California agency releases updated draft CPRA regulations
October 24, 2022
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
California Agency Releases Updated Draft CPRA Regulations
The California Privacy Protection Agency (CPPA) released several proposed changes to the draft regulations under the California Privacy Rights Act (CPRA).
A CPPA board meeting was originally scheduled for October 21-22 during which the updated regulations would be discussed, but that meeting was cancelled without explanation.
Another meeting is scheduled for October 28-29 for the same purpose.
If the modifications are approved at the board meeting, an additional 45- or 15-day comment period will commence, depending on whether the modifications are deemed “major changes”.
The CPPA has yet to provide regulations addressing certain topics, such as profiling and automated decision-making.
Among other changes, the modifications include the addition of a list of factors to consider when determining whether a company’s practices are within the consumer’s “reasonable expectations” as well as changes to clarify the “symmetry-in-choice” principle, including changes to emphasize that options requiring more steps or that are more time consuming or difficult or less intuitive than other options do not reflect symmetry and would interfere with a consumer’s ability to exercise choice.
Taken together, these changes demonstrate the importance of setting clear expectations about a company’s privacy practices and giving consumers clear, easy-to-use options to exercise choice.
Appeals Court Confirms Ruling Against Ad-Tech NaviStone in Tracking Suit
A 3rd-Circuit appellate judge reaffirmed its August 2022 ruling that a class action against ad-tech company NaviStone could proceed based on alleged violations of Pennsylvania’s Wiretapping and Electronic Surveillance Control Act.
The plaintiffs claim that NaviStone’s collection of information about consumer activities on a third-party website, including consumer personal information, without consent, constitutes an “interception” of consumer electronic communication with the website in violation of wiretapping law.
The district court granted summary judgment in favor of NaviStone based on an argument that NaviStone was a party to the communication and could not, therefore, “intercept” it.
However, that ruling was reversed by the 3rd-Circuit on appeal, holding that the direct party exception only applies in certain circumstances involving law enforcement.
NaviStone requested that the decision be reconsidered or heard by the full 3rd-Circuit panel on the basis that the decision created “an unprecedented change in Pennsylvania law”, but the judge denied the request.
As noted by NaviStone in their argument, several new tracking lawsuits have already been filed in Pennsylvania in response to the original ruling, creating increased risk for websites and ad-tech companies collecting information from Pennsylvania residents.
DAA Canada Releases Updated Interest-Based Advertising Principles
The Digital Advertising Alliance of Canada (DAAC) posted refreshed principles for compliance with its AdChoices self-regulatory program for interest-based advertising. The updated principles will be effective January 1, 2023 for DAAC AdChoices program participants.
Among other changes, the updated principles now say that companies should provide a layered notice with a “plain language notice” containing a meaningful description of interest-based advertising practices with links to a more detailed description of such practices and a choice mechanism and that such notice should be consistently available.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
A memorandum from the California Privacy Protection Agency (CPPA) staff proposes...
The ICO previously made an announcement on its website warning that...
Publisher Collective recognised the importance of collecting consent in...
Latest White Papers
The current state of publisher compliance with CCPA, and...
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.