Editor's Note: In the U.S. laws and regulation space, the California attorney general announced the first-ever CCPA settlement, the California Privacy Protection Agency raised objections to the ADPPA, and the FTC announced advance notice of a proposed rulemaking aimed at commercial surveillance and data security. Meanwhile, the California legislature passed the Age-Appropriate Design Code Act. In U.S. litigation, Meta settled a class action over tracking and requested attorneys' fees in a data scraping suit. In international regulation and enforcement, Europe's top court provided a ruling on sensitive data, and Norway requested fines for Facebook's alleged illegal transfer of data.
California AG Issues First-Ever CCPA Settlement. On August 24, California Attorney General Rob Bonta announced a settlement with Sephora for $1.2 million. AG Bonta alleged that Sephora (1) failed to disclose that it sells data; (2) engaged in the unlawful sale of personal information, including exchanging data with third parties for analytics information; (3) failed to post a "Do Not Sell My Personal Information" link on its website and homepage; and (4) failed to respond to or process consumer opt-outs in accordance with global privacy controls. AG Bonta also released information about several other California Consumer Privacy Act (CCPA) enforcement examples regarding notice of alleged noncompliance, addressing adequate privacy policies, notices of financial incentives, and consumer requests procedures. To review important lessons learned from these announcements, check out Troutman Pepper's analysis.
CPPA Circulates Letter on ADPPA. On August 15, the California Privacy Protection Agency (CPPA) issued a letter against H.R. 8152, the American Data Privacy and Protection Act (ADPPA). As a comprehensive federal privacy bill, the ADPPA would largely ..
Support the originator by clicking the read the rest link below.
