California Remains a Privacy Bellwether
Hello all, and happy Thursday!Read Now
June 29, 2023
Hello all, and happy Thursday!
If you haven’t heard, the enforcement date for the California Privacy Rights Act (CPRA) is set for this Saturday, July 1 — just three months after the California Privacy Protection Agency (CPPA) finalized regulations.
The California Chamber of Commerce isn’t happy with the enforcement date. Back at the end of March, the Chamber filed a lawsuit to extend the enforcement date since, according to them, “The CPPA did not meet the voter-imposed deadline to adopt regulations implementing Proposition 24, the California Privacy Rights Act.” As a result, the Chamber of Commerce feels businesses don’t have enough time to adjust in order to follow the new law.
An initial hearing is set to happen on June 30 in the Sacramento Superior Court, which is cutting it pretty close for the businesses that will be impacted by CPRA. We’ve seen what enforcement can look like in California — Sephora’s $1.2 million fine for violating the CCPA in October of last year was a swift reminder of just how steep these fines can get, even in the US, where data privacy laws are a fairly new practice.
However, it’s also important to remember that Sephora’s settlement came after a 30-day cure period, which was meant to give them time to correct their violations before the California Attorney General took action against the organization. As the enforcement window for CPRA opens, this ability to cure is beneficial for impacted organizations and those seeking guidance on the right approach to take.
Vehicles have become increasingly connected, so the amount of data they can record about their drivers has shot up. Now, there’s a tool that can help you understand just how much data they’re collecting and passing off to vehicle manufacturers, thanks to the US-based automotive firm Privacy4Cars and its new Vehicle Privacy Report.
The French Data Protection Agency, Commission Nationale Informatique & Libertés (CNIL), has sanctioned CRITEO with a EUR 40 million fine. The organization found five GDPR infringements by the organization regarding, among others, a lack of consent to process individuals’ data.
The Oregon House and Senate have signed Senate Bill 619, which previously passed in the House. The privacy bill now moves to the Oregon Governor’s desk for signature, making it the 11th comprehensive state privacy law in the U.S. If passed, the bill will take effect July 1, 2024.
The California Chamber of Commerce sued the California Privacy Protection Agency in late March of this year to delay the CPRA enforcement date (which is this Saturday). The hearing is set to begin on June 30.
Meta has been granted an extension of a temporary stay on the order from the Irish Data Protection Commission to suspend its EU-U.S. data transfers. The extension will continue through to the end of July.
The Publishers Clearing House (PCH) has agreed to pay $18.5 million to settle a lawsuit with the Federal Trade Commission in the U.S. According to the FTC, PCH used dark patterns and “coerced customers through false suggestions that making a purchase was the only way to enter its popular sweepstakes.”
Apple has released two new features regarding third-party software development kits. The first, privacy manifests, consists of files that detail the privacy practices of all third-party SDKs utilized in an app. The second, SDK signatures, verifies that new versions of an SDK are signed by the original developer in an effort to ensure that SDK-supplied code is not part of a scam attempt.
Universal consent management is closely related to cookie consent and preference management, but there's a bit more to it than that. Learn more about it and its benefits in our latest blog.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.
Arlo Gilbert is the CEO & co-founder of Osano. An Austin, Texas native, he has been building software companies for more than 25 years in categories including telecom, payments, procurement, and compliance. In 2005 Arlo invented voice commerce, he has testified before congress on technology issues, and is a frequent speaker on data privacy rights.