submit verified requests directing the entity not to make any “sale” of covered information collected about consumers. That provision will be enforceable only by the Nevada Attorney General’s office which can seek an injunction or $5,000 penalty for “each violation.” Second, the legislation excludes financial institutions subject to the Gramm-Leach-Bliley Act, HIPAA covered entities, and certain motor vehicle manufacturers from having to comply with the online privacy notice statute.

Key Point: SB 561, which would have expanded the CCPA’s private right of action, has failed.

According to multiple reports, SB 561 failed to pass the California Senate on Thursday. The failure of SB 561 is a significant victory for businesses as the bill would have expanded the California Consumer Privacy Act’s (“CCPA”) private right of action to allow individual consumers to sue businesses for violations of the CCPA’s privacy-related rights. The current version of the CCPA only allows individual consumers to sue for certain types of data breaches and leaves enforcement of the CCPA’s privacy-related rights to the California Attorney General’s office. SB 561 was backed by the California Attorney General’s office and privacy-rights organizations. It was strongly opposed by business interests. You can read more about SB 561’s failure here and here.