On March 15, 2023 the Colorado Attorney General’s Office announced the finalization of the Colorado Privacy Act Rules (“Rules”). The Rules implement the Colorado Privacy Act (CPA), a comprehensive privacy law enacted in 2021. Both the CPA and the Rules will enter into effect on July 1, 2023. The key provisions of the Rules remain […]

On March 1, the Utah state legislature advanced two bills that will, starting March 1, 2024, regulate how social media companies interact with users under the age of 18. The two bills were signed into law by Governor Spencer Cox (R-UT) on March 23, 2024.  SB 152, the Utah Social Media Regulation Act, will: Prohibit […]

On February 14, 2023 the California Privacy Protection Agency (CPPA) submitted its approved California Privacy Rights Act (CPRA) rulemaking package to California’s Office of Administrative Law (OAL) for a final 30-day review. Along with the rule package was sent a “Written Justification for Earlier Effective Date and Request for Expedited Review” asking for the regulations […]

On January 31, the California Privacy Protection Agency Board (CPPA) published agenda items for its Feb. 3 meeting, including the final draft of its proposed California Privacy Rights Act (CPRA) regulations.The final draft CPRA regulations were adopted by the CPPA Board without additional edits at its Feb. 3 meeting. The final vote to adopt triggers […]

On January 28, the California Attorney General (AG) announced an investigative sweep of many businesses’ mobile applications (“app”) that allegedly fail to meet the requirements of the California Consumer Privacy Act (CCPA). The announcement was timed to coincide with Data Privacy Day (January 28) – the annual day aiming to raise awareness and promote best […]

The Colorado Attorney General (AG) released second-round, revised draft regulations (“revised draft rules”) on January 27 as a basis to guide implementation of the Colorado Privacy Act (CPA). The revised draft rules are based on public feedback received by the Colorado AG through Jan. 18, 2023. The revised draft rules modify the originally published draft […]

On December 21, 2022, the Colorado Attorney General (AG) released the second set of draft regulations to the Colorado Privacy Act (CPA). In this draft, the AG is asking public stakeholders for specific input on five different topics: (1) clarifications to definitions; (2) use of IP addresses to verify consumer requests; (3) a universal opt-out […]

With 2022 almost coming to a close, the end-of-year chaos and impacts of procrastination that routinely affect Congress and the Administration this time of year are in full swing. The details are still scant on what is included in Congress’ announced FY 2023 $1.7 trillion spending bill deal. The results of the 2022 Midterm Elections […]

The Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) issued a new guidance bulletin regarding the use of online tracking technologies (i.e. cookies, web beacons and pixels) by covered entities and business associates under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Under 45 CFR 160.103, […]

On November 21, the 4A’s submitted a written comment letter to the Federal Trade Commission’s (FTC) initial rulemaking on consumer data privacy. The 4A’s written comments focused on 1) pushing back against the FTC’s preconceived notion that all commercial data practices (even by responsible commercial entities that promote consumer choice) are “commercial surveillance;” 2) the […]

While political strategists forecasted a Red Wave sweeping across the country, as historically the President’s party usually suffers big losses, voters in the 2022 midterm elections delivered a different message. As anticipated, Democrats lost control of the House, but not by as wide of a margin as projected. The election showed that candidate quality matters, […]

The California Privacy Protection Agency (CPPA) released updated California Privacy Rights Act draft regulations with a summary of the newest changes on October 17. These modifications are the first round of changes to the initial draft rules released by the agency on May 27. These specific regulations cover select topics under the California Privacy Rights […]