Photo of Shelby Dolen

Clients and legal teams appreciate Shelby’s passion for the law as it relates to protecting technology and company assets. She regularly monitors and researches fast-changing consumer privacy laws, with the understanding that critical strategy and success for any business includes oversight of data privacy policies and intellectual property portfolios.

Which States Will Consider CCPA-Like Consumer Privacy Bills in 2022?Keypoint: At least fifteen state legislatures are poised to consider CCPA-like consumer privacy legislation in 2022 with lawmakers in Arizona, Connecticut, Florida, Minnesota, Mississippi, and Washington confirming they will be introducing bills, a bill already being pre-filed in Maryland, and eight states with bills that will carry over from the 2021 session.

The continuing emergence of proposed state privacy laws will be a dominant story for privacy professionals in 2022.

In 2021, lawmakers in twenty-seven states proposed CCPA-like privacy legislation. We tracked these bills through our weekly updates, State Privacy Law Tracker, and Legislating Data Privacy podcast series.

This year, we contacted lawmakers who proposed bills in 2021 and asked them to share their plans for 2022. We received many responses, which we chronicle below along with updates on bills that we have been tracking over the summer and fall. Of particular note, Representatives Shelley Kloba (Washington), Steve Elkins (Minnesota), and Collin Walke (Oklahoma) provided extensive comments on their 2022 proposals.Continue Reading Which States Will Consider CCPA-Like Consumer Privacy Bills in 2022?

Keypoint: Advertising platform settles with the FTC over allegations that it collected location data without consent and collected information from child-directed apps without notice or parental consent in violation of the FTC Act and COPPA.

Online advertising exchange platform, OpenX Technologies, Inc., has been ordered to pay $2 million of a $7.5 million judgment to settle Federal Trade Commission allegations that it misrepresented its data collection, use, and disclosure practices as it concerns personal information collected from children and location information collected from consumers who had not granted or had denied requisite location permissions.Continue Reading Behind the Scenes but Not Above the Law: Advertising Platform OpenX To Pay $2 Million FTC Settlement

CPRA Regulations: California Privacy Protection Agency Commences Preliminary Rulemaking ProcessKeypoint: The California Privacy Protection Agency initiates preliminary rulemaking activities under the California Privacy Rights Act.

On Wednesday, September 22, 2021, the California Privacy Protection Agency (Agency) issued an Invitation for Preliminary Comments on Proposed Rulemaking Under the California Privacy Rights Act of 2020.

California voters approved the California Privacy Rights Act (CPRA) in November 2020. The CPRA, which goes into effect on January 1, 2023, significantly revises the California Consumer Privacy Act (CCPA).Continue Reading CPRA Regulations: California Privacy Protection Agency Commences Preliminary Rulemaking Process

Oklahoma Privacy BillKeypoint: The 2022 legislative session of proposed state consumer privacy legislation kicks off with the filing of a new bill in Oklahoma.

On September 9, 2021, Rep. Collin Walke (D) and Majority Leader Rep. Josh West (R) filed the Oklahoma Computer Data Privacy Act of 2022. The Oklahoma legislature is not scheduled to convene until February 7, 2022, such that there is ample time for policymakers and lobbyists to study the bill. We spoke with Representative Walke earlier this year about his goal of passing a privacy law in 2022.

In an accompanying press release, Representative Walke stated: “The National Security Commission on Artificial Intelligence explained that America is ill-prepared for the next decade of technological development, and part of that is due to a lack of governmental action in regulating things like data privacy. It is time that we heed the advice of security experts like the National Security Commission and pass meaningful data privacy legislation. We must be part of the solution and not the problem.”

In 2021, the Oklahoma House passed another privacy bill but it did not make it out of the Senate Judiciary Committee. According to Rep. Walke, the 2021 version will still be alive when the 2022 legislative session convenes such that Oklahoma lawmakers will have two bills to consider.

Below is an overview of the 2022 bill (as introduced).

In addition, members of Husch Blackwell’s privacy and data security practice will be hosting a webinar on September 28 to discuss developments in U.S. privacy law, including the 2022 Oklahoma bill. Click here to register.Continue Reading 2022 Oklahoma Computer Data Privacy Act Filed

Keypoint: A detailed analysis of the Attorney General’s twenty-seven published examples of noncompliance notices sent during the first year of CCPA enforcement reveals key learnings for CCPA compliance efforts.

