Tag Archives: David L. Rice

California’s Privacy Regulator Issues Enforcement Guidance on How To Avoid “Dark Patterns” in Obtaining Consumer Consent

by David L. Rice and Christopher W. Savage

Photos of the authors

Left to Right: David L. Rice and Christopher W. Savage (photos courtesy of Davis Wright Tremaine LLP)

On September 4, 2024, the California Privacy Protection Agency (“CPPA”) announced that it issued an Enforcement Advisory (“Advisory”) providing guidance on how to avoid using prohibited “Dark Patterns” to obtain consent from consumers. Businesses subject to the California Consumer Privacy Act (CCPA) routinely request consent from consumers related to their personal information and in handling consumer requests to exercise their statutory rights regarding their personal information. The CPPA’s advisory is a strong signal that the time for businesses to identify and remove Dark Patterns in these processes is now—before the CPPA commences enforcement—by reviewing user interfaces to ensure the language and interface design offering consumers privacy choices is clear and symmetrical.

Continue reading

New Jersey Governor Signs Comprehensive Privacy Law

by Nancy Libin, David L. Rice, John D. Seiver, and Benjamin Robbins

Photos of the authors.

From left to right: Nancy Libin, David L. Rice, John D. Seiver, and Benjamin Robbins. (Photos courtesy of Davis Wright Tremaine LLP)

On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill 322 (“the Act”), making New Jersey the fourteenth state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, Oregon, and Delaware.  The Act will take effect on January 16, 2025.

Continue reading

Oregon Consumer Privacy Act Signed Into Law

by Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin

Photos of the authors

Left to right: Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin (photos courtesy of Davis Wright Tremaine LLP)

Oregon becomes the 12th state with a comprehensive consumer data privacy law

The Oregon Consumer Privacy Act (OCPA) became law on July 18, 2023. Oregon is the twelfth state to enact a comprehensive consumer data privacy law, joining CaliforniaVirginiaColoradoConnecticutUtahIowaIndianaTennesseeMontanaFlorida, and Texas. The OCPA goes into effect July 1, 2024 (the same date as the recently enacted privacy laws in Texas and Florida). The effective date for non-profits—which, unlike under most other state privacy laws, are not exempt under the OCPA—is delayed until July 1, 2025.

Continue reading

New Washington Law Has Broad Implications For Protecting Consumer Health Data

by Nancy Libin, Adam H. Greene, Rebecca L. Williams, David L. Rice, Michael T. Borgia, John D. Seiver, and Kate Berry

Photos of the authors

Top row from left to rugh: Nancy Libin, Adam H. Greene, Rebecca L. Williams, and David L. Rice.
Bottom row from left to right: Michael T. Borgia, John D. Seiver, and Kate Berry. (Photos courtesy of Davis Wright Tremaine LLP)

Landmark ‘My Health My Data’ Act Reaches Beyond Washington and Into the Courts With a Private Right of Action

On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the “Act”), which will regulate the collection, use, and disclosure of “consumer health data” (“Consumer Health Data” or “CHD”). The Act is intended to provide stronger privacy and security protections for health-related information not protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), but a significant gap remains. In spite of its title and purported focus on the health information of Washington residents, a careful reading of the Act shows that it will have a much broader reach – both geographically and substantively. Most provisions of the Act come into effect on March 31, 2024, with small businesses required to comply by June 30, 2024. Some sections (e.g., Section 10 prohibition against “geofencing”) do not provide effective dates. It is unclear whether those sections become effective on July 22, 2023, which would be 90 days after the end of the legislative session, as provided under Washington law, or whether failure to include an effective date for all sections of the Act was an oversight.

Continue reading