March 31, 2023

Volume XIII, Number 90


March 30, 2023

Subscribe to Latest Legal News and Analysis

March 29, 2023

Subscribe to Latest Legal News and Analysis

March 28, 2023

Subscribe to Latest Legal News and Analysis

2023 Resolution: Review & Update Your Privacy Program

Five new state omnibus privacy laws take effect in 2023, with two that already kicked in on January 1.

  • The California Privacy Rights Act (CPRA) – effective January 1, 2023, enforceable July 1, 2023.

  • Virginia Consumer Data Protection Act (CDPA) – effective and enforceable January 1, 2023.

  • Colorado Privacy Act (CPA) – effective and enforceable July 1, 2023.

  • Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTPDA) – effective and enforceable July 1, 2023.

  • Utah Consumer Privacy Act (UCPA) – effective and enforceable December 31, 2023.

If you have not already reviewed and updated your privacy program, now is the time to take a look at a few key things:

  1. Privacy Notice: Privacy notices need to be updated to incorporate new disclosures and the rights provided to consumers (and, for California: employees and B2B contacts) under the new state laws.

  2. Marketing Programs: Under the new privacy laws, additional focus is being placed on targeted advertising, profiling, financial incentive programs, and dark patterns. What is a “dark pattern”? Check out this report – Bringing Dark Patterns to Light – published by Federal Trade Commission staff in 2022. If you have not previously taken the opportunity to consider these areas with your marketing team, now is the time.

  3. Data Protection Assessments: Similar to European law, US laws now incorporate data protection assessment requirements for certain processing activities. Businesses need to document activities that impact personal data, record their findings, and develop appropriate controls and record-keeping processes to address new regulatory requirements.

  4. Website Links and Opt-Outs: Depending on practices, new links may be required to permit website visitors to opt-out of selling, sharing, and targeting advertising. Additionally, if you have not previously considered “do not track,” now is also a good time to consider the Global Privacy Control option to permit users to opt-out.

If you didn’t know, now you know. Time to get your privacy program in shape for 2023. If you have questions about application of these laws to your business, check out our previous alert, “Are You Ready for 2023? New Privacy Laws to Take Effect Next Year.”

© 2023 ArentFox Schiff LLPNational Law Review, Volume XIII, Number 19

About this Author

D. Reed Freeman FTC Defense Lawyer ArentFox

With nearly 30 years of experience in data privacy, data security, and FTC defense, Reed brings a mastery of the law and unparalleled experience to bear for the firm’s clients.

A recognized authority in privacy, data security, and FTC defense, Reed brings a mastery of the law and unparalleled experience to bear for the firm’s clients. He has represented clients in scores of FTC investigations involving privacy, data security, and advertising matters. He also defends companies in state consumer protection investigations and data breach responses...

Eva J. Pulliam Attorney Brand Protection Arent Fox Schiff Washington DC

Eva splits her time between Washington and San Francisco and concentrates her practice on brand protection: protecting data, brand image, and brand names. She advises clients across numerous industries on best practices in the areas of data privacy, advertising and marketing, and trademark. Household names, tech giants and startups, non-profits, and other innovative organizations call on Eva to guide them through product development and brand management. 

In the privacy space, Eva counsels clients around data collection, use, and transfer, as...