On October 25, 2023, New York Governor Kathy Hochul signed into law a bill (the “Act”) banning the sale of over-the-counter weight loss and muscle building supplements to children under the age of 18. This Act is the first law in the United States to ban the sale of such supplements to children and is set to take effect in April of 2024.
Four years ago, the European Union (“EU”) began enforcement of the General Data Protection Regulation (“GDPR”). The GDPR is a comprehensive data privacy law enacted to create a standardized and cohesive data privacy framework across all EU member countries. The GDPR has since encouraged the adoption of data privacy laws throughout the world, such as the California Consumer Privacy Act. Businesses in the United States that process personal data of European residents, after it has transferred from a country in the European Economic Area to the United States, must ...
The new Connecticut data privacy law—inconveniently titled “An Act Concerning Personal Data Privacy and Online Monitoring” (hereinafter referred to as “CPDPA”) was signed into law on Tuesday, May 10, 2022 and will have an effective date of July 1, 2023. The CPDPA is moderately similar to both the Colorado Privacy Act (the “CPA”) and the Virginia Consumer Data Privacy Act (“VCDPA”), with only a few minor differences.
The CPDPA applies businesses that conduct business in the state of Connecticut or produce products or services targeted to residents of ...
The California Consumer Privacy Act (“CCPA”), which went into effect January 1, 2020, created rights and obligations related to the collection and sale of consumer personal data. The California Privacy Rights Act (“CPRA”) was a ballot measure that was approved by California voters on November 3, 2020. The CPRA significantly amends and expands the CCPA. Notably, the majority of the provisions revising the CCPA do not become “operative” until January 1, 2023, and enforcement will apply only to violations occurring on or after January 1, 2023.
On March 24, 2022, Utah Governor Spencer Cox signed the Utah Consumer Privacy Act (“UCPA”) into law. The UCPA, which will become effective December 31, 2023, largely mirrors the Virginia Consumer Data Privacy Act (“VCDPA”), explained in more detail here, or Europe’s General Data Protection Regulation (“GDPR”).
The Colorado Privacy Act (the “CPA”) was signed into law on July 8, 2021 by Governor Jared Polis, only 6 months after Virginia enacted its data privacy law, the Virginia Consumer Data Privacy Act (“VCDPA”).
On March 2, 2021, Virginia Governor Ralph Northam signed the Virginia Consumer Data Protection Act (the “VCDPA”) into law. The VCDPA, which will become effective January 1, 2023, creates rights and obligations related to the collection and processing of consumer personal data. While many of these rights are similar to what we have seen under the California Consumer Protection Act (“CCPA”) or Europe’s General Data Protection Regulation (“GDPR”), many rights, such as the right to appeal the denial of a consumer data request and the establishment of a 30-day cure ...
With the passing of the Utah Consumer Privacy Act and Connecticut Data Privacy Act, data privacy laws are back in the focus of business owners across America. Five states now have comprehensive data privacy protection for consumers—California, Virginia, Colorado, Utah, and Connecticut.
The Supreme Court’s recent opinion in TransUnion LLC v. Ramirez will have a significant impact in alphabet and data breach litigation specifically and class action litigation generally. We talk about the TransUnion opinion in more detail in our recent Legal Alert here. Anyone who is involved in class action litigation should become familiar with the case as the latest Supreme Court opinion to impact the class action litigation landscape.
The Year 2023 is shaping up to be the next big year in data privacy. With the enactment of the Consumer Data Protection Act (“CDPA”) on March 2, 2021, Virginia joined California as the second U.S. state to enact comprehensive data privacy rights legislation. Virginia’s CDPA comes on the heels of California’s passage of its California Privacy Rights Act (“CPRA”), which amends the infamous California Consumer Privacy Act (“CCPA”). Both Virginia’s CDPA and California’s CPRA take effect January 1, 2023.
In response to this news, you might first consider whether ...
- Cybersecurity and Privacy Law
- Privacy Laws
- California Consumer Privacy Act
- Cybersecurity Regulation
- Cyber Insurance
- Data Breach
- General Data Protection Regulation
- Class Action Litigation
- Mergers & Acquisitions
- Incident Response Plan
- Information Governance
- Corporate Law
- Federal Trade Commission
- Seventh Circuit
- Department of Justice
- New York Bans Sale of Certain Supplements to Minors
- GDPR Compliance: What is Privacy Shield 2.0?
- Connecticut's Data Privacy Law
- The California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)
- The Utah Consumer Privacy Act
- The Colorado Privacy Act
- The Virginia Consumer Data Protection Act
- State Data Privacy Law Series
- TransUnion LLC v. Ramirez and the Impact on Class Action Litigation
- 2023: The Year of the CPRA and CDPA - Virginia Joins California in Passing Comprehensive Privacy Legislation