Trevor Plaza’s Post

Thank you shoutout to Matt Schwartz of Consumer Reports for featuring Vermont in his piece: Consumer Reports praises Vermont legislature for passing groundbreaking privacy bill. Excerpt: 'The Vermont state legislature advanced a privacy bill supported by Consumer Reports that marks a significant development in state privacy law. If the bill is approved by Governor Phil Scott, Vermont would become the eighteenth state to extend baseline privacy rights to consumers, including the right to access, delete, and stop the sale of their personal information. CR worked with lawmakers throughout the session to improve the legislation, including by requiring data minimization standards and a private right of action that will allow consumers to sue large companies when they violate the law. It is scheduled to go into effect on July 1, 2025. The Vermont bill, H. 121, has several novel provisions that make it much stronger than most state privacy bills... “We commend Vermont lawmakers for standing strong in the face of Big Tech lobbying and enacting truly meaningful privacy legislation that will protect the personal information of their constituents,” said Matt Schwartz, policy analyst at Consumer Reports... If H. 121 is signed by Governor Scott, Vermont would become the sixth state to pass a comprehensive privacy law this year, following New Jersey, New Hampshire, Kentucky, Nebraska, and Maryland.' [ Read the full article: https://bit.ly/consumer121 ] #dataprivacy #consumerprotection #techpolicy FYI Jason Gibbs Kendal Smith

From Kramer Levin Naftalis & Frankel LLP: On April 7, 2024, Sen. Maria Cantwell, chair of the Senate Commerce Committee, and Rep. Cathy McMorris Rodgers, chair of the House Energy and Commerce Committee, advanced a new federal privacy bill to the House floor titled the American Privacy Rights Act (APRA). Although it is not yet law, many observers are optimistic that the APRA will move forward due to its bipartisan support and the compromises it reaches on the issues of preemption and private rights of action, which have stalled prior federal privacy bills. #dataprivacy #congress #apra #dataholders #stateprivacylaws

American Privacy Rights Act of 2024: What to Know and Where It Stands | Texas Lawyer: In April, Chair Cathy McMorris Rodgers and Chair Maria Cantwell introduced the American Privacy Rights Act of 2024 (APRA), a bipartisan federal privacy bill aimed at expanding enforcement mechanisms for privacy rights. The bill would provide enforcement powers to the Federal Trade Commission and state attorneys general, as well as a private right of action for certain breaches of defined privacy rights. The APRA would have broad coverage, applying to entities that determine the purpose and means of collecting, processing, retaining, or transferring covered data and are subject to the FTC's authority. It also outlines requirements for large data holders, data brokers, and covered high-impact social-media companies. The bill includes exemptions for small businesses, governments, and entities collecting data on behalf of a government entity, as well as fraud-fighting nonprofits.

Prop. 24 expressly provides that “[e]nforcement of provisions of law contained in the California Consumer Privacy Act of 2018 amended by this act shall remain in effect and shall be enforceable until the same provisions of this act become enforceable.” (§ 1798.185, subd. (d).) The superior court order reaffirms the same, stating that “regulations previously passed pursuant to the CCPA will remain in full force and effect until superseding regulations passed by the Agency become enforceable in accordance with the Court’s Order.” (Vol. 8, Tab 12, p. 2222.) However, because the recently enacted Prop. 24 regulations superseded the prior regulations in many respects, it is not clear whether the prior regulations are still effective and enforceable, notwithstanding the superior court’s order. The superior court’s order essentially creates two competing standards that are in place at the same time: the standards under the 2018 CCPA and its implementing regulations, and the standards under Prop. 24 and its implementing regulations. The Prop. 24 regulations went into effect as of March 29, 2023, and superseded the 2018 regulations. While the superior court’s order enjoined enforcement of the Prop. 24 regulations, it did not purport to render them legally ineffective. However, the superior court’s order also provides, consistent with what the voters intended, that “regulations previously passed pursuant to the CCPA will remain in full force and effect until superseding regulations passed by the Agency become enforceable in accordance with the Court’s Order.” (Vol. 8, Tab 12, p. 2222; see also § 1798.185, subd. (d).) This leaves businesses in a state of uncertainty as to which regulations they should be complying with: the 2018 regulations, which were ostensibly superseded but are still enforceable under the court’s order, or the Prop. 24 regulations, which are technically in effect, but are not enforceable under the court’s order to the extent they were a required regulation under Prop. 24. Similarly, this leaves consumers in a state of uncertainty as to what rights and protections they currently have under the law.

In our latest #FMG blog, we explore Vermont's 2024 proposed Data Privacy Act (VDPA), which grants residents the right to sue large data holders. This sets Vermont apart from California's Consumer Privacy Act (CCPA) and highlights the evolution of state privacy laws in the U.S. Click the link below to learn more. FMG authors: Justin Boron, Matt Delfino, and Danielle Ocampo. #FMGLaw #CyberPrivacyandSecurity #Vermont #California https://bit.ly/4cfNWDA

Client Alert: On September 11, 2023, Delaware became the latest state to enact comprehensive privacy legislation, following the recent enactments of data privacy laws in Iowa, Indiana, Florida, Montana, Tennessee, Texas, and Oregon. Currently, other states with data privacy laws include California, Colorado, Connecticut, Utah, and Virginia.   Click below to read more from Slaven Jesic and Keith Moulsdale.

On Bloomberg today, my Goodwin colleague Federica De Santis and I write about New Jersey’s new privacy law. Just like my home state itself, this new law has its quirks and unique attributes. Learn more here: https://lnkd.in/e945_SPC #privacylaw

A U.S. District Court judge temporarily halted California's Age-Appropriate Design Code Act (CAADCA) from taking effect. This groundbreaking legislation aimed to regulate online products and services to ensure they were suitable for children. It was scheduled to take effect on July 1, 2024. This ruling could serve as a road map for challenging other expansive state privacy laws that impose compelled speech obligations. For more details, read Fenwick’s Tyler Newby and Heba Tawadross’ latest client alert for a full breakdown of the decision: https://ow.ly/17Nr50PPryz #CAADCA #PrivacyLaw #PrivacyCompliance

What does the Colorado Privacy Act mean for consumers and businesses? Learn about the CPA’s applicability, consumer rights, and compliance in this deep dive article from FW privacy attorney Chris Spurr, Esq., CIPP/US, CIPM.   #ColoradoPrivacyAct #DataSecurity

Did you know that the California legislature just introduced the first bill to amend the CCPA (California Children’s Data Privacy Act (AB 1949)? In short, the proposed amendments would: 1) Increase the age for affirmative consent to “share” or “sell” (as defined in the CCPA) personal information of children from 16 years old up to 18. 2) Expand requirement to obtain affirmative consent for children under 18 to the collection and use of sensitive personal information for purposes not explicitly enumerated under the CCPA. 3)  The California Privacy Protection Agency (CPPA) will need to adopt regulations to establish technical specifications for opt-out signals for children. This bill would require an extension of GPC signal or a similar signal to specify the age group of the user. The modifications proposed by the bill would only affect organizations that are subject to the CCPA. The bill is meant to protect children’s privacy online considering the Children’s Age-Appropriate Design Code Act (CAADCA) is on ice. https://lnkd.in/epFVrsMX