In February 2022, the Massachusetts legislature’s Joint Committee on Advanced Information Technology, the Internet and Cybersecurity voted unanimously to advance the Massachusetts Information Privacy and Security Act (S.2687). Shortly after the vote, we sat down with Representatives Dave Rogers and Andy Vargas, two of the bill’s co-sponsors, to discuss the bill.
During our
Keypoint: The requirements for recognizing opt-out preference signals for certain types of processing vary widely depending on which state laws apply.
This is the sixth post in our ten-part weekly series comparing key provisions of the California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), and Virginia Consumer Data Protection Act (VCDPA). With the operative dates of these laws drawing near, we are exploring important distinctions between them. If you are not already subscribed to our blog, consider subscribing now to stay updated.
In this article, we analyze how each of these laws treat opt-out preference signals. The California Consumer Privacy Act (CCPA), through its regulations, requires businesses to recognize such signals. However, the CPRA makes this an optional requirement. In contrast, Colorado will require controllers to recognize these signals as of July 1, 2024, whereas Virginia sits on the other end of the spectrum and does not require controllers to recognize them.
In the below article, we first discuss how California currently addresses this issue under the CCPA and how the CPRA will change those requirements. We then discuss Colorado’s approach.
This 18 minute on-demand webinar provides an overview of the Utah Consumer Privacy Act (UCPA). The UCPA passed the Utah legislature on March 3, 2022. Subject to the Governor’s approval, Utah will become the fourth state to enact consumer privacy legislation, following in the footsteps of California, Colorado, and Virginia.
The webinar provides an analysis
Keypoint: This week the Utah legislature passed the Utah Consumer Privacy Act, the Florida House passed HB 9, there was activity with bills in Connecticut, Nebraska and Washington, and Virginia lawmakers have now passed four VCDPA amendment bills.
Below is our eighth weekly update on the status of proposed state privacy legislation in 2022. Before we get to our update, we wanted to provide two reminders.
First, we regularly update our 2022 State Privacy Law Tracker to keep pace with the latest developments with CCPA-like privacy bills. We encourage you to bookmark the page for easy reference.
Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.
Keypoint: Organizations subject to these laws will need to determine whether they are engaging in “sales,” which can be a complex and multifaceted analysis given the statutes’ varying definitions and exemptions.
This is the fifth post in our ten-part weekly series comparing key provisions of the California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), and Virginia Consumer Data Protection Act (VCDPA). With the operative dates of these laws drawing near, we are exploring important distinctions between them. If you are not already subscribed to our blog, consider subscribing now to stay updated.
In this article, we analyze how each of these laws treat “sales” of personal information/data. The CPRA, CPA, and VCDPA all give consumers the right to opt-out of the sale of their personal information/data by businesses/controllers. Whether organizations need to provide this right is obviously dependent on whether they are selling personal data. That analysis, however, is complicated by the fact that the laws define “sale” differently and contain different exemptions. Reconciling the definitions and exemptions will be an important step for any organization complying with these laws.
In the below article, we analyze these issues by first comparing the definitions of sale under the three laws and then analyzing the various exemptions.
Keypoint: Utah is on the cusp of becoming the fourth state to pass consumer privacy legislation while Florida’s bill is now through one chamber.
There were two significant developments in state privacy law on March 2 with the Utah Senate passing SB 227 and the Florida House passing HB 9. Below are updates on both of the bills.
Keypoint: This week the Utah Senate and Wisconsin Assembly passed bills, the Florida House Judiciary Committee advanced HB9, new bills were introduced in Connecticut and Kentucky, and Virginia lawmakers passed a VCDPA amendment.
Below is our seventh weekly update on the status of proposed state privacy legislation in 2022. Before we get to our update, we wanted to provide two reminders.
First, we regularly update our 2022 State Privacy Law Tracker to keep pace with the latest developments with CCPA-like privacy bills. We encourage you to bookmark the page for easy reference.
Second, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.
As first reported by the IAPP’s Joe Duball, the Wisconsin Assembly voted 59-37 to pass AB 957. The bill is similar, but not identical, to the Virginia Consumer Data Protection Act (VCDPA).
Wisconsin is the second state (after Indiana) to pass a consumer privacy bill out of a chamber during the 2022 legislative
Keypoint: California legislators introduced eight bills to amend or supplement the CPRA, including AB2891 that seeks to extend the employee and business-to-business exemptions, and AB2871 that seeks to make those exemptions indefinite.
Last week, California lawmakers proposed eight bills to amend or supplement the California Privacy Rights Act (CPRA).
AB2871 and AB2891, both filed by Assembly Member Low on February 18, 2022, would extend the employee and business-to-business exemptions either indefinitely (AB2871) or until January 1, 2026 (AB2891). Both exemptions are currently set to sunset on January 1, 2023. The filing of these bills was first reported by Jennifer Ruehr. Whether either of these bills has a chance at passing remains to be seen.
Keypoint: This week Indiana’s bill continued to advance in the House (after previously passing the Senate), lawmakers voted bills out of committee in Iowa and Oklahoma, and new bills were introduced in Maine, Utah and Wisconsin.
Below is our sixth weekly update on the status of proposed state privacy legislation in 2022. Before we get to our update, we wanted to provide three reminders.
First, on February 23, 2022, we will be hosting a webinar to analyze the proposed CCPA-like privacy bills. For more information, and to register, click here.
Second, we regularly update our 2022 State Privacy Law Tracker to keep pace with the latest developments with CCPA-like privacy bills. We encourage you to bookmark the page for easy reference.
Finally, the contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following on LinkedIn and/or Twitter.