Keypoint: In states with “two-party” consent laws, Privacy-Plaintiffs are bringing class action lawsuits against companies that use “session replay” technology on their websites.

Last month in the Northern District of Illinois a class action complaint was filed that alleges two defendants, TikTok and ByteDance, violate Federal and State wiretapping laws. The complaint alleges the conduct violates the Federal Wiretap Act and Massachusetts, Maryland, and Missouri state equivalent laws. The complaint does not allege violation of California, Florida, or Pennsylvania wiretapping laws despite similar claims being filed most often in these jurisdictions. The complaint also does not allege violation of any Illinois statute despite being filed in the Norther District of Illinois.

In this post, we explain what session replay technology is and how courts across jurisdictions have handled claims that the technology violates wiretapping statutes in two-party (also known as “all party”) consent states to date.

This article is part of our ongoing series of articles examining different types of privacy lawsuits filed across the country. Please click here to read our prior article on Video Privacy Protection Act lawsuits.

2023 Data Privacy Tracker

Keypoint: Last week a narrow consumer privacy bill passed the New Jersey Senate, a children’s privacy bill passed the Virginia House, new consumer privacy bills were filed in New York, Rhode Island, Tennessee, Texas, and Washington, and new children’s privacy bills were filed in New Mexico, New York, and Utah.

Below is the fourth weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker and new 2023 State Children’s Privacy Law Tracker and 2023 State Biometric Privacy Law Tracker. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Keypoint: With the Board’s approval secured, the Agency will now send the final rulemaking package to the Office of Administrative Law for review.

On Friday, February 3, 2023, the Board of the California Privacy Protection Agency (Agency) voted to adopt and approve the Agency’s rulemaking package. The rulemaking package includes a redline of the final regulations, a final statement of reasons, and two appendices to the final statement of reasons with responses to comments received during the 45 day and 15 day comment periods. The Agency did not substantively change the regulations from the draft the Agency published in November.

bio map

With state legislatures opening across the country, lawmakers in numerous states are introducing bills to regulate private entities’ processing of biometric information. These bills, many of which are similar to the Illinois Biometric Information Privacy Act (BIPA), could change the landscape of U.S. state privacy law.

With the influx of bills, we are releasing our

Keypoint: Plaintiffs’ attorneys continue to expand lawsuits relating to website tracking technologies.

Chick-fil-A once again found itself in the spotlight last week when it was named as a defendant in a lawsuit filed in the Northern District of California. The complaint alleges the plaintiff was harmed not by Chick-fil-A’s food products, but rather by Chick-fil-A’s operation of “Stories of Evergreen Hills,” which Chick-fil-A describes as a “series of animated short films, collectibles, and experiences created by Chick-fil-A®, Stories of Evergreen Hills™ follows a young girl named Sam as she discovers how little acts of kindness can bring people together.”

In the below post, we provide an overview of the case against Chick-fil-A and the Video Privacy Protection Act that forms the foundation of the plaintiff’s complaint.

2023 Data Privacy Tracker

Keypoint: It was another busy week with committee movement on the Indiana and Iowa consumer privacy bills while lawmakers introduced six consumer privacy bills in Illinois, Massachusetts, Minnesota, New Hampshire, Vermont and Washington, four biometric privacy bills in Arizona, Massachusetts, Minnesota and Tennessee, and two children’s privacy bills in Massachusetts and West Virginia.

Below is the third weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, we are regularly updating our 2023 State Privacy Law Tracker and new 2023 State Children’s Privacy Law Tracker with links to the consumer data privacy and children’s privacy bills. We encourage you to bookmark the pages for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Keypoint: The draft CPA rules retain the hallmarks of what makes the CPA rules unique but contain some notable revisions and clarifications.

On Friday, January 27, 2023, the Colorado Attorney General’s Office published the third draft Colorado Privacy Act (CPA) rules. The Office previously published initial draft rules in October and revised rules in December. The Office published these revised rules shortly before its formal rulemaking hearing scheduled for February 1, 2023. The Office also extended the time for written comments until February 3, 2023.

In the below post we provide a high-level summary of some of the more notable changes to the draft rules in this latest revision. 

State Children's Privacy Tracker

The landscape of U.S. state privacy law is changing once again. In 2022, the California legislature passed The California Age-Appropriate Design Code Act (AB 2273), a first-in-the-nation law based on the United Kingdom’s Age-Appropriate Design Code. In 2023, more states are following California’s lead and introducing bills that seek to regulate private entities’

Keypoint: It was another busy week with lawmakers introducing consumer privacy bills in Hawaii, Indiana, Massachusetts and New York, biometric privacy bills in Hawaii and New York, and a health data privacy bill in Massachusetts.

Below is the second weekly update on the status of proposed state privacy legislation in 2023. Before we get to our update, we wanted to provide two reminders.

First, as in past years, we will be regularly updating our State Privacy Law Tracker map with links to the consumer data privacy bills. We encourage you to bookmark the page for easy reference.

Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.

Keypoint: The 2023 state legislative session is off to a fast start with state lawmakers introducing consumer data privacy bills in eight states and numerous bills on biometric information, children’s privacy, health data privacy, data broker regulation, and automated employment decision tools.

We are back for our fourth year of tracking state privacy legislation and our third year of providing weekly updates. As in past years, we will track consumer data privacy legislation through our weekly updates and our State Privacy Law Tracker map.

With the rapid expansion of state privacy bill topics, we are expanding our coverage. Last year, we added biometric privacy bills and data broker bills to our weekly alerts. This year, we are adding children’s privacy, health data privacy, automated employment decision tools, and algorithmic discrimination bills.

The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.