Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not

New regulations to the California Consumer Privacy Act (CCPA) took effect in March that prohibit businesses from using on their websites “dark patterns” that make it difficult for California consumers to opt out of the sale of their personal information.

A dark pattern is a potentially manipulative user interface design that can have the effect,

Join GT Of Counsel Darren Abernethy as he presents the session “Privacy, Digital Advertising and What’s Next” during the PrivacyConnect San Francisco webinar on Thursday, April 15 at 9:00 a.m. PST.

PrivacyConnect is a free, virtual series that provides an overview of the latest global regulatory updates, requirements, and trends. Through an interactive format attendees

What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed

The CPRA amended the CCPA’s definition of a service provider such that, beginning Jan. 1, 2023, a service provider could include any person (not just a legal entity), and a service provider could be a business that receives personal information “on behalf of” another business. The CPRA also added the requirement that written contracts contain

The California Online Privacy Protection Act (CalOPPA) requires operators of some commercial websites to disclose whether they respond to “Web browser ‘do not track’ signals or other mechanisms that provide consumer the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party Web

In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:

  1. Retaining the personal information “for any purpose other than for the specific purpose of performing the services specified in the contract . . . or

The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or