Keypoint: Last week, the Nebraska Governor signed the Nebraska Data Privacy Act into law, the Maine legislature closed without passing a consumer data privacy bill, Colorado’s biological/neural data bill was signed into law, and there were developments with bills in California, Virginia, Minnesota, Vermont, Wisconsin and Iowa.

Below is the thirteenth weekly update on the status of proposed state privacy legislation in 2024.

Continue Reading Proposed State Privacy Law Update: April 22, 2024

In early April, the Maryland legislature passed the Maryland Age-Appropriate Design Code Act (SB 571 / HB 603). In this fifteen minute webinar, HB privacy attorney Shelby Dolen provides an overview of the Maryland bill and how it will impacts covered entities. The webinar is available exclusively to HB privacy clients through Byte Back+.

If you are an HB privacy client and already have access to Byte Back+ click here. The webinar is available in the “Webinars” section of Byte Back+. If you are an HB privacy client but do not yet have access, click here to request log-in credentials.

With its unique provisions and requirements, the Maryland Online Data Privacy Act (MODPA) adds a new dimension to state privacy law that will create additional compliance burdens for covered entities. HB privacy partner David Stauss unpacks and explains MODPA in a twenty-five minute on-demand webinar available exclusively to HB privacy clients through Byte Back+.

If you are an HB privacy client and already have access to Byte Back+ click here. The webinar is available in the “Webinars” section of Byte Back+. If you are an HB privacy client but do not yet have access, click here to request log-in credentials.

Keypoint: Nebraska is the seventeenth state legislature to pass consumer data privacy legislation with a bill that largely tracks the Texas Data Privacy and Security Act.

On April 11, 2024, the Nebraska legislature passed the Nebraska Data Privacy Act (LB 1074). We have been tracking the bill since it was first introduced under LB 1294. That bill never advanced out of committee; however, it was added to LB 1074 in late March as part of a larger multi-subject 139 page bill. The bill unanimously passed Nebraska’s unicameral legislature on April 11. It now heads to Nebraska Governor Jim Pillen. Assuming the bill becomes law, Nebraska will become either the sixteenth or seventeenth state to enact consumer data privacy legislation, depending on whether Maryland’s bill, which passed the Maryland legislature last Saturday, is enacted first.

The Nebraska bill largely tracks the Texas Data Privacy and Security Act, but with some differences we identify below. As with prior bills, we have added the Nebraska bill to our chart providing a detailed comparison of laws enacted to date. We also have added Nebraska to our sensitive data comparison chart.

Continue Reading Nebraska Legislature Passes Consumer Data Privacy Bill

Keypoint: Two California state court decisions have addressed motions to dismiss claims under the novel “pen registry” and “tap and trace” theories, but reached different outcomes after finding different policy considerations more important.

In July 2023, a Southern District of California District Court denied a motion to dismiss in Greenley v. Kochava, 2023 WL 4833466 (S.D. Cal. July 27, 2023), in which the plaintiff argued a SDK developer violated California laws that prohibited use of a “pen registry” and “tap and trace” device by building into the SDK code that forwarded location information to the SDK developer.

Continue Reading Privacy Litigation Alert: Two California decisions weigh in on pen registry and “tap and trace” tech claims – but reach different results

Keypoint: Maryland’s bill diverges from other Washington Privacy Act variants passed to date with unique data minimization, sensitive data, minor’s data privacy, and unlawful discrimination provisions (among others).

On April 6, 2024, the Maryland legislature passed the Maryland Online Data Privacy Act of 2024 (MODPA) (SB 541). A companion House bill (HB 567) also appears likely to pass before the legislature closes on April 8. Subject to the procedural formalities in the legislature, the bills will next head to Maryland Governor Wes Moore for consideration.

Assuming MODPA becomes law, Maryland will become the sixteenth state to pass broad consumer data privacy legislation. However, Maryland will be the first state to pass a Washington Privacy Act variant that contains unique provisions regarding data minimization, sensitive data, minor’s data privacy, and unlawful discrimination – among other provisions. In doing so, Maryland injects a new wrinkle into the state privacy law debate much like Washington did with last year’s My Health My Data Act. MODPA also contains a low threshold for applicability such that even smaller companies may need to comply with its provisions.

The below article analyzes MODPA’s contours, including some of its more notable provisions and deviations. We also have added MODPA to our chart providing a detailed comparison of the laws enacted to date. It should be noted that – as of the date of this article – the bills available on the legislature’s website have not yet been updated to reflect the final amendments although we have included those amendments in our analysis.

The Maryland legislature also passed Age-Appropriate Design Code Act companion bills (SB 571 / HB 603). We will provide a separate article analyzing those bills.

Continue Reading Maryland Legislature Passes Consumer Data Privacy Bill

Keypoint: Last week, the Maryland legislature passed consumer data privacy and Age-Appropriate Design Code Act bills, the Kentucky Governor signed HB 15 into law, three bills advanced out of a California Assembly Committee, and there was movement with bills in Minnesota, Vermont, Louisiana, Illinois and Colorado.

Below is the eleventh weekly update on the status of proposed state privacy legislation in 2024.

Continue Reading Proposed State Privacy Law Update: April 8, 2024

Keypoint: Multiple decisions from the same judicial district come down differently on wiretapping claims while three courts in different states each reject VPPA-defendants’ arguments that the plaintiffs lacked Article III standing.

Welcome to the twelfth installment in our monthly data privacy litigation report. Not only does this month’s post mean we have been doing this for over a year now (and actually a little longer as there was at least one post that combined two months of updates into one post because, well, holidays), but more importantly we are releasing this post on the eve of heading to Washington, D.C. to attend the IAPP Summit. If you will be there, make sure to come and meet us!

We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we look at three decisions from the Southern District of California, each of which addressed nearly identical factual allegations and legal arguments but reached different conclusions. We also take a look at three VPPA decisions denying motions to dismiss regarding claims premised on the Meta Pixel that highlight how district courts are addressing Article III standing objections and the required specificity of a plaintiff’s allegations at the pleading stage.

If you are a Byte Back+ member, you will also see our coverage on recent lawsuits beyond the wiretapping and VPPA claims, including the recent trend of cases brought under pen registry laws and efforts against plaintiffs who have brought wiretapping claims in private arbitration rather than the public courts. Interested in learning more about Byte Back+? Click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.

Continue Reading U.S. Privacy Litigation Update: March 2024

Keypoint: Last week, the Kentucky legislature passed a consumer data privacy bill, Colorado passed an amendment to the Colorado Privacy Act, and there was movement on bills in Maine, Maryland, Rhode Island, and Vermont.

Below is the tenth weekly update on the status of proposed state privacy legislation in 2024.

Continue Reading Proposed State Privacy Law Update: April 1, 2024