Blog

Recent Blog Posts

• California Appeals Court Empowers Privacy Agency to Immediately Enforce CCPA Regulations In California Privacy Protection Agency et al. v. The Superior Court of Sacramento County (case number C099130), the Third Appellate District of the California Court of Appeal returned authority to the California Privacy Protection Agency (CPPA) to enforce the regulations promulgated under California’s groundbreaking consumer data privacy law, the California Consumer Privacy Act (CCPA, as amended by the California Privacy Rights Act (CPRA)).  The California Chamber of Commerce had challenged the CPPA’s timeline for enforcing its newly finalized regulations, arguing that the agency... More
• Nonprofits’ Use of Artificial Intelligence Systems: Intellectual Property and Data Privacy Concerns In today’s rapidly changing technological landscape, artificial intelligence (AI) is making headlines and being discussed constantly. To be sure, AI provides a powerful tool to nonprofits in creating content and exploiting it for countless cost-effective purposes. As nonprofit executives, you may wonder how AI intersects with intellectual property and data privacy law and how it could affect your organization. While the full extent of the implications will only be fully understood after some history with the use of AI, some... More
• I Always Feel Like AI Is Watching Me: Artificial Intelligence and Privacy ChatGPT got the early press, and every day we learn of new generative artificial intelligence products that can create new and creative visual and text responses to human input. Following on ChatGPT’s fame, Google’s Bard and Microsoft’s Bing are now grabbing some of the spotlight, but these are merely a few of the hundreds if not thousands of generative artificial intelligence products currently available or in development—there is no question that generative AI is here to stay. Indeed, social media... More
• Privacy Policy Best Practices for Nonprofits It was my pleasure to join Farella exempt organizations partner and host of the EO Radio Show podcast, Cynthia Rowland, for a discussion on privacy laws and how they affect information collection and online activities by nonprofits. We begin our conversation with some basic background on when a nonprofit needs a privacy policy on its website and how to think about what should be posted on the website, and where. The current privacy requirements in California do not currently apply to most nonprofit... More
• Employee Data Under the CCPA: Expiration of Employer Exemptions Requires Compliance as of January 1, 2023 Since the California Consumer Privacy Act (“CCPA”) was passed in 2018, employers have been watching carefully to see how the law will apply to data collected and maintained about their employees. Up until now, employment data had been exempted from most of the CCPA’s requirements. But the new amendments to the CCPA embodied in the California Privacy Rights Act (“CPRA”) come into effect on January 1, 2023, and that, coupled with the fact that the legislature failed to extend the... More
• Twists in the Plot: California AG Releases Final CCPA Regulations With a little time to consider the finalized California Consumer Privacy Act regulations released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some thoughtful additional analysis) took place that led to some unexpected changes. The lion’s share of the regulation requirements have been discussed in depth, so let’s just focus on the following noteworthy changes: Language for Do Not Sell Link. Prior versions enabled companies selling personal information to include a link reading “Do... More
• Reopening Plans and Recommended Protocols Beg New Privacy Issues While far from getting us back to any kind of normal that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously closed “nonessential” businesses are returning to operations. With such openings, governmental entities, trade organizations, and others are wisely recommending protocols, including using wellness screenings, in an effort to lower the risk that such reopenings result in a reversal of trends that have flattened the infection curve. While such protocols focus on ensuring the health... More
• Senate Democrats Release Competing COVID-19 Privacy Bill Democratic Senators Richard Blumenthal and Mark Warner have introduced the Public Health Emergency Privacy Act in response to the bill of the same subject released by Senate Republicans (the COVID-19 Consumer Data Protection Act) at the end of last month. As with the CCDPA, the PHEPA regulates the collection of emergency health data. While the respective bills differ in many ways, the most glaring distinctions focus (not surprisingly) on enforcement, preemption, and certain uses of data. While both measures provide for enforcement by the FTC and... More
• Signatures Submitted for Inclusion of New California Privacy Law on November Ballot Californians for Consumer Privacy has announced that it has secured and submitted enough signatures to qualify its California Privacy Rights Act (“CPRA”) for inclusion on California’s November 2020 ballot. Alistair Mactaggart, the architect behind the ballot initiative that led to the California legislature’s adoption of the CCPA, pushed forward with the CPRA to amend perceived issues and shortcomings in the CCPA. Among other things, the CPRA would Generally increase transparency and consumer control of personal data held by an entity subject to... More
• Federal “COVID-19 Consumer Data Protection Act” Proposed A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis. While numerous companies and governments have developed and deployed apps and programs to track individuals and trace contacts between individuals in furtherance of the laudable goal of helping to better understand and address the pandemic, there have been concerns that such data could be collected without proper... More