Photo of Aaron J. Burstein

Email
(202) 342-8453
Bio   LinkedIn

In an aggressive expansion of its security and privacy enforcement programs, on September 15, 2021, the FTC issued what it characterized as a “Policy Statement” reinterpreting an old rule about personal health records.

First, some background. In 2009, Congress directed the FTC to create a rule requiring companies to provide notice when there

The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Colorado Governor Jared Polis signed the bill (SB 21-190) into law on July 7, and ColoPA will go into effect on July 1, 2023.

How does the measure stack up against the VCDPA and the CCPA (as amended by CPRA)? The good news is that, in broad terms, ColoPA generally does not impose significant new requirements that aren’t addressed under the CCPA or VCDPA, but there are a few distinctions to note..
Continue Reading Privacy Law Update: Colorado Privacy Bill Becomes Law: How Does it Stack Up Against California and Virginia?

Update: Governor Polis signed SB 21-190 into law on July 7, 2021, see our updated blog post here.

The Colorado Legislature recently passed the Colorado Privacy Act (“ColoPA”), joining Virginia and California as states with comprehensive privacy legislation. Assuming Colorado Governor Jared Polis signs the bill (SB 21-190) into law, ColoPA will

Just a few months after California officials announced the nominations of the inaugural Board members of the California Privacy Protection Agency (“CalPPA”), the CalPPA released the agenda for its first board meeting on June 14, 2021. The meeting will be held remotely in accordance with California Executive Order N-29-20, but the public may still

Lina Khan Confirmation Hearing Signals Potential Big Changes for FTC Update: On May 12th, Lina Khan received bipartisan approval from the Senate Commerce Committee for her nomination as FTC Commissioner. This paves the way for her confirmation hearing before the full Senate which has yet to be scheduled. See our blog post here: FTC Nominee Lina Khan Sails through Committee with Bipartisan Support While Chopra

Ad Law Access PodcastMany states are considering comprehensive privacy legislation in the absence of a federal law. On another much anticipated episode of the Ad Law Access podcast, Alysa Hutnik and Aaron Burstein discuss pending state privacy legislation, how we got here, and some expected future legislation. Find the episode here or wherever you get your podcasts

California officials today announced their nominees to be the five inaugural members of the California Privacy Protection Agency (“CPPA”) Board.  Created by the California Privacy Rights Act (“CPRA”), the CPPA will become a powerful, state-level privacy regulator long before its enforcement authority becomes effective in 2023, and today’s appointments move the CPPA one large step

California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021. The revisions went into effect upon approval. In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes: (1) Notice for Sale of PI Collected Offline: Businesses that sell personal information collected offline must provide an offline notice by means such as providing paper copies or posting signs in a store, or giving an oral notice if collecting personal information over the phone. (2) Opt-Out Icon: The revised regulations provide that businesses may use an opt-out icon in addition to, but not in lieu of, notice of a right to opt out or a “Do Not Sell My Personal Information” link. (3) Do Not Sell Requests: A “Do Not Sell” request must “be easy for consumers to execute and shall require minimal steps to allow the consumer to opt-out.” The change prohibits businesses from using any method that is designed to or would have the effect of preventing a consumer from opting out. The revised regulation offers examples of prohibited opt-out practices, which include requiring a consumer to: (A) complete more steps to opt out than to re-opt in after a consumer had previously opted out; (B) provide personal information that is not necessary to implement the opt-out request; and (C) read through a list of reasons why he or she shouldn’t opt out before confirming the request. (4) Consumer Requests from Authorized Agents: A business may now require an authorized agent who submits a request to know or delete to provide proof that the consumer gave the agent signed permission to submit a request. The regulations also preserve the options business previously had of requiring the consumer to verify their identity directly to the business or directly confirming that they provided the authorized agent permission to submit the request. (5) Children’s Information: The addition of the word “or” in section 999.332 requires businesses that sell personal information of children under the age of 13 “and/or” between the ages of 13 and 15 to describe in their privacy policies how to make an opt-in to sale requests. We will continue to monitor closely further developments in CCPA regulations.California’s Office of Administrative Law approved further revisions to the Attorney General’s CCPA regulations on March 15, 2021.  The revisions went into effect upon approval.  In substance, the revisions are identical to the fourth set of modifications the Attorney General proposed on December 10, 2020, and make the following changes:

(1) Notice for Sale of

Following weeks of speculation about a potential role for Columbia Law Professor Tim Wu in the Biden Administration, the White House announced on March 5 that Wu has been named Special Assistant to the President for Technology and Competition Policy. As an official housed in the National Economic Council (“NEC”), Wu will not directly command staff within federal agencies or set the agencies’ enforcement or regulatory agendas. Instead, Wu will most likely focus on coordinating federal agencies’ efforts to identify and address competition issues. Given his history, Wu could seek to have particular influence on the Federal Communications Commission (“FCC”) and Federal Trade Commission (“FTC”) as they shape their Biden Administration agendas.

Continue Reading Competition Policy Gets a Top Spot in the White House