The California Attorney General was asked to clarify whether the use of “website cookies shared with third parties” constituted the sale of personal information. The Attorney General declined to answer, stating only that whether a particular situation constitutes the sale of information “raises specific legal questions that would require a fact-specific determination, including whether or not there was monetary or other valuable considerations involved, the consumer directed the business to intentionally disclose the personal information,…

Virginia is poised to be the second state, after California, to pass comprehensive data privacy legislation. The Virginia Consumer Data Protection Act passed the Senate and the House of Delegates on Feb. 24, 2021, and now awaits the approval of Governor Northam. Although the Virginia statute will not take effect until Jan. 1, 2023, companies that have come into compliance with the CCPA are already assessing the impact that the Virginia legislation will have on…

While there is relatively little publicly available empirical data concerning website visitors’ interactions with cookie banners, the data that does exist indicates that user acceptance rates are significantly greater depending upon how many options are presented to a website visitor. For example, in one study researchers placed a cookie banner on a website that provided only two options – accept or reject cookies.1 They then placed a cookie banner on the same website that…

Global law firm Greenberg Traurig, LLP has been identified as the top “Legal Influencer” for Q4 2020 in the field of U.S. Technology, Media and Telecommunications law by Lexology, the most comprehensive source of international legal updates, analysis and insights. Co-Chair of the firm’s U.S. Data, Privacy and Cybersecurity Practice David A. Zetoony was also individually recognized as the top “Legal Influencer” in the field. U.S. Technology, Media and Telecommunications includes, among other things, the fast…

In late January, California’s Attorney General (AG) tweeted about the use of the new Global Privacy Control (GPC), informing California consumers that on certain browsers they can use GPC as a “stop selling my data switch” to exercise their right to opt out of the sale of their personal information (PI) in one step – rather than on an individual site basis. As the GPC is not yet a finalized standard, it remains uncertain as…

Businesses often struggle with how to display cookie banners given the complexities of conveying information to individuals that may lack technical expertise, and “banner fatigue” – a term which describes the reality that consumers presented with pop-ups and cookie banners across different websites may not spend time to read each banner before attempting to close the banner. Businesses that choose to display a cookie banner that seeks opt-in consent also struggle with how to encourage…

The European Data Protection Board (EDPB) issued draft practical guidance on various types of data breaches to assist companies with identifying situations in which a data security incident may need to be reported to EU supervisory authorities (the government regulator for privacy in various EU member countries) and to the individuals themselves. One example discussed in the guidance relates to credential stuffing, i.e., attempts to log in to online accounts using stolen usernames and passwords.…