Privacy Law Section

On March 23, 2022, the Oklahoma House passed the Oklahoma Computer Data Privacy Act (HB 2969) 74-15. However, HB 2969 failed to advance past the Senate Judiciary committee in April 2022. Senator Julie Daniels (R-Bartlesville), who chaired the Senate Judiciary meeting, declined to grant the bill a hearing. Read more

May 2022 By Alyona Eidinger As it was reported in the February issue of the Privacy Law Review, Senator Bob Wieckowski  introduced SB 1189, or Biometric Information, a measure in the California Senate on February 17, 2022. This bill, partially based on the Illinois’s Biometric Information Privacy Act (“BIPA”), establishes very specific rules for collection, disclosure, and sale of biometric information by a “Private Entity.” The definition of the private entity is very broad and includes “an individual, partnership, corporation,… Read more

Lately, it seems with every passing month, the adtech world is more and more shaken up by privacy regulation. When I sit down to write these updates, I make a list of what has happened in adtech privacy since my last article, and every time I end up with a ridiculously long list. It reminds me of the song “We didn’t start the fire” by Billy Joel. It's an ever-growing list. There’s so much on the list that there’s no time to dig into each topic. (I guess that could be said about privacy in general too). Read more

The Ninth Circuit court of appeals has yet again, held that data scraping public websites is not unlawful. hiQ Labs, Inc. v. LinkedIn Corp., decided on April 18, affirms the court’s previous decision that plaintiffs may not rely on the Computer Fraud and Abuse Act (“CFAA”) to enjoin third parties from scraping data from their websites. Data scraping refers to the extraction of data from websites, whether public facing or not. Because that practice is not per se illegal, parties must rely on statutes like the CFAA to protect that data. Read more

On March 15, 2022, President Joseph Biden signed H.R. 2471, the Consolidated Appropriations Act, 2022, into law. Division Y of the Appropriations Act, titled the “Cyber Incident Reporting for Critical Infrastructure Act of 2022” (the Act), establishes new cybersecurity reporting requirements for the owners or operators of critical infrastructure. Read more

In March 2022, the European Data Protection Board published its draft "Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them" (the "Guidelines") for public consultation. While these guidelines were drafted specifically with social media platforms in mind, they can also provide recommendations and guidance that are relevant for the design of any websites and applications given that the existence of a "dark pattern" may constitute a breach of certain GDPR requirements such as consent. Read more

CLA’s Privacy Law Section summarizes important developments in California privacy and beyond. Read more

Please join CLA’s Privacy Law Section for our special breakout session during Legislative Day on April 6, 2022. This session provides an excellent opportunity to explore legislative issues on the horizon in the area of privacy law and to interact directly with key decision makers. Read more

CLA’s Privacy Law Section summarizes important developments in California privacy and beyond. Read more

This session will begin with a brief presentation on the definitions of “sensitive data” under existing legal regimes (CPRA, VCDPA, and CPA), with a specific discussion of the legal parameters of non-HIPAA and non-CMIA consumer health data. Read more