Lina Khan’s Privacy Priorities – Time for a RecapRumors suggest that Senator Schumer is maneuvering to confirm Alvaro Bedoya as FTC Commissioner sooner rather than later, which would give FTC Chair Khan the majority she needs to move forward on multiple fronts. One of those fronts is consumer privacy, for which  Khan has announced ambitious plans (discussed here and here) that have stalled for lack of Commissioner votes. With Bedoya potentially on deck, now seems like a good time to recap those plans, as they might provide clues about what’s in the pipeline awaiting Bedoya’s vote. We focus here on three priorities Khan has emphasized in statements and interviews since becoming Chair.
Continue Reading Lina Khan’s Privacy Priorities – Time for a Recap

The replay for our May 19, 2022 Privacy Priorities for 2022 webinar is available here.

Under Chair Lina Khan, the Federal Trade Commission has announced an aggressive privacy agenda, which is unfolding on the enforcement, regulatory, and policy fronts. In recent enforcement actions, the FTC has sought stringent remedies, including data deletion, bans on

Day in the Life of a Chief Privacy OfficerOn this special episode, Privacy and Information Security practice chair Alysa Hutnik chats with Shana Gillers, TransUnion’s Chief Privacy Officer. Alysa and Shana discuss the journey to becoming a chief privacy officer, hot topics, and what it takes to stay on top of your game in privacy today.

Watch a video version here or the

FTC Continues to Focus on Incentivized ReviewsPlease join us for a webinar on February 24, 2022 at 4 p.m. on recent and upcoming FTC developments. The webinar will feature Kelley Drye’s Jessica Rich and Aaron Burstein, both former FTC officials, and will be moderated by the newest addition to our privacy team, Jayson Lewis. Here’s a taste of what we’ll be

Join Kelley Drye this week for:

Privacy Priorities for 2022: Legal and Tech Developments to Track and Tackle
Wednesday, January 26 at 4:00pm ET/ 1:00pm PT

Privacy compliance is a daunting task, particularly when the legal and tech landscape keeps shifting. Many companies are still updating their privacy compliance programs to address CCPA requirements, FTC warnings on avoiding dark patterns and unauthorized data sharing, and tech platform disclosure, consent, and data sharing changes. But in the not too distant future, new privacy laws in California, Colorado, and Virginia also will go into effect. Addressing these expanded obligations requires budget, prioritizing action items, and keeping up to date on privacy technology innovations that can help make some tasks more scalable.

This joint webinar with Kelley Drye’s Privacy Team and Ketch, a data control and programmatic privacy platform, will highlight key legal and self-regulatory developments to monitor, along with practical considerations for how to tackle these changes over the course of the year. This will be the first in a series of practical privacy webinars by Kelley Drye to help you keep up with key developments, ask questions, and suggest topics that you would like to see covered in greater depth.

Register Here


Continue Reading Upcoming Webinars

As we’ve all been following in the news, the House reconciliation bill to fund “human infrastructure” is still mired in negotiations, ever on the verge of either passing to monumental fanfare, or cratering in failure. Tucked away on page 671 of the 1684-page bill is a short provision that, despite scant attention, has the potential

Privacy Compliance Tech-Tools and StrategiesWith AdTech (tracking individuals and their online or in app behaviors to build a profile of them to better serve and more effectively target them) and MarTech (strategies and technologies to generate demand, attention, and sales for a product) now the most celebrated or perhaps infamous areas in privacy today, being a privacy lawyer has

Ad Law Access PodcastMany states are considering comprehensive privacy legislation in the absence of a federal law. On another much anticipated episode of the Ad Law Access podcast, Alysa Hutnik and Aaron Burstein discuss pending state privacy legislation, how we got here, and some expected future legislation. Find the episode here or wherever you get your podcasts

California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021. The revisions went into effect upon approval. In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes: (1) Notice for Sale of PI Collected Offline: Businesses that sell personal information collected offline must provide an offline notice by means such as providing paper copies or posting signs in a store, or giving an oral notice if collecting personal information over the phone. (2) Opt-Out Icon: The revised regulations provide that businesses may use an opt-out icon in addition to, but not in lieu of, notice of a right to opt out or a “Do Not Sell My Personal Information” link. (3) Do Not Sell Requests: A “Do Not Sell” request must “be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” The change prohibits businesses from using any method that is designed to or would have the effect of preventing a consumer from opting out. The revised regulation offers examples of prohibited opt-out practices, which include requiring a consumer to: (A) complete more steps to opt out than to re-opt in after a consumer had previously opted out; (B) provide personal information that is not necessary to implement the opt-out request; and (C) read through a list of reasons why he or she shouldn’t opt out before confirming the request. (4) Consumer Requests from Authorized Agents: A business may now require an authorized agent who submits a request to know or delete to provide proof that the consumer gave the agent signed permission to submit a request. The regulations also preserve the options business previously had of requiring the consumer to verify their identity directly to the business or directly confirming that they provided the authorized agent permission to submit the request. (5) Children’s Information: The addition of the word “or” in section 999.332 requires businesses that sell personal information of children under the age of 13 “and/or” between the ages of 13 and 15 to describe in their privacy policies how to make an opt-in to sale requests. We will continue to monitor closely further developments in CCPA regulations.California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021.  The revisions went into effect upon approval.  In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes:

(1) Notice for Sale of

On March 2, Governor Ralph Northam signed the Virginia Consumer Data Protection Act (VCDPA) into law, making Virginia the second state to enact comprehensive privacy legislation.

With the VCDPA on the books, companies have the next 22 months to prepare for the VCDPA and the California Privacy Rights Act (CPRA) to go into effect.  This