Data protection authorities worldwide, including France’s Commission Nationale de l’Informatique et des Libertés (CNIL), the California attorney general (CAG), and the U.S. Federal Trade Commission (FTC), recently have indicated their intention to increase privacy enforcement efforts against mobile apps. As the digital landscape continues to evolve, data protection and privacy concerns remain

Three months prior to the enforcement date of the California Consumer Privacy Act (CCPA), as amended, the California Office of Administrative Law approved the updated CCPA Regulations (final rulemaking documents will be posted here after processing). These updates take into account the CCPA’s expanded scope following its amendment by the California Privacy Rights

The CCPA states that a service provider must be contractually prohibited from “retaining, using, or disclosing the personal information [provided to it by a business] for any purpose other than for the business purposes specified in the contract for the business . . . .”[1] That prohibition, however, may not apply to information once

Three modern privacy statutes incorporate the concept that individuals should be able to broadcast a signal from their browser or device that directs an organization to cease providing their personal information to third parties for the purposes of targeted advertising.

The regulations implementing the CCPA, as amended by the CPRA, require organizations to process “opt-out

GT Shareholders Gretchen A. Ramos, Co-Chair of the Global Data Privacy & Cybersecurity Practice, and Darren Abernethy will present the CLE webinar, “The Final CCPA Regulations: What You Need To Know,” March 2 at 12:00 p.m. PT. The webinar will provide an overview of key takeaways from the finalized proposed

On Jan. 27, 2023, the California Attorney General announced his office is investigating and sending letters to businesses in the retail, travel, and food industries with popular mobile apps that allegedly are not in compliance with the California Consumer Privacy Act (CCPA) by failing to offer a consumer opt-out mechanism for sales, or honor rights

The regulations implementing the CCPA require that a business verify the identity of a consumer that submits a specific-information access request to a “reasonably high degree of certainty.”[1] The regulations provide as an example matching three pieces of personal information provided by the consumer with three pieces of personal information maintained by the business

The CCPA and its implementing regulations identify six types of information requests that a consumer can submit to a business. As the first five requests ask that a business respond with broad information about the type of information collected (as opposed to the actual information itself), they are often referred to as category-level access requests.

In order to help businesses understand and benchmark industry practice, Greenberg Traurig attorneys analyzed the publicly available privacy policies of companies within the Fortune 500.[1] As of October 2022 – nearly two years after the CCPA took effect – 71% of companies had updated their privacy policies to account for the CCPA.[2] It

Jan. 1 is approaching, and with it comes new requirements under the California Consumer Privacy Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA). What should you and your company be focusing on to ensure you are prepared for the looming compliance deadline? This Data Privacy Dish post offers end-of-year considerations for closing out