Florida and Michigan focused recent privacy complaints against Roku on the streaming box maker's partnerships with data brokers, Holland & Knight lawyers noted in a blog post Friday.
Data Brokers and Delete Acts
Data brokers aggregate and sell personal data—often without clear user awareness. In response, many U.S. states are passing “delete acts” and other laws to increase transparency, require registration and give users control over data sales. These laws will reshape compliance and collection practices for brokers and companies relying on third-party data. This page tracks legislation, rulemaking and enforcement trends affecting the data brokerage industry.
California added to companies’ increasing worries “about being viewed as ‘selling’ personal data” earlier this month when Gov. Gavin Newsom (D) signed an update to the California Delete Act, Sheppard Mullin attorneys Lissa Thomas and Kathryn Smith blogged Thursday.
The New Jersey Supreme Court agreed to interpret whether the state’s Daniel’s Law imposes strict liability on data brokers for posting private information online, or if proof of intent is required. The 3rd U.S. Circuit Court of Appeals asked for the high court to weigh in at the beginning of September (see 2509040054).
The California Privacy Protection Agency launched a webpage for consumers Friday previewing the agency’s upcoming Delete Request and Opt-Out Platform (DROP), Executive Director Tom Kemp posted on LinkedIn. The agency plans to release the accessible data deletion mechanism Jan. 1.
The Consumer Financial Protection Bureau should retain consumer privacy protections in Section 1033 of the Dodd-Frank Act and continue guarding against third-party financial data abuse, consumer groups told the CFPB in comments due Tuesday (see 2508210038).
Making sure that executive suite members understand the privacy landscape is key to ensuring companies stay proactive and in compliance, said panelists at a privacy risk event Tuesday. During another panel, the executive director of the California Privacy Protection Agency (CPPA) discussed how it's helping raise awareness of privacy issues with businesses. Compliance vendor DataGrail sponsored the event.
Connecticut could next year pass legislation like the California Delete Act and create a data broker registry, state Sen. James Maroney (D), author of Connecticut’s comprehensive privacy law, said on Marketecture’s The Monopoly Report podcast Wednesday. However, he said Connecticut would likely try to share the accessible deletion mechanism now under development at the California Privacy Protection Agency (CPPA).
Florida’s privacy lawsuit last week against Roku surprised some data-protection experts, since the state’s Digital Bill of Rights frequently carries an asterisk in lists of the 20 state comprehensive privacy laws -- if it’s included at all. In the aftermath, however, some privacy experts told Privacy Daily that they’re still not ready to add Florida to the list.
A possible Pennsylvania version of Daniel’s Law made it through a key committee on Wednesday, though it continued to lack Republican support. The House Judiciary Committee split by party to clear an amended HB-1822, which aims to protect the personal information of public servants, similar to a law in neighboring New Jersey.
Video-streaming box maker Roku “collected, sold and enabled reidentification of sensitive personal data” without receiving authorization or providing meaningful notice, the Florida attorney general’s office said Tuesday. AG James Uthmeier filed a complaint under Florida’s comprehensive privacy law and the Florida Deceptive and Unfair Trade Practices Act in the state’s 20th Judicial Circuit Court.