Author

Jonathan Tam

Browsing

California recently enacted the California Age-Appropriate Design Code Act (“Act”) with the stated intention of requiring businesses to consider the best interests of minors under the age of 18 when designing, developing and providing online services. If your business currently offers online services that are likely to be accessed by minors in California, you should consider starting to prepare Data Protection Impact Assessments in accordance with the Act as soon as possible because the law…

In brief The California Privacy Rights Act of 2020 (CPRA) amended the California Consumer Privacy Act of 2018 (CCPA) with most changes taking effect on 1 January 2023 with a twelve-month look-back. Limited exceptions concerning the personal data of employees and business contacts will expire. The new California Privacy Protection Agency (CPPA) has published draft regulations that will, once finalized, expand on the rules in the statute and existing regulations from the California Attorney General. The CPPA is…

Numerous data privacy and security laws govern the private sector’s collection and use of health data in the USA. These laws vary in scope and substance but some combination of them would probably apply to your company if, for example, it does any of the following in the country: Diagnoses or treats patients’ health conditions;Offers an app intended to promote the health or wellness of consumers;Provides health insurance or helps to process health insurance claims;Collects…

On March 24, the Utah Consumer Privacy Act (UCPA) was signed into law. It will take effect on December 31, 2023. UCPA generally has a narrower scope of application than the California Consumer Privacy Act (CCPA), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the General Data Protection Regulation (GDPR). It has multiple threshold requirements for applicability, excludes Utah residents acting in an employment or commercial context from protection (like…

2022 is looking to be an unprecedented year for California companies’ privacy law obligations. The California Privacy Rights Act (CPRA) takes effect on January 1, 2023, with a twelve-month look-back that also applies to the personal data of employees and business contacts. The new California Privacy Protection Agency is preparing regulations that will sit on top of existing rules from the California Attorney General. Meanwhile, the California Legislature is enacting privacy laws even though it has not…

Whether you are creating new virtual worlds, realities or universes, the digital assets that populate them, or the infrastructure that enable individuals to interact and transact in them, there are numerous legal issues that you may have to navigate. Here are four potential pitfalls that creators of and in the metaverse should avoid. Foregoing Legally Enforceable Contracts. Relying on smart contracts, dapps and other programs exclusively expressed in code to govern transactions between parties can…

In brief The California Privacy Rights Act of 2020 (CPRA) introduces sweeping changes to the California Consumer Privacy Act of 2018 (CCPA), most of which will become operative as of 1 January 2023 with a “look back” to 1 January 2022. Some key revisions include:  A new definition of “sensitive personal information” and detailed obligations regarding the processing of sensitive personal information for non-essential purposes; A new and counterintuitive definition of “sharing” personal information and related restrictions aimed…

In the privacy world, there is no rest for the weary. In California, while most companies were just getting their programs running to address the California Consumer Privacy Act (“CCPA”), including some last minute changes to address the final version of the regulations issued in late fall 2020, the California Privacy Rights Act (“CPRA”) was officially certified on December 16, 2020 following voter approval in another privacy referendum in the November 2020 elections. CPRA sharpens…

Based on preliminary election results, Californians voted to enact the California Privacy Rights Act (“CPRA”), expanding and revising the California Consumer Privacy Act of 2018 (“CCPA”) effective January 1, 2023 with a one-year look-back to January 1, 2022 for some provisions. Companies around the world with business ties to California should start updating vendor contracts and prepare for new requirements under the statute and revised regulations to be issued by a new California Privacy Protection…

What does this mean for covered businesses? Two important privacy law developments took place last week in California. On 10 October 2019, the California Attorney General (AG) published its proposed regulations under the California Consumer Privacy Act (CCPA), and on 11 October 2019, Governor Gavin Newsom signed several bills that were passed in mid-September amending the CCPA (click here for a summary of those amendments). In this alert, we summarize some of the key requirements…