Photo of Shelby Dolen

Shelby Dolen

Subscribe to Shelby Dolen's Posts

Clients and legal teams appreciate Shelby’s passion for the law as it relates to protecting technology and company assets. She regularly monitors and researches fast-changing consumer privacy laws, with the understanding that critical strategy and success for any business includes oversight of data privacy policies and intellectual property portfolios.

Follow:Read more about Shelby DolenShelby's Linkedin Profile

Keypoint: A detailed analysis of the Attorney General’s twenty-seven published examples of noncompliance notices sent during the first year of CCPA enforcement reveals key learnings for CCPA compliance efforts.

In July, the California Attorney General published twenty-seven “illustrative examples” of noncompliance notices it sent to businesses during its first year of enforcing the CCPA. The examples provide a rare glimpse into the Attorney General’s enforcement priorities.

The office sent enforcement notices to a wide range of businesses spanning a variety of industries. The alleged violations primarily concerned privacy policy disclosures, consumer requests, and opt-out of sale requirements. Other noncompliance topics included service provider contracts and “just in time” notices.

Below is an analysis of the published enforcement examples. The office emphasizes, however, that the information provided “does not include all the facts of each situation and does not constitute legal advice.”

Continue Reading CCPA Update: Analysis and Key Takeaways from AG’s Example Enforcement Cases

Keypoint: The Colorado Senate unanimously passed the Colorado Privacy Act after amending the bill to add back many of the privacy protections previously removed.

On May 26, 2021, the Colorado Senate unanimously passed the Colorado Privacy Act. The bill now moves to the State Assembly. The Colorado legislature is scheduled to close on June 12 so we will know in just a matter of weeks (if not sooner) if Colorado will become the third state to enact broad consumer privacy legislation.

Two House sponsors were added to the bill – Republican Terri Carver and Democrat majority co-whip Monica Dunn. The addition of bipartisan House sponsors perhaps signals that the bill has momentum to pass the House.

Notably, the Senate significantly amended the bill from the version previously passed by the Senate Business, Labor & Technology Committee. As discussed in our May 12 post, the Senate committee had revised many of the bill’s pro-consumer provisions to pro-business provisions. The bill that ultimately passed the Senate (see here) reverted many of those changes. Below is a summary of some of the notable revisions.

Continue Reading Significantly Amended (Again) Colorado Privacy Act Passes Senate

Keypoint: Bill would expand COPPA to protect 13 to 15 year olds.

On May 11, Senators Edward J. Markey (D-Mass) and Bill Cassidy (R-La) introduced the Children and Teens’ Online Privacy Protection Act. The legislation seeks to amend the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501-6505, to “strengthen protections relating to the online collection, use, and disclosure of personal information of children and minors.”

Continue Reading Senators Propose Bipartisan Bill to Amend COPPA

Keypoint: The Colorado Privacy Act passed unanimously out of committee last week but not before lawmakers revised many of its pro-consumer provisions to pro-business.

On May 5, 2021, the Colorado Senate Business, Labor & Technology Committee unanimously passed the Colorado Privacy Act. The bill was sent to the Senate Appropriations Committee where it is scheduled for a May 14 hearing.

Before passing the bill, the Senate Committee accepted a number of amendments that changed many of the bill’s pro-consumer privacy provisions in favor of pro-business provisions. As it stands, the bill appears to be an even more business-friendly version of the Virginia Consumer Data Protection Act (VCDPA). For reference, the VCDPA and Colorado bill are both based on this year’s version of the Washington Privacy Act, which failed to pass the Washington legislature in April.

Below is an analysis of some of the more notable amendments.

For reference, the current version of the bill is available here and the original version of the bill is available here. Our analysis of the original bill is available here.

Continue Reading Significantly Amended Colorado Privacy Act Passes out of Senate Committee

Keypoint: Bill would add right to deletion to COPPA.

Senators introduced the “Clean Slate for Kids Online Act of 2021” in the United States Senate last week. The bill seeks to amend the Children’s Online Privacy Protection Act (“COPPA”).

