A Florida privacy bill, resembling one passed last year in Nevada, would introduce significant new privacy notice requirements for Florida operators similar to the California Consumer Privacy Act, and require giving consumers the ability to opt out of a sale of information. The privacy “notice” would need to include several items.  Most importantly, the operator would have to disclose “the categories of covered information that the operator collects through its website or online service about…

“We see your CCPA and we raise you some GDPR,”  says Washington state with a new privacy bill. If passed, the Washington Privacy Act would go into effect on July 31, 2021 and would enact a comprehensive law that includes individual rights that go beyond CCPA. Key provisions that go beyond CCPA: Strong provisions that align with GDPR (e.g data minimization, purpose limitation, controller processor distinction) Commercial facial recognition provisions Obligations to perform data risk…

A new study has found only 11.8% of the most popular Consent Management Platforms (CMPs) used on UK websites meet the minimal requirements under GDPR and Europe’s eDirective regulations regarding cookies and consent. The researchers’ scraper was used to determine whether a consent form met GDPR and eDirective requirements. The rules say consent must be explicit. So, for example, users must click a button rather than just hop straight through to the website; all aspects…

“In California we are rebalancing the power dynamic by putting power back in the hands of consumers. I encourage all Californians to take a moment to understand their new rights and exercise these rights to take control of their personal data,” wrote California Attorney General Xavier Becerra. “Becerra has issued an advisory for consumers highlighting their new rights as part of the California Consumer Privacy Act (CCPA), which went into in effect on January 1,…

“Adequacy” seems to be the hardest word. On the brink of Brexit and the UK becoming a “third country” without a so called “adequacy” status for the cross border transfer of personal data from the European Union — Could California have its own Privacy Shield arrangement separate from the rest of the U.S.? This question emerged during the third annual review of the data-transfer agreements at the European Parliament. If the Court of Justice of the…

On the sixth day of CCPA the California Senate Health Committee gave to me … a HIPAA carve-out. AB 713, reported favorably by the California Senate Health Committee, would expand the exemption related to HIPAA and medical research. Specific carve-outs: De-identified PHI or medical information, provided that the business does not attempt nor actually re-identify the information “Business associates” Personal information collected for, or used in, biomedical research subject to institutional review board standards and…

How much is that privacy in the window? Researchers behind experiments on people’s willingness to pay for privacy, including Angela Winegar, Cass Sunstein and Alessandro Acquisti argue that consumers’ behavior and preferences aren’t a reliable indicator of how they value their own privacy, let alone how a society as a whole should value it. “Study after study has found that people’s valuations of data privacy are driven less by rational assessments of the risks they face…