In July, the California Attorney General published twenty-seven “illustrative examples” of noncompliance notices it sent to businesses during its first year of enforcing the CCPA. The examples provide a rare glimpse into the Attorney General’s enforcement priorities.

The office sent enforcement notices to a wide range of businesses spanning a variety of industries. The alleged violations primarily concerned privacy policy disclosures, consumer requests, and opt-out of sale requirements. Other noncompliance topics included service provider contracts and “just in time” notices.

Below is an analysis of the published enforcement examples. The office emphasizes, however, that the information provided “does not include all the facts of each situation and does not constitute legal advice.”Continue Reading CCPA Update: Analysis and Key Takeaways from AG’s Example Enforcement Cases

Keypoint: The Colorado Senate unanimously passed the Colorado Privacy Act after amending the bill to add back many of the privacy protections previously removed.

On May 26, 2021, the Colorado Senate unanimously passed the Colorado Privacy Act. The bill now moves to the State Assembly. The Colorado legislature is scheduled to close on June 12 so we will know in just a matter of weeks (if not sooner) if Colorado will become the third state to enact broad consumer privacy legislation.

Two House sponsors were added to the bill – Republican Terri Carver and Democrat majority co-whip Monica Dunn. The addition of bipartisan House sponsors perhaps signals that the bill has momentum to pass the House.

Notably, the Senate significantly amended the bill from the version previously passed by the Senate Business, Labor & Technology Committee. As discussed in our May 12 post, the Senate committee had revised many of the bill’s pro-consumer provisions to pro-business provisions. The bill that ultimately passed the Senate (see here) reverted many of those changes. Below is a summary of some of the notable revisions.Continue Reading Significantly Amended (Again) Colorado Privacy Act Passes Senate

Keypoint: Bill would expand COPPA to protect 13 to 15 year olds.

On May 11, Senators Edward J. Markey (D-Mass) and Bill Cassidy (R-La) introduced the Children and Teens’ Online Privacy Protection Act. The legislation seeks to amend the Children’s Online Privacy Protection Act (COPPA), 15 U.S.C. §§ 6501-6505, to “strengthen protections relating to the online collection, use, and disclosure of personal information of children and minors.”Continue Reading Senators Propose Bipartisan Bill to Amend COPPA

Keypoint: The Colorado Privacy Act passed unanimously out of committee last week but not before lawmakers revised many of its pro-consumer provisions to pro-business.

On May 5, 2021, the Colorado Senate Business, Labor & Technology Committee unanimously passed the Colorado Privacy Act. The bill was sent to the Senate Appropriations Committee where it is scheduled for a May 14 hearing.

Before passing the bill, the Senate Committee accepted a number of amendments that changed many of the bill’s pro-consumer privacy provisions in favor of pro-business provisions. As it stands, the bill appears to be an even more business-friendly version of the Virginia Consumer Data Protection Act (VCDPA). For reference, the VCDPA and Colorado bill are both based on this year’s version of the Washington Privacy Act, which failed to pass the Washington legislature in April.

Below is an analysis of some of the more notable amendments.

For reference, the current version of the bill is available here and the original version of the bill is available here. Our analysis of the original bill is available here.Continue Reading Significantly Amended Colorado Privacy Act Passes out of Senate Committee

Keypoint: Bill would add right to deletion to COPPA.

Senators introduced the “Clean Slate for Kids Online Act of 2021” in the United States Senate last week. The bill seeks to amend the Children’s Online Privacy Protection Act (“COPPA”).

The bill provides individuals with the right to delete personal information the operator collected from the individual as a child. The right to delete applies even in instances where parental consent was provided for the collection of the personal information.Continue Reading Senators Reintroduce Bill to Amend COPPA

Keypoint: Proposed bills would amend Nevada privacy legislation to provide consumers with a broader right to opt out of sales.

In 2019 – shortly after the CCPA was enacted – Nevada amended its online privacy notice statutes, NRS 603A.300-360, to provide consumers with the right to opt out of sales. However, contrary to the CCPA’s broad definition of “sale,” the Nevada law defines sale narrowly as “the exchange of covered information for monetary consideration by the operator to a person for the person to license or sell the covered information to additional persons.”Continue Reading Nevada Bills Would Broaden State’s Right to Opt-Out of Sale of Covered Information