The bill provides individuals with the right to delete personal information the operator collected from the individual as a child. The right to delete applies even in instances where parental consent was provided for the collection of the personal information.

Continue Reading Senators Reintroduce Bill to Amend COPPA

Keypoint: Proposed bills would amend Nevada privacy legislation to provide consumers with a broader right to opt out of sales.

In 2019 – shortly after the CCPA was enacted – Nevada amended its online privacy notice statutes, NRS 603A.300-360, to provide consumers with the right to opt out of sales. However, contrary to the CCPA’s broad definition of “sale,” the Nevada law defines sale narrowly as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”

Continue Reading Nevada Bills Would Broaden State’s Right to Opt-Out of Sale of Covered Information

Keypoint: It was another busy week with bills introduced in Colorado, New York and West Virginia, a committee hearing in New Jersey on three bills, a public hearing in Washington on the Washington Privacy Act, the Oklahoma bill was referred to the Senate Judiciary committee, one Florida bill passed out of committee, and a hearing was set on the other Florida bill.

For the fourth week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.

First, there has been so much debate about what to call Virginia’s new privacy law – the Virginia Consumer Data Protection Act – that we started an online poll. Tell us whether you think the law should be called the CDPA or VCPDA. We will keep voting open until April 2 and release the results on our blog.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of March 22, 2021

Fraser, ColoradoKeypoint: The Colorado bill mirrors the Virginia Consumer Data Protection Act and Washington Privacy Act but contains some notable differences.

On March 19, 2021, Colorado lawmakers introduced the Colorado Privacy Act (SB21-190).

The bill is similar to Virginia’s Consumer Data Protection Act (VCDPA) and the Washington Privacy Act (WPA) but contains notable differences, including with respect to the scope of its exemptions and the rights it would provide to Colorado residents.

Senator Rodriguez (Democrat) and Senator Lundeen (Republican and minority whip) sponsored the bill, signaling that it has bi-partisan support. The bill has been assigned to the Senate’s Business, Labor and Technology Committee, which Senator Rodriguez chairs.

According to the legislative calendar, the deadline for bills to pass out of the Senate is April 7, 2021, which means the bill will have to move quickly.

Below is a general overview of the bill as introduced.

Continue Reading Colorado Privacy Act Introduced

Keypoint: There were four notable developments this week: the Florida House passed a bill out of committee, lawmakers proposed a new bill in Texas, the Washington Privacy Act was  scheduled for a public hearing and committee session on March 17 and 19, respectively, and the Illinois Right to Know Act was scheduled for a March 19 hearing in the Cybersecurity, Data Analytics & IT Committee.

For the third week in a row, we are providing an update on the status of proposed CCPA-like privacy legislation. Before we get to our update, we wanted to provide three reminders.

First, we hosted a webinar on Virginia’s Consumer Data Protection Act on March 11. You can access the recording here.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of March 15, 2021

Keypoint: It was a busy week for privacy law. Since the update we provided last week Virginia’s bill was signed into law, bills in Washington and Oklahoma advanced, and Utah’s bill failed to pass before its legislative session closed.

Last week, we provided an update on the status of proposed CCPA-like privacy legislation. In that article, we noted that the contents were “time-sensitive and subject to change.” Typical to privacy law, in just a week, the landscape of these proposed laws changed dramatically. Given these changes, we decided to publish another update and, like last week, waited until a weekend when state legislatures are quiet.

Before we get to our update, we wanted to provide three reminders.

First, we will be hosting a webinar on Virginia’s Consumer Data Protection Act on March 11. You can register for the webinar here. If you are unable to attend the webinar live, you can still register, and we will email a copy of the presentation and a link to the webinar recording to you.

Second, we have been regularly updating our 2021 State Privacy Law Tracker to keep pace with the latest developments. We encourage you to bookmark the page for easy reference.

Third, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated.

Continue Reading Status of Proposed CCPA-Like State Privacy Legislation as of March 8, 2021