Among the many details to absorb in the draft amendments to the CCPA regulations published by the California Privacy Protection Agency (“CPPA”) on May 27 (the “Draft Regulations”) are new and prescriptive disclosure requirements for notices at collection and privacy policies. While these disclosure provisions (and all of the other provisions of the Draft Regulations)
For those not following every detail regarding the progress of the “three corners” federal privacy bill, here’s a summary of where things stand.
Given the rapidly evolving situation in Ukraine, we thought it would be helpful to offer our AdLaw Access readers a link to the ongoing guidance being published by our Export and Sanctions Team at Kelley Drye. For more information on the situation and how it may impact your business, please contact our Export and Sanctions…
As we continue to watch the slow motion, often circular efforts in Congress to develop and enact comprehensive privacy legislation, federal action on privacy could end up coming from some surprising places.
In 2017, California updated its automatic renewal law to create some of the strictest requirements in the country. Now, just four years later, the Governor Newsom signed a new law that will impose even stricter requirements.
- Requirements for Free Trials: If a program includes a free or discounted trial period of 31 days or more,
On October 6, 2021, the Senate Commerce Committee conducted its second in a series of hearings dedicated to consumer privacy and data, this time addressing Data Security. Similar to last week’s privacy hearing, the witnesses and Senators appeared to agree that federal data security standards – whether as part of privacy legislation or on their own – are urgently needed. If there were to be consensus around legislative principles, the hearing provides clues about what a compromise might look like.
Prepared Statements. In their opening statements, the witnesses emphasized the need for minimum standards governing data security.
- James E. Lee, Chief Operating Officer of the Identity Theft Resource Center, explained that without minimum requirements, companies lack sufficient incentives to strengthen their data security practices to protect consumer data. Lee also advocated for more aggressive federal enforcement rather than the patchwork of state actions, which, he said, produce disparate impacts for the same conduct.
- Jessica Rich, former Director of the FTC’s Bureau of Consumer Protection and counsel at Kelley Drye, emphasized that current laws do not establish clear standards for data security and accountability. She advocated for a process-based approach to prevent the law from being outpaced by evolving technologies and to ensure that it accommodates the wide range of business models and data practices across the economy. Among her recommendations, Rich suggested that Congress provide the FTC with jurisdiction over nonprofits and common carriers and authority to seek penalties for first-time violations.
- Edward W. Felten, former Deputy U.S. Chief Technology Officer, former Chief Technologist of the FTC’s Bureau of Consumer Protection, and current Professor of Computer Science and Public Affairs at Princeton University, focused on the need to strengthen the FTC’s technological capabilities, including increasing the budget to hire more technologists. Notably, Felten advocated for more prescriptive requirements in data security legislation such as requiring companies to store and transmit sensitive consumer data in encrypted form and prohibiting companies from knowingly shipping devices with serious security vulnerabilities.
- Kate Tummarello, Executive Director at Engine, a non-profit organization representing startups, addressed the importance of data security for most startups. Tummarello advocated for FTC standards or guidance with flexible options. Cautioning against overburdening startups, Tummarello explained that newer companies take data security seriously because they do not have the name recognition or relationships with consumers that larger companies may have, and a single breach could be extremely disruptive. Additionally, Tummarello highlighted that the patchwork of state laws provides inconsistent and unclear data security guidance and imposes high compliance costs.
The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Colorado Governor Jared Polis signed the bill (SB 21-190) into law on July 7, and ColoPA will go into effect on July 1, 2023.
How does the measure stack up against the VCDPA and the CCPA (as amended by CPRA)? The good news is that, in broad terms, ColoPA generally does not impose significant new requirements that aren’t addressed under the CCPA or VCDPA, but there are a few distinctions to note..
Continue Reading Privacy Law Update: Colorado Privacy Bill Becomes Law: How Does it Stack Up Against California and Virginia?
Welcome to our monthly roundup of regulatory and litigation highlights impacting the dietary supplement and personal care products industries. Sit back, relax, and enjoy the read. February was a short month, with a lot going on.
Health claim substantiation was front and center before NAD in a monitoring case involving Pendulum Therapeutics and a “medical probiotic” product featuring claims such as “The only medical probiotic clinically shown to lower A1C & blood glucose spikes for the dietary management of T2D*” (*Consult your physician as part of your total diabetes management plan. Results may vary from person to person.”)
The advertiser submitted a 12-week multi-center, randomized, double-blind, placebo-controlled study (the “Perraudeau Study”) to assess Pendulum Glucose Control’s safety and effectiveness in improving glycemic control in Type 2 diabetics and, ultimately, their dietary management of the disease – specifically, the role of certain probiotic strains found in prior research to be associated with the promotion of a healthy gut microbiome through the production of short-chain fatty acids (SCFAs).
The advertiser also provided clinical studies and research articles demonstrating the roles of A1C, fasting glucose and postprandial glucose levels in managing Type 2 diabetes. The advertiser also referred to the FDA’s Guidance document (Diabetes Mellitus: Developing Drugs and Therapeutic Biologics for Treatment and Prevention) to demonstrate what level of reduction in HbA1c was clinically meaningful.
While NAD expressed some concerns about the evidence, ultimately, NAD determined that the Perraudeau Study was a good fit for the challenged claim “The only medical probiotic clinically shown to lower A1C & blood glucose spikes for the dietary management of T2D*” (*Consult your physician as part of your total diabetes management plan. Results may vary from person to person.”) but recommended the following modifications: (1) limiting the claim to individuals who are taking metformin; (2) modifying the claim to clarify that the product can be used as part of the dietary management of type 2 diabetes; and (3) removing the references to percent reductions in blood glucose spikes in the absence of evidence in the record demonstrating that the reductions were clinically relevant.
This decision is a helpful discussion of the competent and reliable scientific evidence standard. Anyone seeking to understand health claims substantiation better should check it out. …
Continue Reading Dietary Supplement and Personal Care Products Regulatory Highlights – February 2021
On February 12, 2021, the General Assembly of the State of Maryland enacted legislation imposing the Digital Advertising Gross Revenues Tax, overriding a prior veto of the legislation by Maryland Governor Larry Hogan. The Act imposes a tax, at rates of up to 10%, on gross revenues “derived from digital advertising services in the state.” …
In recent years, a number of states have passed laws governing automatic renewals. New York is the latest state to jump on this trend. Its current law only applies to certain contracts “for service, maintenance, or repair to or for any real or personal property.” The new law, which will become effective in February 2021,…