Modern U.S. data privacy laws (e.g., the California Consumer Privacy Act, the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act) will impose three types of obligations upon companies that engage in profiling when they go into effect in 2023.
First, the general rights given to individuals under modern
Possibly.
While modern privacy statutes in the United States and Europe adopt a similar definition of “profiling,” the term has yet to be judicially interpreted or applied in the United States. Within Europe, the Article 29 Working Party took the position that for an action to constitute profiling three elements must be met:
Modern privacy statutes create special rules for activities that involve “profiling.” As the following chart indicates, the term is defined in a similar way between modern United States and European privacy statutes:
| Source | GDPR | CCPA | CPRA (effective 2023) | VCDPA (effective 2023) | CPA (effective 2023) |
| Term | Profiling | Profiling | Profiling | Profiling | Profiling |
| Definition | “Profiling” means any form |
The Virginia Consumer Data Protection Act, which is scheduled to go into effect in 2023, states that a consumer has the right to “opt out of the processing of the personal data for purposes of [] targeted advertising . . . .”1 Unlike other state statutes, such as the CPRA, the Virginia Consumer Data
Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not
On Sept. 15, join GT Data, Privacy & Cybersecurity Shareholder David Zetoony and Associate Karin Ross for their myLawCLE presentation, “What Is Considered Sensitive Personal Information?”, co-sponsored with the Federal Bar Association.
The term “sensitive personal information” is often referred to in contracts, regulatory guidance, and policy documents. What constitutes sensitive personal information,
The Gramm–Leach–Bliley Act (GLBA) and its implementing regulations impose privacy requirements when financial institutions collect “nonpublic personal information about individuals who obtain financial products or services primarily for personal, family, or household purposes.”[1] GLBA does not apply, however, when a financial institution collects information about individuals “who obtain financial products or services for business,
Colorado is the third state, after California and Virginia, to get a comprehensive data privacy statute through its legislature. While the Colorado Privacy Act (CPA) awaits signature by Gov. Polis, businesses are assessing to what extent the CPA will impact their privacy programs.
The following provides a high-level cross-reference to help companies compare and contrast
Some privacy statutes explicitly reference “sensitive” or “special” categories of personal information. While such terms, when used, often include similar data types that are generally considered as raising greater privacy risks to data subjects if disclosed, the exact categories that fall under those rubrics differ between and among statutes. Furthermore, other privacy statutes do not
On Thursday, May 20 at 8:00 a.m. PST (11:00 a.m. EST), Gretchen Ramos, global co-chair of Greenberg Traurig’s Data, Privacy & Cybersecurity Practice, will be a panelist at the Global Privacy Summit Online 2021 Expert Bar session, titled “CCPA, CPRA & CDPA: Implementation Tips & Tricks.” The session will provide practical considerations for passed