2022 is poised to be a busy year for privacy, as California begins rulemaking for its updated consumer privacy statute and dozens of states are expected to reintroduce legislation. GT Data, Privacy & Cybersecurity Global Co-Chair Gretchen A. Ramos is quoted in this Jan. 3 Bloomberg Law article. Click here to read the full article

Global Privacy Control, a way for consumers to signal privacy preferences to a host of websites without manually reaching out to each one, is gaining traction. It is unclear if it can be used as a legal compliance mechanism. GT Shareholder Darren Abernethy is quoted in this article on Global Privacy Control and privacy laws

The terms “deidentified” and “deidentification” are commonly used in modern privacy statutes and are functionally exempt from most privacy- and security-related requirements. As indicated in the chart below, differences exist between how the term was defined in the California Consumer Privacy Act (CCPA) and how it was defined in later state privacy statutes set to

Hosted by the University of Colorado Law School, U.S. Data, Privacy, and Cybersecurity Practice Co-Chair David Zetoony will present on his new book, “The Desk Reference Companion to the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).” This reference guide collects over 500 of the most common questions concerning

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The California Privacy Rights Act, which is scheduled to go into effect in 2023, states that if a company “shares” personal information with a third party that is engaged in cross-context behavioral advertising, the company must provide the consumer with the ability to “opt-out” of the sharing.1 Furthermore, under the CPRA a business must

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the speed with which they respond to the data subject requests that they received in the previous calendar year. Among other things, businesses must report the average or

The CCPA Regulations require that businesses that buy, receive, sell, or share personal information about more than 10 million Californians disclose metrics within their privacy notices regarding the quantity of data subject requests that they received in the previous calendar year. Among other things, businesses must publicly report the number of access and deletion requests