Timothy Dickens

Contact:

California Enforcement Sweep Targets Mobile Apps – With a Focus on Honoring “Permission Slip” App

By Timothy Dickens & Gregory P. Szewczyk on February 1, 2023

Posted in Privacy, Regulatory and Enforcement, State Enforcement

On Friday, January 27, California Attorney General Rob Bonta announced an investigative sweep of businesses that provide mobile apps, issuing warning letters to those that AG Bonta alleges failed to comply with the California Consumer Privacy Act (CCPA). This sweep focused specifically on “popular retail, travel, and food service industry apps” that failed to comply with consumer opt-out requests or otherwise failed to offer mechanisms for consumers to stop the sale of their personal information. … Continue Reading

FTC requires data minimization in Drizly enforcement action

By Timothy Dickens & Kelsey Fayer on October 27, 2022

Posted in Data Security, FTC, Regulatory and Enforcement

In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of data. Although the action arose out of a common security failure—the sort that has been the subject of numerous prior FTC consent decrees—the enforcement requirements extend beyond the standard implementation of an information security program.… Continue Reading

CPRA’s employee and B2B exemptions appear destined to sunset

By Gregory P. Szewczyk, Timothy Dickens & Kelsey Fayer on September 8, 2022

Posted in Privacy, State regulation

The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception. As a result, when the the California Privacy Rights Act (CPRA) goes into effect on January 1, 2023, employee and B2B data will be treated the same as consumer data. … Continue Reading

FTC Takes Aim at “Commercial Surveillance”

By Gregory P. Szewczyk & Timothy Dickens on August 15, 2022

Posted in FTC, Privacy, Regulatory and Enforcement

In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways.

On August 11, the FTC released its Advanced Notice of Proposed Rulemaking, seeking public input on a host of questions relating to what it describes as “commercial surveillance”—or “the business of collecting, analyzing, and profiting from information about people”—in order to determine whether to issue a new rule “to protect people’s privacy and information in the commercial surveillance economy.” … Continue Reading

Draft California Privacy Rights Act regulations released by CPPA

By Timothy Dickens, Gregory P. Szewczyk & Philip N. Yannella on June 1, 2022

Posted in Privacy, State regulation

The California Privacy Protection Agency (“CPPA”) scheduled a Board Meeting for June 8^th, in which it will be discussing and possibly taking action with regard to the much anticipated CPRA enforcing regulations. To facilitate this discussion, the CPPA included a draft of the proposed regulations as part of the meeting records. … Continue Reading