If you haven’t already got December 27^th on your calendar, it’s the deadline for updating your documentation for transfers of personal data from the European Economic Area (EEA) to other countries – including the United States. Read our blog post regarding this issue and contact the Mintz Privacy Team if you need assistance. 

Read about how the California Privacy Rights Act (CPRA) will eliminate an exemption that allows employers to exclude some employee and applicant personal information from the reach of the California Consumer Privacy Act (CCPA) as of January 1, 2023.

If you’ve relied on the temporary “exemption” for employee/applicant and business-to-business (B2B) personal information under the California Consumer Privacy Act (CCPA), those exemptions will expire on January 1, 2023.   The California legislature adjourned on August 31 for the 2022 session without adopting legislation to extend those exemptions, and therefore, absent a special legislative session, they will sunset on December 31.

California is leading the way on privacy regulation --- again.   The California State Assembly has passed AB 2273, which, if approved by the California Governor, would require businesses that provide online services, products, or features likely to be accessed by children or teens under the age of 18 to increase their privacy and safety protections.

California Attorney General Rob Bonta has announced a major settlement under the California Consumer Privacy Act (CCPA), and it will cost Sephora, Inc. a whopping $1.2 million in penalties. Pay attention to your email boxes:  in addition to announcing the Sephora settlement, AG Bonta also said that his office today sent notices to “a number of businesses alleging non-compliance relating to their failure to process consumer opt-out requests made via user-enabled global privacy controls, like the GPC.” 

The central tradeoff between a service’s affordability and the user’s right to privacy has been debated for the better part of two decades. The quickest jolt to the regulatory landscape may come via Federal Trade Commission (“FTC” or the “Commission”) enforcement. On August 11, the FTC issued an Advanced Notice of Proposed Rulemaking (“ANPR” or the “Notice”), asking the public to weigh in on whether new regulation is required to protect consumers and crackdown on “commercial surveillance.”

The new California privacy regulatory body, the California Privacy Protection Agency (CPPA), has loudly voiced its opposition to the proposed federal American Data Privacy and Protection Act (ADPPA).   The bottom line for the unanimous opposition:  the ADPPA would preempt California’s privacy laws – both the California Consumer Privacy Act and the California Privacy Rights Act effective as of 1/1/23 – and establishes a ceiling on privacy regulation by states. 

In this second of our two-part blog series on protecting health information post Roe, we discuss legal and practical strategies that health care providers can take to protect the information of their patients. State laws that restrict or criminalize abortions will require significant amounts of health information to enforce, putting new pressure on health care providers caught in the middle of  competing obligations to their patients and to regulatory and law enforcement authorities making lawful requests for this information.