Privacy Law Section

On Thursday, April 21, 2022, the U.S. Department of Commerce released a statement by Commerce Secretary Raimondo on the Establishment of the Global Cross-Border Privacy Rules (CBPR) Forum. Read more

On April 13, The California Privacy Protection Agency (CPPA) announced it will hold Pre-Rulemaking Stakeholder Sessions via Zoom video and telephone conference. The stakeholder sessions will be held on May 4th, May 5th, and May 6th, 2022. These sessions are intended to provide stakeholders to speak on topics relevant to the upcoming rulemaking, assisting the Agency as it develops regulations. Read more

On April 1, 2022, Japan is set to begin enforcement on the amendment to its Act on the Protection of Personal Information (“APPI”). The APPI was originally adopted in 2003 – making it one of the first data protection regulations. However, with the passing of the EU’s General Data Protection Regulation (“GDPR”) and China’s Personal Information Protection Law (“PIPL”), Japan has now overhauled its own data protection law in order to meet the current privacy climate. Read more

On March 23, 2022, the Oklahoma House passed the Oklahoma Computer Data Privacy Act (HB 2969) 74-15. However, HB 2969 failed to advance past the Senate Judiciary committee in April 2022. Senator Julie Daniels (R-Bartlesville), who chaired the Senate Judiciary meeting, declined to grant the bill a hearing. Read more

May 2022 By Alyona Eidinger As it was reported in the February issue of the Privacy Law Review, Senator Bob Wieckowski  introduced SB 1189, or Biometric Information, a measure in the California Senate on February 17, 2022. This bill, partially based on the Illinois’s Biometric Information Privacy Act (“BIPA”), establishes very specific rules for collection, disclosure, and sale of biometric information by a “Private Entity.” The definition of the private entity is very broad and includes “an individual, partnership, corporation,… Read more

Lately, it seems with every passing month, the adtech world is more and more shaken up by privacy regulation. When I sit down to write these updates, I make a list of what has happened in adtech privacy since my last article, and every time I end up with a ridiculously long list. It reminds me of the song “We didn’t start the fire” by Billy Joel. It's an ever-growing list. There’s so much on the list that there’s no time to dig into each topic. (I guess that could be said about privacy in general too). Read more

The Ninth Circuit court of appeals has yet again, held that data scraping public websites is not unlawful. hiQ Labs, Inc. v. LinkedIn Corp., decided on April 18, affirms the court’s previous decision that plaintiffs may not rely on the Computer Fraud and Abuse Act (“CFAA”) to enjoin third parties from scraping data from their websites. Data scraping refers to the extraction of data from websites, whether public facing or not. Because that practice is not per se illegal, parties must rely on statutes like the CFAA to protect that data. Read more

On March 15, 2022, President Joseph Biden signed H.R. 2471, the Consolidated Appropriations Act, 2022, into law. Division Y of the Appropriations Act, titled the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act), establishes new cybersecurity reporting requirements for the owners or operators of critical infrastructure. Read more

In March 2022, the European Data Protection Board published its draft "Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them" (the "Guidelines") for public consultation. While these guidelines were drafted specifically with social media platforms in mind, they can also provide recommendations and guidance that are relevant for the design of any websites and applications given that the existence of a "dark pattern" may constitute a breach of certain GDPR requirements such as consent. Read more

CLA’s Privacy Law Section summarizes important developments in California privacy and beyond. Read more