Keypoint: Plaintiffs’ attorneys continue to expand lawsuits relating to website tracking technologies.

Chick-fil-A once again found itself in the spotlight last week when it was named as a defendant in a lawsuit filed in the Northern District of California. The complaint alleges the plaintiff was harmed not by Chick-fil-A’s food products, but rather by Chick-fil-A’s operation of “Stories of Evergreen Hills,” which Chick-fil-A describes as a “series of animated short films, collectibles, and experiences created by Chick-fil-A®, Stories of Evergreen Hills™ follows a young girl named Sam as she discovers how little acts of kindness can bring people together.”

In the below post, we provide an overview of the case against Chick-fil-A and the Video Privacy Protection Act that forms the foundation of the plaintiff’s complaint.

2023 Data Privacy Tracker

Keypoint: It was another busy week with committee movement on the Indiana and Iowa consumer privacy bills while lawmakers introduced six consumer privacy bills in Illinois, Massachusetts, Minnesota, New Hampshire, Vermont and Washington, four biometric privacy bills in Arizona, Massachusetts, Minnesota and Tennessee, and two children’s privacy bills in Massachusetts and West Virginia.

Below is the third weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker and new 2023 State Children’s Privacy Law Tracker with links to the consumer data privacy and children’s privacy bills. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Keypoint: The draft CPA rules retain the hallmarks of what makes the CPA rules unique but contain some notable revisions and clarifications.

On Friday, January 27, 2023, the Colorado Attorney General’s Office published the third draft Colorado Privacy Act (CPA) rules. The Office previously published initial draft rules in October and revised rules in December. The Office published these revised rules shortly before its formal rulemaking hearing scheduled for February 1, 2023. The Office also extended the time for written comments until February 3, 2023.

In the below post we provide a high-level summary of some of the more notable changes to the draft rules in this latest revision. 

State Children's Privacy Tracker

The landscape of U.S. state privacy law is changing once again. In 2022, the California legislature passed The California Age-Appropriate Design Code Act (AB 2273), a first-in-the-nation law based on the United Kingdom’s Age-Appropriate Design Code. In 2023, more states are following California’s lead and introducing bills that seek to regulate private entities’

Keypoint: It was another busy week with lawmakers introducing consumer privacy bills in Hawaii, Indiana, Massachusetts and New York, biometric privacy bills in Hawaii and New York, and a health data privacy bill in Massachusetts.

Below is the second weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, as in past years, we will be regularly updating our State Privacy Law Tracker map with links to the consumer data privacy bills. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Keypoint: The 2023 state legislative session is off to a fast start with state lawmakers introducing consumer data privacy bills in eight states and numerous bills on biometric information, children’s privacy, health data privacy, data broker regulation, and automated employment decision tools.

We are back for our fourth year of tracking state privacy legislation and our third year of providing weekly updates. As in past years, we will track consumer data privacy legislation through our weekly updates and our State Privacy Law Tracker map.

With the rapid expansion of state privacy bill topics, we are expanding our coverage. Last year, we added biometric privacy bills and data broker bills to our weekly alerts. This year, we are adding children’s privacy, health data privacy, automated employment decision tools, and algorithmic discrimination bills.

The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

2023 Data Privacy Tracker

Update your bookmark, we just released our 2023 State Privacy Law Tracker.

With state legislatures starting to open for the 2023 session, lawmakers are already introducing CCPA-like consumer privacy bills.

For the third year in a row we will identify the states that are considering legislation and provide helpful links to the bills and

Keypoint: Employers who use automated employment decision tools in New York City will receive additional guidance on complying with Local Law 144 before enforcement begins on April 15, 2023.

New York City employers who use automated employment decision tools (“AEDTs”) now have until April 15, 2023, to prepare for compliance with New York City Local Law 144 which regulates usage of such tools. The law was to go into effect on January 1, 2023.

In the below post, we provide a brief overview of the law and its current rulemaking process.

Keypoint: The changes are mostly controller-friendly with modifications to the privacy notice, consent, and data protection assessment provisions likely to facilitate compliance; however, the draft rules retain many of the hallmark provisions that make the CPA rules a significant and important addition to the U.S. privacy law landscape.

On December 21, 2022, the Colorado Attorney General’s office published revised draft Colorado Privacy Act (CPA) rules. The Office originally published draft rules in September. The revised draft rules consider public input received by the Office through three stakeholder sessions held in November as well as written comments received through early December.

The Office will hold a public rulemaking hearing on February 1, 2023. Interested parties can submit written comments until February 1, 2023, although the Office recommends that comments be submitted by January 18, 2023, if they are intended to be considered at the hearing.

In the below post we provide a summary of some of the more notable changes to the draft rules. For a discussion of the initial draft rules please see our prior blog post and webinar.

Keypoint: The 2022 election may result in new states to watch during the 2023 state legislative session.

Until the federal government passes a preemptive federal privacy law, state legislatures will continue to be the driving force in the development of U.S. privacy law. While others have – appropriately – speculated on how the 2022 election could impact the future of federal legislation, this article analyses state election results to identify potential trends and states to watch in 2023. Although drawing conclusions across fifty states is impossible, as discussed below, a handful of states will be well-positioned to pass privacy legislation in 2023 should they choose to do so.