On Wednesday, April 21 at 1:00 p.m. EST, join GT Shareholder David A. Zetoony, co-chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice, for a Federal Bar Association webinar on “AdTech, Cookies, Wiretapping, and Banners: The impact of changing laws and changing technology on the world of cookies.”
The program will provide the
What are the differences between the CCPA and the CPRA, and how do these two California privacy acts resemble the European GDPR? Is now the time to adopt a data privacy framework instead of trying to comply with state statutes like the CPRA? David Zetoony and Victor Monga, Governor of ISACA Orange County, recently discussed
The CCPA includes a non-exhaustive list of data types that may fall under the definition of personal information. One of those data types is “biometric information.”1
While the CCPA provides a definition of “biometric information,” it is worth noting that the CCPA’s definition differs from the definition of the term in other statutes and
Section 1798.150 of the CCPA permits consumers to “institute a civil action” if consumer “personal information, as defined in subparagraph (A) of paragraph (1) of subdivision (d) of Section 1798.81.5, is subject to unauthorized access and exfiltration, theft, or disclosure,” and where that unauthorized access was “a result of the business’s violation” of a duty
The CPRA amended the CCPA’s definition of a service provider such that, beginning Jan. 1, 2023, a service provider could include any person (not just a legal entity), and a service provider could be a business that receives personal information “on behalf of” another business. The CPRA also added the requirement that written contracts contain
In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:
In order to be considered a service provider under the CCPA, a legal entity must process personal information “on behalf of a business”[1] and be prohibited by contract from:
On March 2, 2021, Virginia Gov. Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA) into law, making Virginia the second state to have comprehensive data privacy legislation on the books. The CDPA is similar to the privacy regime enacted under the California Consumer Privacy Act (CCPA) and expanded under the California Privacy Rights
In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step –
The CCPA contains several references to the obligation of a business to, in response to an access request, provide the “specific pieces of personal information” that it has collected about a California resident.1 Each of those sections is modified by California Civil Code Section 1798.130(a)(2), which states that “the disclosure” required by a business