
state privacy laws


Darren Abernethy Featured on The Privacy Advisor Podcast
GT Shareholder Darren Abernethy is featured on an episode of The Privacy Advisor Podcast, hosted by the International Association of Privacy Professionals (IAPP).
Amid the rapidly evolving landscape of U.S. state privacy laws, Darren discusses privacy litigation trends, shedding light on novel theories emerging from the plaintiff’s bar including issues related to pen registers, chatbots…

May 8-10 EVENT | Privacy + Security Forum 2024 Spring Academy
Greenberg Traurig is a sponsor of the Privacy + Security Forum 2024 Spring Academy May 8-10 in Washington, D.C. The conference will break down the silos of privacy and security and bring together seasoned thought leaders hosting panels and workshops designed to deliver practical takeaways for conference participants.
On May 10, Greenberg Traurig Shareholder Ian…

Are the volume thresholds in privacy statutes triggered by the number of in-state IP addresses that visit an organization’s website?
Probably not.
Most modern state privacy laws attempt to carve out organizations that process de minimis amounts of personal information, or whose business activities do not monetize data. While the specific thresholds differ between states, many of the new statutes only apply to organizations that control or process personal information relating to at least 100,000…

Oct. 4 WEBINAR | Artificial Intelligence and Data Privacy: The current (and often hidden) U.S. and European framework for regulating AI
Greenberg Traurig Shareholders Reena Bajowala and David Zetoony, Co-Chair of the firm’s U.S. Data Privacy & Cybersecurity Practice, will present the MyLawCLE and Federal Bar Association webinar, “Artificial Intelligence and Data Privacy: The current (and often hidden) United States and European framework for regulating AI,” Wednesday, Oct. 4 at 11 a.m. CT.…

What is ‘publicly available information’ under the state privacy laws?
Most modern U.S. state data privacy laws exempt from their definition of personal information “publicly available information.” What constitutes publicly available information differs between state privacy laws and may not correlate to the lay definition understood by many businesses and individuals. For example, while some businesses may consider information that is available on the internet…

Update: Processing Sensitive Personal Information under U.S. State Privacy Laws
As of now, 12 states (CA, CO, CT, DE, IA, IN, MT, OR, TN, TX, UT, and VA) have passed comprehensive privacy laws that are in effect (CA, CT, CO, and VA), or are about to go into effect sometime soon (DE, IA, IN, MT, OR, TN, TX, and UT). If any of these laws…

How do state privacy statutes differ in their definitions of ‘targeted advertising’?
Most modern U.S. data privacy statutes require companies to allow data subjects to opt out of having their personal information (PI) used for targeted advertising. As the following chart indicates, the term “targeted advertising” is defined consistently between and among most state statutes with the notable exception of the California Consumer Privacy Act (CCPA) and…

How do state statutes differ in terms of their ‘targeted advertising’ exemptions?
The term “targeted advertising” is defined relatively consistently between and among modern U.S. data privacy statutes with the notable exception of California which deviates somewhat in the California Privacy Rights Act’s (CPRA) definition of the similar term “cross-context behavioral advertising” by omitting any reference to tracking a person over time or making predictions about a…

California Privacy Regulators Move Forward with Enforcement of the CCPA
Following on the heels of a California Superior Court’s last minute ruling that stayed enforcement of the revised California Consumer Privacy Act (CCPA) regulations, as previously discussed on this blog, California’s data privacy regulators have responded in ways that confirm they are more committed than ever to holding businesses accountable for alleged violations…