Washington state governor Jay Inslee signed the My Health, My Data Act (the Act) into law on April 27, 2023. Regulated entities are required to comply with most obligations from March 31, 2024 with small businesses being required to comply from June 30, 2024. Prohibitions on geofencing are operative already on July 23, 2023. The Act will be enforceable both by the Washington Attorney General’s Office and through a private right of action. Who is…
Companies around the world should start preparing for the Iowa Consumer Data Protection Act (Iowa Act) with respect to personal data of consumers in Iowa. With the Iowa Act, Iowa follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020 (CCPA), but excludes consumers acting in a commercial or employment context. Businesses that have implemented measures to comply with the CCPA and other US state privacy laws…
In brief If you sell goods and services to consumers through automatically renewing payment plans, free or discounted trials that convert into full plans, or other “negative option features” that interpret a consumer’s silence as permission to keep charging them (collectively, “recurring subscriptions”), you should monitor and consider submitting comments on the Federal Trade Commission’s (“FTC’s”) proposed Negative Option Rule. The proposed rule would impose detailed transparency, consent, simple cancellation and annual reminder requirements on companies…
In this episode, Harry Valetk, is joined by Carlos Dávila-Peniche, based in Mexico City and Daniel Villanueva, based in Guadalajara, to discuss consumer protection in video games with a special focus on age ratings. Join us to hear more about how to meet challenges around age ratings, global classifications, localization expectations, how to comply with age ratings in app stores or console purchases, and much more. https://open.spotify.com/episode/62sFvzANIkICWBFKuwjjwf
The Supreme Court of the United States has addressed a contentious split among federal circuit courts of appeals on the definition of “autodialer” under the Telephone Consumer Protection Act (TCPA) with a decision that should greatly reduce the amount of TCPA litigation in the US. The TCPA prohibits any person from placing phone calls (including text messages) to a wireless number using an “autodialer,” among other things, without the recipient’s prior express consent (or, for…
The European Commission’s New Deal for Consumers will apply to traders that target consumers in the EU from 28 May 2022. Organisations impacted by the New Deal have two years to get into shape – which is advisable, because the New Deal empowers regulators across the EU to impose GDPR-style fines for breaches of consumer legislation. Like the GDPR before it, the changes will affect most functions within businesses affected by the New Deal. Organisations…
The Federal Trade Commission (“FTC”) continues to bring enforcement actions against companies that engage in false advertising and deceptively enrolling consumers in ongoing sales plans without express informed consent – a practice known as “negative option” marketing.On October 24, 2018, the FTC announced that a federal district court in California temporarily enjoined three defendants and the companies they controlled from enrolling consumers in any ongoing sales plan without the consumer’s express informed consent. A negative…
1. Global contextAs noted in the IMF’s “Virtual Currencies and Beyond: Initial Considerations” report released in January 2016: “[Virtual currencies (VCs)] offer many potential benefits, including greater speed and efficiency in making payments and transfers – particularly across borders – and ultimately promoting financial inclusion… At the same time, VCs pose considerable risks as potential vehicles for money laundering, terrorist financing, tax evasion and fraud.”Regulators around the world have begun to focus on this issue…
On 24 February 2016, an amendment to the German Act on Injunctive Relief came into force entitling eligible associations to bring cease and desist actions against companies for violations of certain data protection provisions. So far, in Germany, only affected individuals and data protection authorities (and in some very limited circumstances competitors and consumer associations) had standing to sue companies for data protection infringements. Large technology companies (including non-EU companies) targeting data subjects in Germany…