Join GT Of Counsel Darren Abernethy as he presents the session “Privacy, Digital Advertising and What’s Next” during the PrivacyConnect San Francisco webinar on Thursday, April 15 at 9:00 a.m. PST.

PrivacyConnect is a free, virtual series that provides an overview of the latest global regulatory updates, requirements, and trends. Through an interactive format attendees

What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed

The CPRA amended the CCPA’s definition of a service provider such that, beginning Jan. 1, 2023, a service provider could include any person (not just a legal entity), and a service provider could be a business that receives personal information “on behalf of” another business. The CPRA also added the requirement that written contracts contain

The California Online Privacy Protection Act (CalOPPA) requires operators of some commercial websites to disclose whether they respond to “Web browser ‘do not track’ signals or other mechanisms that provide consumer the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web

In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation. The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam.

Although the Virginia statute will not take effect until Jan. 1, 2023, companies

In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –

No.

The CCPA permits consumers to “institute a civil action” only where consumer “nonencrypted or nonredacted personal information” is “subject to an unauthorized access and exfiltration, theft, or disclosure.” [1] The CCPA does not provide a private right of action, nor does it provide statutory damages, if a company violates its obligation to disclose to