In March, the Federal Trade Commission announced proposed updates to two key privacy and security regulations, the Safeguards Rule and Privacy Rule. Both rules implement regulations under the federal Gramm Leach Bliley Act, and the FTC seeks comments for both. The FTC’s proposed update to the Safeguards Rule would impose a number of information security […]
Privacy
The Supreme Court Signals Further Review of Article III Standing
The Supreme Court recently issued an opinion concerning the requirements for Article III standing for statutory violations under the Stored Communications Act (SCA). In Frank v. Gaos, the Supreme Court in a per curiam decision remanded a class action settlement because there remained a standing issue in light of Spokeo v. Robins. While the Supreme […]
Washington Privacy Act Passes State Senate Laying Pathway for the Bill to Become the Second Comprehensive State Privacy Act
On March 6, the Washington state Senate voted 46-1 to approve the Washington Privacy Act (WPA or the Act), otherwise known as SB 5376. If the bill passes the House, the bill would become the second comprehensive state privacy legislation behind the California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020. The […]
Proposed Amendment to California Consumer Privacy Act Would Expand Private Right of Action
On February 25, California’s Attorney General Xavier Becerra and Senator Hannah-Beth Jackson introduced new legislation to amend the California Consumer Privacy Act (CCPA). The CCPA as currently enacted establishes a private right of action for consumers impacted by cyber security breaches. The amendment, known as SB-561, would expand the private right of action to cover any violation of […]
Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration
As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data. One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users. The amount […]