On Aug. 2, 2024, Illinois Gov. J.B. Pritzker signed SB 2979 into law, amending BIPA in two ways: significantly limiting potential damages and updating the Act’s definition of “written release” to include an “electronic signature.”
State Law
Darren Abernethy Featured on The Privacy Advisor Podcast
GT Shareholder Darren Abernethy is featured on an episode of The Privacy Advisor Podcast, hosted by the International Association of Privacy Professionals (IAPP).
Amid the rapidly evolving landscape of U.S. state privacy laws, Darren discusses privacy litigation trends, shedding light on novel theories emerging from the plaintiff’s bar including issues related to pen registers, chatbots…
Operational Takeaways from the Latest CCPA Enforcement Settlement (Hint: SDKs and Consent for Children’s Data Don’t Just Live in a Pineapple Under the Sea…)
The California Attorney General and Los Angeles City Attorney last week jointly settled an enforcement action against a mobile gaming company (“the Company”) for alleged violations of the Children’s Online Privacy Protection Act (COPPA), the California Consumer Privacy Act (CCPA), and the state’s Unfair Competition Law. The city and…
What You Need to Know About Colorado’s New Comprehensive AI Law
On May 8, 2024, Colorado’s legislature enacted “An Act Concerning Consumer Protections in Interactions with Artificial Intelligence Systems” (SB205), a state law that comprehensively regulates the use of certain “Artificial Intelligence (AI)” systems.[1] The law is aimed at addressing AI bias, establishing a requirement of human oversight throughout the life cycle of…
Nov. 8-10 EVENT | 2023 Privacy + Security Forum Fall Academy
Greenberg Traurig is a sponsor of the 2023 Privacy + Security Forum Fall Academy at the George Washington University Nov. 8-10, 2023. The conference will break down the silos of privacy and security and bring together seasoned thought leaders for in-depth sessions and workshops designed to deliver practical takeaways for conference participants.
Greenberg Traurig Shareholder…
Are the volume thresholds in privacy statutes triggered by the number of in-state IP addresses that visit an organization’s website?
Probably not.
Most modern state privacy laws attempt to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. While the specific thresholds differ between states, many of the new statutes only apply to organizations that control or process personal information relating to at least 100,000…
Oct. 4 WEBINAR | Artificial Intelligence and Data Privacy: The current (and often hidden) U.S. and European framework for regulating AI
Greenberg Traurig Shareholders Reena Bajowala and David Zetoony, Co-Chair of the firm’s U.S. Data Privacy & Cybersecurity Practice, will present the MyLawCLE and Federal Bar Association webinar, “Artificial Intelligence and Data Privacy: The current (and often hidden) United States and European framework for regulating AI,” Wednesday, Oct. 4 at 11 a.m. CT.…
Update: Processing Sensitive Personal Information under U.S. State Privacy Laws
As of now, 12 states (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, and VA) have passed comprehensive privacy laws that are in effect (CA, CT, CO, and VA), or are about to go into effect sometime soon (DE, IA, IN, MT, OR, TN, TX, and UT). If any of these laws…
How do state privacy statutes differ in their definitions of ‘targeted advertising’?
Most modern U.S. data privacy statutes require companies to allow data subjects to opt out of having their personal information (PI) used for targeted advertising. As the following chart indicates, the term “targeted advertising” is defined consistently between and among most state statutes with the notable exception of the California Consumer Privacy Act (CCPA) and…
How do state statutes differ in terms of their ‘targeted advertising’ exemptions?
The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the notable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time or making predictions about a…