Boris Segalis

The California Privacy Protection Agency (CPPA) Enforcement Division has issued a new advisory on dark patterns.  Under the California Consumer Privacy Act (CCPA), "dark patterns" refer to user interfaces designed to confuse or mislead consumers about their privacy choices. For example, if opt-out options are unclear or hard to find, they might be considered dark patterns. Businesses must offer consumers clear and easy-to-understand choices to exercise their privacy rights. Michael Macko, Deputy Director of the CPPA’s Enforcement Division said, “Dark patterns aren’t about intent, they’re about effect. The law gives consumers the right to make privacy choices without jumping through confusing hoops.” CPPA’s Enforcement Division regularly issues advisories on aspects of the CCPA. These advisories help educate the public and businesses about their rights and responsibilities under the law.    To learn more and read the Enforcement Advisory, visit: https://lnkd.in/gTff_KKZ  

110

3 Comments

Data privacy partner John Rolecki teamed up with with Michael Cole of Mercedes-Benz Research & Development North America, Inc. to co-author an insightful article for the International Association of Privacy Professionals regarding the intersection of privacy laws and artificial intelligence (AI). In their article, John and Michael explore the crucial balance between artificial intelligence (AI) innovation and essential privacy principles, sharing their collective expertise with the data privacy community. https://lnkd.in/gVmERj7F #DataPrivacy #AI #PrivacyProfessionals #IAPP

15

𝗖𝗮𝗹𝗶𝗳𝗼𝗿𝗻𝗶𝗮 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻 𝗔𝗴𝗲𝗻𝗰𝘆 𝗔𝗱𝘃𝗮𝗻𝗰𝗲𝘀 𝗔𝗜 𝗥𝗲𝗴𝘂𝗹𝗮𝘁𝗶𝗼𝗻𝘀 The California Privacy Protection Agency (CPPA) has signaled it will advance rulemaking at its upcoming November 8 board meeting to place restrictions on the use of automated decision-making technology (ADMT) and impose new obligations to require businesses to conduct cybersecurity audits and risk assessments. The agency has grappled with these issues for more than two years, including soliciting formal comments in a February 2023 invitation for preliminary comments and conducting other stakeholder outreach. For more details on the upcoming regulations, check out the latest Ad Law Access article from Alysa Hutnik, Aaron Burstein, and Alexander Schneider: https://lnkd.in/e3zNVDE7 #CaliforniaPrivacy #CyberSecurity #AI #CPPA #RegulatoryUpdates #ADMT #DataProtection #KelleyDrye

11

Vermont passes data privacy law allowing consumers to sue companies. Why it matters: 1. Vermont's new comprehensive data privacy law allows individuals to sue companies for privacy rights violations, setting a precedent among existing state laws. This element significantly restricts the type of personal data companies can collect and prohibits the sale of sensitive consumer information. 2. The law's reauthorization requirement after two years, and its exclusive application to large data brokers, illustrates a balanced, proactive approach toward corporate accountability in issues of privacy infringement and potential discrimination. 3. This legislation strengthens pushback against the surveillance economy and could influence the ongoing political dialogue on a federal comprehensive data privacy bill. Vermont's enactment underlines the increasing role that states play in shaping data privacy regulation in the absence of federal legislation. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/e78qXZXF

3

Catch up on this week’s privacy news from around the world! 🌐 Here are a few highlights from October 28 - November 1, 2024: 🔑 FCC & CPPA Join Forces: The FCC and CPPA signed an MOU to strengthen privacy law enforcement and protect consumer privacy. 📊 Massachusetts Clarifies Web Tracking: Massachusetts’ Supreme Court ruled that web tracking does not violate the state’s Wiretap Act, clarifying how user interactions with websites are defined. 🇨🇦 Canada Issues New Data Scraping Guidance: Canada’s Privacy Commissioner, with international regulators, has set guidelines for social media platforms to improve protections against mass data scraping, especially for AI model development. Stay informed on the latest in privacy by checking out the full report 👉 https://lnkd.in/g3tYGiJB #ThisWeekInPrivacy #PrivacyNews #DataProtection #TrustArc

15

On September 4, the California Privacy Protection Agency (CPPA) issued an Enforcement Advisory highlighting the issue of dark patterns under the California Consumer Privacy Act (CCPA). These dark patterns refer to user interfaces that manipulate or impair consumers' autonomy when making privacy choices, such as opting out of personal information sales or sharing. Key Highlights of the Advisory: - Dark Patterns: The term refers to design elements in user interfaces that mislead or confuse consumers, affecting their ability to make informed decisions about their privacy rights. - Clarity and Balance: Businesses must provide clear and balanced options for consumers when it comes to privacy choices, such as opting out of data sharing or sales. If the design causes confusion, it may violate the CCPA. - User Interface Review: The CPPA urges businesses to ensure their interfaces: - Offer symmetrical choices. - Use easy-to-understand language when presenting privacy options. For more updates on privacy and regulatory compliance, follow Global Regulatory Insights, unlock cutting-edge legal intelligence with a free subscription to our platform — join us today. Visit https://lnkd.in/gZmkUPim to know more. #PrivacyProtection #CCPA #DarkPatterns #UserRights #GRI

