Tag Archives: John D. Seiver

Land of 10,000 Data Lakes: Minnesota Consumer Data Privacy Act Signed into Law

by Nancy Libin, John D. Seiver, and Jevan Hutson

Photo of the authors.

From left to right: Nancy Libin, John D. Seiver, and Jevan Hutson. (Photos courtesy of Davis Wright Tremaine LLP)

Minnesota is the 18th state to enact a consumer data privacy law.

On May 25, 2024, Minnesota Governor Tim Walz signed the Minnesota Consumer Data Privacy Act (the “Act”), which takes effect on July 31, 2025, for most controllers and on July 31, 2029, for certain postsecondary educational institutions. Minnesota is the 18th state to enact a comprehensive consumer data privacy law.

The Act adopts the same framework as most other state privacy laws but includes several novel provisions, including broader rights for Minnesota residents who are subject to profiling in furtherance of decisions that produce legal or similarly significant effects.

We highlight key aspects of the Act below.

Continue reading

New Jersey Governor Signs Comprehensive Privacy Law

by Nancy Libin, David L. Rice, John D. Seiver, and Benjamin Robbins

Photos of the authors.

From left to right: Nancy Libin, David L. Rice, John D. Seiver, and Benjamin Robbins. (Photos courtesy of Davis Wright Tremaine LLP)

On January 16, 2024, New Jersey Governor Phil Murphy signed into law Senate Bill 322 (“the Act”), making New Jersey the fourteenth state to enact a comprehensive consumer data privacy law, joining California, Virginia, Colorado, Connecticut, Utah, Iowa, Indiana, Tennessee, Montana, Florida, Texas, Oregon, and Delaware.  The Act will take effect on January 16, 2025.

Continue reading

Oregon Consumer Privacy Act Signed Into Law

by Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin

Photos of the authors

Left to right: Nancy Libin, Michael T. Borgia, John D. Seiver, David L. Rice, and Patrick J. Austin (photos courtesy of Davis Wright Tremaine LLP)

Oregon becomes the 12th state with a comprehensive consumer data privacy law

The Oregon Consumer Privacy Act (OCPA) became law on July 18, 2023. Oregon is the twelfth state to enact a comprehensive consumer data privacy law, joining CaliforniaVirginiaColoradoConnecticutUtahIowaIndianaTennesseeMontanaFlorida, and Texas. The OCPA goes into effect July 1, 2024 (the same date as the recently enacted privacy laws in Texas and Florida). The effective date for non-profits—which, unlike under most other state privacy laws, are not exempt under the OCPA—is delayed until July 1, 2025.

Continue reading

FTC Articulates Consumer Privacy Concerns – Potential Misuse of Biometric Information and Technologies

by Apurva Dharia, Nancy Libin, John D. Seiver, and Kate Berry

Photos of the authors

From left to right: Apurva Dharia, Nancy Libin, John D. Seiver, and Kate Berry
(Photos courtesy of Davis Wright Tremaine LLP and authors)

Policy statement addresses possible bias and discrimination in the collection, use, and marketing of biometrics under the FTC Act.

On May 18, 2023, the Federal Trade Commission (FTC) issued a policy statement warning that the proliferation of technologies that use or claim to use biometric information may bring risks with regard to consumer privacy and data security and present a potential for bias and discrimination. The Agency vowed to use its authority under Section 5 of the FTC Act to investigate unfair or deceptive acts in the collection, use, and marketing of biometric information technologies that mislead or cause harm to businesses and consumers.

Continue reading

New Washington Law Has Broad Implications For Protecting Consumer Health Data

by Nancy Libin, Adam H. Greene, Rebecca L. Williams, David L. Rice, Michael T. Borgia, John D. Seiver, and Kate Berry

Photos of the authors

Top row from left to rugh: Nancy Libin, Adam H. Greene, Rebecca L. Williams, and David L. Rice.
Bottom row from left to right: Michael T. Borgia, John D. Seiver, and Kate Berry. (Photos courtesy of Davis Wright Tremaine LLP)

Landmark ‘My Health My Data’ Act Reaches Beyond Washington and Into the Courts With a Private Right of Action

On April 27, 2023, Washington Governor Jay Inslee signed into law the My Health My Data Act (the “Act”), which will regulate the collection, use, and disclosure of “consumer health data” (“Consumer Health Data” or “CHD”). The Act is intended to provide stronger privacy and security protections for health-related information not protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), but a significant gap remains. In spite of its title and purported focus on the health information of Washington residents, a careful reading of the Act shows that it will have a much broader reach – both geographically and substantively. Most provisions of the Act come into effect on March 31, 2024, with small businesses required to comply by June 30, 2024. Some sections (e.g., Section 10 prohibition against “geofencing”) do not provide effective dates. It is unclear whether those sections become effective on July 22, 2023, which would be 90 days after the end of the legislative session, as provided under Washington law, or whether failure to include an effective date for all sections of the Act was an oversight.

Continue reading