Photo of Zenus Franklin

Zenus focuses on addressing a variety of business and finance matters, including data governance regulations such as GDPR, CCPA, COPPA, PCI-DSS, and state data breach notification laws. He also assists clients with internal policy development, implementation, assessment, training, and incident response management.

As we discussed last year, the Federal Trade Commission (FTC) has increased its focus and its enforcement related to the Children’s Online Privacy Protection Act (COPPA), especially in the educational context. Now the FTC is taking further steps to secure and protect children’s information as online tools and technologies continue to quickly advance.

In December 2023, the FTC issued a notice of proposed rulemaking to the COPPA rule that focuses on targeted advertising, push notifications, surveillance in the educational context, and providing more clarity on the exceptions under COPPA. According to the FTC Chair Linda M. Kah, “[t]he proposed changes to COPPA are much-needed, especially in an era where online tools are essential for navigating daily life—and where firms are deploying increasingly sophisticated digital tools to surveil children.” Moreover, the FTC issued a lengthy statement from Commissioner Alvaro M. Bedoy that attempts to dispel the critiques around COPPA and other regulations around children’s data collection, such as the critique that many violations of such data privacy statutes regulate conduct that does not involve a great deal of harm. Looking at all of the above, it is clear that the FTC believes new tools and technologies utilized by companies online are a major risk to children and that this new rulemaking is necessary to keep up with such new tools and technologies.Continue Reading Children’s Online Privacy Protection Act Update: Part Deux! New FTC Rulemaking Proposal

Tuesday, Jan. 30, 2024

11 a.m. – 12 p.m. ET

You read the news every day and maybe even receive notices yourself: data security and privacy compliance is a growing area of concern and risk for businesses. With security incidents on the rise across various industries of all sizes, as well as increased regulation of privacy and security-related issues, evaluating and addressing your current data governance program is a crucial step in protecting your business in the new year. Just

Continue Reading Webinar: 10 Privacy and Security Resolutions in the New Year

Last year, we discussed the growing focus and increased regulation on data brokers nationwide, including bills in California, Delaware, Massachusetts, Oregon, and Washington. Now, California has a new bill (S.B. 362) that would revamp its requirements on data brokers and provide California residents new rights over their personal information. The bill is now on California Governor Gavin Newsom’s desk for signature. The purpose of this bill is to address differences between existing data broker requirements and the California Consumer Privacy Act (CCPA).Continue Reading California’s New Data Broker Requirements

Over the last few years, there has been an increased focus on the collection of children’s personal information in the United States. For example, many states have begun passing laws that significantly increase regulation for businesses collecting personal information from children, see our previous discussion on California’s Age-Appropriate Design Code Act. Additionally, at the federal level, the Federal Trade Commission (FTC) has increased its focus on the Children’s Online Privacy Protection Act (COPPA), specifically in the educational context.Continue Reading Children’s Online Privacy Protection Act Update! FTC Enforcement and New Parental Consent Proposal

As we previously covered in February, there has been an increase in lawsuits, including class actions, filed against website operators in various states (including California, Florida, Indiana, Illinois, and Pennsylvania) for violations of state wiretapping laws or the Video Privacy Protection Act of 1988 (VPPA). Since then, there have been some updates to such pending litigation. For purposes of this post, the pending litigation can be broken out into three categories: (1) Chat window wiretapping claims; (2) Session replay technology claims; and (3) claims under the VPPA.Continue Reading UPDATE: Litigation Related to Website Technology & Data Sharing

Over the past year, there has been a growing number of lawsuits, including class actions, filed against website operators in various states (including California, Florida, Illinois, and Pennsylvania) for violations of state wiretapping laws or the Video Privacy Protection Act of 1988 (“VPPA”).Continue Reading Heads Up!  Increasing Litigation Related to Website Technology & Data Sharing

We recently provided an update regarding the California Privacy Protection Agency’s modified regulations (the “Regulations”) for the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (the “CCPA”). In that update, we briefly discussed new requirements regarding website popups, including cookie banners.

The Regulations require Businesses to design and implement methods for consumers submitting CCPA requests and “obtaining consumer consent” that incorporate the following principles:

  • Language that is easy to understand;
  • Symmetry in choice, meaning the business shall not make it more difficult to exercise a more privacy-protective option than a less privacy-protective option;
  • Avoids language that is confusing to the consumer;
  • Avoids using choice architecture that impairs or interferes with the consumer’s ability to make a choice; and
  • Designed in a way that it is easy to execute.

Continue Reading Cookie Banners under the CCPA/CPRA

With less than three months until the California Privacy Rights Act goes into effect on January 1, 2023, the California Privacy Protection Agency (the “Agency”) released updated proposed regulations on October 17, 2022 (the “Regulations”).  The Regulations govern compliance with the California Consumer Privacy Act of 2018, which will be amended by the California Privacy Rights Act (collectively, the “CCPA”). The Regulations modify the initial proposed regulations that were released on July 8, 2022. We discuss the key changes from both versions below.

Important: The written comment period will not end until November 21.  Accordingly, it is possible these Regulations may change again.
Continue Reading Rush to the Finish Line: The California Privacy Protection Agency Releases CPRA Modified Regulations

On Friday, June 3, 2022, a bipartisan group of lawmakers published a discussion draft for the proposed American Data Privacy and Protection Act (the “ADPPA”).  The ADPPA is a draft bill that has yet to be introduced in the U.S. House or Senate, which means that any provision is subject to amendment.  However, even in draft form, the ADPPA is a notable advance in the efforts for a federal privacy law with sponsorship from both democrats and republicans, as well as members of the U.S. House and Senate.
Continue Reading What is the American Data Privacy and Protection Act?

It was not long ago that data privacy was an afterthought for many companies, and in some regards, it may still be an afterthought. Since 2018, major laws and regulations governing companies’ collection, use, and disclosure of personal information have been enacted, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) (amended by the California Privacy Rights Act, and soon to be joined by similar state privacy laws in Colorado, Connecticut, Indiana, Virginia, and Utah), Strengthening American Cybersecurity Act, and state data breach notification laws.
Continue Reading The Changing Landscape of Privacy and Data Security in Mergers and Acquisitions