Blog

Colorado Posts Public Comments to CPA Draft Rules

Julie Rubash, Chief Privacy Counsel
November 14, 2022

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

UNITED STATES


Colorado Posts Public Comments to CPA Draft Rules

Comments submitted by various organizations in response to the proposed draft rules under the Colorado Privacy Act have been made publicly available on the Colorado Attorney General website.

Among other commentators, the Network Advertising Initiative submitted recommendations regarding Universal Opt-Out Mechanisms and Consent, including a recommendation that Controllers have the opportunity to reconcile conflicts between Universal Opt-out Mechanism (UOOM) Signals and local preferences selected by the user directly with the Controller—a capability permitted under the latest version of the California draft regulations.

Conversely, comments from Consumer Reports argue that opt-out rights should never be overridden by a consumer’s subsequent election to opt in to a product or service, such as a loyalty program, emphasizing that selling data or engaging in cross-site targeted advertising is unnecessary to operate a loyalty program. 

Several organizations also commented on rules allowing for UOOMs in non-signal formats, such as lists. Future of Privacy Forum, for example, pointed out the complexity of authenticating individuals in a list across different technologies.

NEXT STEPS

The first of three stakeholder meetings was held November 10, with two additional meetings scheduled for November 15 and November 17, which will give organizations further opportunity for public comment. A hearing on the proposed rules will then be held February 1.   

EUROPE

Irish DPC Submits Draft Decision in Case Against Yahoo!

The Data Protection Commission (DPC) in Ireland announced that it has submitted to other concerned supervisory authorities in the EU a draft decision regarding Yahoo!’s compliance with transparency requirements under GDPR. Concerned supervisory authorities will have until November 24 to object to the decision before it can be finalized. Details of the decision have not been made public.

WHY IT MATTERS

The DPC inquiry into Yahoo!’s practices under GDPR has been a multi-year process, beginning in 2019. At the time, the Irish Data Protection Commissioner told reporters that her office had received over 38 complaints redirected from other EU data protection authorities, some of which related to giving no option other than to click okay in cookie banners. Over the past two months, the Irish DPC has also submitted draft decisions regarding inquiries into TikTok and Meta. 

The Danish Data Protection Authority released a decision criticizing the JP/Politiken website www.eb.dk based on findings by its inspectorate that the consent solution on the site was not sufficiently informed to comply with the DPA’s rules. Specifically, the first layer of the consent solution gave users three options: Necessary Only, Customize Settings, and Accept All, with information about all processing purposes only available in the second layer after a user clicked “Customize Settings”. The supervisory authority found that this solution did not give informed consent as visitors who clicked “Accept All” did not receive information about all processing purposes. 

WHY IT MATTERS

The inquiry was conducted in accordance with the Danish Data Protection Authority’s special focus on “processing of personal data about website visitors (cookies)” announced in 2021, among other areas of focus.  

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

FTC and Sensitive Location Data; New Pen Register Class Actions

December 9, 2024

FTC takes action against the sale of sensitive data...

California CPPA Issues Notice of Proposed Rulemaking

November 25, 2024

News out of California this week. The CPPA moved...

Mitigating risk under the Video Privacy Protection Act (VPPA)

November 23, 2024

Because VPPA is just one of many tools being...

Latest White Papers

E-book: Enterprise Guide To Cookie management & Tracker List Curation

July 1, 2024

How to review the tracking tech on your websites...

Benchmark Report: US Privacy Compliance

August 19, 2022

The current state of publisher compliance with CCPA, and...

Keep in touch

Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.

Let's explore what we can do together.

We'll be in touch within 48 hours

[contact-form-7 id="593" title="Schedule a Demo"]