3

California agency proposes updates to consumer privacy regulations: On November 22, the California Privacy Protection Agency (the Agency) published its NPRM proposing amendments to existing regulations under the California Consumer Privacy Act (CCPA). These changes aim to enhance state consumer privacy laws by updating existing regulations, clarifying insurance company compliance with the CCPA, and operationalizing requirements for annual cybersecurity audits, risk assessments, and consumer rights regarding automated decision-making technology. The Agency also... By: Orrick, Herrington & Sutcliffe LLP #dataprotection #dataprivacy #privacy

4

🌍🔍In today's interconnected world, cross-border investigations are more common than ever, but handling data across jurisdictions with varying privacy laws and data transfer regulations can be a daunting task.🌐 From GDPR (General Data Protection Regulation) to CCPA (California Consumer Privacy Act) in California, understanding and complying with these diverse legal frameworks is crucial. 🕵️‍♀️ A single slip-up can derail your efforts & lead to hefty fines. 🔑The key to success lies in precise data management practices that ensure compliance while facilitating seamless data transfers. Advanced case management tools automate compliance checks and secure data handling protocols. You can navigate the complexities of cross-border data management while staying on the right side of the law to uncover critical insights.💼📊 Let's connect and discuss strategies for successfully navigating the complex world of cross-border data management. Comment below to know more!

10

Vermont governor rejects state’s tough data privacy bill. Why it matters: 1. Vermont's comprehensive consumer privacy legislation, if enacted, would significantly enhance data privacy protection, allowing individuals to sue companies for data rights violations. However, Governor Phil Scott vetoed the legislation, citing its potential for burdening businesses. 2. Despite the veto, the General Assembly has the power to override it with a two-thirds vote. If successful, Vermont would join the less than twenty states offering comprehensive data privacy rights. In comparison, the majority have weaker privacy laws. 3. The Governor advocates for a model similar to Connecticut's state data privacy legislation, highlighting regional consistency's benefit for both consumers and the economy. Critics argue that Connecticut's law maintains the status quo and lacks strong privacy language. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/ehE4Gzti

1

🆔 Advertisers pay attention: #CCPA just got a competitor for being the strictest #Data law passed, Vermont Data Privacy Act just passed toughest US consumer data laws. This is likely to set legal precedent. 🧑‍⚖️ 🙋🙋‍♀️The biggest points are the bill prohibits the sale of sensitive data, such as social security and drivers’ license numbers, financial or health information. It also sets meaningful limits on the amount of personal data that companies can collect and use, according to the nonprofit Electronic Privacy Information Center based in Washington, D.C. 🌏 Now more then a dozen states that have comprehensive data privacy laws. Vermont’s is “among the strongest, if not the strongest” in the country, said Caitriona Fitzgerald deputy director of EPIC. 🇺🇸 🌐The need for a #IDLess comprehensive #PrivacyAds solution is not an option it’s coming, and we’re calling on #Publishers and #Brands who want to connect and build into our IDFree and Google Privacy Sandbox solution. 🆔 The bill will now allow consumers an ability to sue, and this will continue to put more legal pressures on states and courts that can’t handle. L.L.Bean Dealer.com Stephen Smith John Lacy Burton Snowboards Orvis Simon Perkins Heritage Aviation University of Vermont Suresh Garimella Rob Emrich RJ Nicolosi Cedric Peillet Michael Lamb Chris Watts Emma Raz REI Eric Artz Michael Greene Michael Anastasi Steve St.Andre Data Privacy , Consumer Data Privacy Sequoia Capital Greylock Capital One Charles A. Joseph Reid Ashley Reckmeyer Bill Zadeits Forbes Forbes CMO Network Forbes Business Council YPO Kerin Morrison Automotive News AdExchanger Tech News Alyssa Boyle Credit: AP News #DataPrivacy #Marketing #BrandTrust #DigitalAdvertising #CustomerData #Adtech #martech https://lnkd.in/e5vnrBZM

4

💡 News Update 💡 The Office of the New York State Attorney General recently unveiled what was recently discussed at a symposium, and it reveals significant steps in how New York and other jurisdictions might regulate artificial intelligence (AI) moving forward. The symposium was titled “The Next Decade of Generative AI: Fostering Opportunities While Regulating Risks.” This event, which focused on the rapidly evolving field of generative AI, brought together academics, policymakers, advocates, and industry representatives to discuss the opportunities and risks posed by AI, especially in generative models. #ai #generativeai #ethics #ny https://lnkd.in/gZP6xN3s

4

📢 New resource alert: Navigating US sensitive data privacy Sourcepoint is excited to announce our latest guide: "Navigating the maze: US privacy laws and sensitive data" This comprehensive resource covers: • How different US laws define sensitive data • Key enforcement agencies and recent actions • Best practices for processing sensitive information • A step-by-step framework for evaluating your data practices Download the PDF now to ensure your organization is prepared for the evolving US privacy landscape: https://hubs.ly/Q02H-T310

2

1 Comment

Check out these insights! Thanks, James E. Lee, for your suggestion.

3

Eyeing a major shift in data control? The American Privacy Rights Act (APRA), a reworked federal privacy bill, just cleared a key House subcommittee. This is a significant development, but the path to becoming law remains to be seen. The APRA aims to empower Americans with greater control over their personal data, dictating how businesses collect and leverage it. Additionally, it strengthens online privacy safeguards for children. While some hail this as a victory for consumer rights, others express concerns about potential impacts on innovation or the bill's overall effectiveness. What's your take...does the APRA represent a positive step forward, or is it a missed opportunity? #privacy #APRA #dataprivacy #cybersecurity

5