During a LinkedIn Live session on 27 September 2023, IAPP Research and Insights Director Joe Jones discussed the latest regulatory law, policy and enforcement developments, and compliance considerations for children’s privacy in the EU, UK, and US with Baker McKenzie’s Elizabeth Denham, Lothar Determann and Jonathan Tam.

In the ongoing debate concerning data broker regulation, trade-offs between competition and privacy are not always holistically appreciated. This article — originally published in Competition Policy International’s TechReg Chronicle — examines the importance of data protection for individual privacy and access to data for competition, discusses the role of data brokers in data privacy and sharing, and reviews existing, new, and proposed regulations of data brokers who now face additional and varying restrictions in state and federal privacy and consumer protection laws that will increase their compliance costs.

In first-of-its-kind legislation, under SB 54, California will require venture capital companies to collect and report diversity data from portfolio company founders as soon as 1 March 2025. The new Fair Investment Practices by Investment Advisers law intends to increase transparency regarding the diversity of founding teams receiving venture funds from covered entities in California.

On 8 October 2023, California Governor Gavin Newsom signed two bills into law amending the California Consumer Privacy Act. AB 947 classifies citizenship and immigration status as “sensitive personal information” subject to special protections under the CCPA, while AB 1194 strengthens reproductive privacy rights. Both bills carried the unanimous endorsement of the California Privacy Protection Agency. Details for each bill are described below followed by actionable guidance businesses can take to prepare now before these laws go into effect on 1 January 2024.

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law will be significantly changed under the California Delete Act, which was signed into law by California Governor Newsom on 10 October 2023. Under the act, the California Privacy Protection Agency (CPPA) is required to set up, by 1 January 2026, an accessible deletion mechanism where consumers can request deletion via the CPPA that all data brokers then have to honor.

Following a five-year legislative process, India’s Digital Personal Data Protection Act (DPDP) received presidential assent on 11 August 2023. Practically speaking, the DPDP is not yet enforceable as the government still needs to establish the Data Protection Board of India (Board), which will serve as the enforcement authority for the law. The Board, in turn, must implement certain legally binding rules before the DPDP becomes fully operational.

Over the past few years, regulators around the world have stepped up enforcement of privacy laws that protect minors online. All companies that offer online services may find themselves in possession of minors’ personal data. And so, companies that take part online should consider some general recommendations, especially in light of the growing body of youth online privacy and safety laws.

Through The Employer Report blog, our lawyers provide legal updates and practical insights to help clients understand, prepare for and respond to the latest domestic and cross-border Labor and Employment issues affecting US and multinational employers.

If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law may be significantly changed under a proposed bill. Under Senate Bill 362, the California Privacy Protection Agency (CPPA) would be required to set up, by 1 January 2026, an accessible deletion mechanism where consumers could request deletion via the CPPA that all data brokers then have to honor. Data brokers would have to check the CPPA mechanism to process all deletion requests every 31 days, as well as delete personal information about every California resident who ever made a request through the mechanism every 31 days.

Just a few weeks after California Attorney General Bonta announced an investigative sweep through inquiry letters sent to California employers, the California Privacy Protection Agency (CPPA) announced a California Consumer Privacy Act (CCPA) review of data privacy practices by connected vehicle manufacturers and related technologies, focusing on embedded features including “location sharing, web-based entertainment, smartphone integration, and cameras,” because “vehicles often automatically gather consumers’ locations, personal preferences, and details about their daily lives.”