At a White House Roundtable on protecting Americans from allegedly harmful “data broker” practices, Consumer Financial Protection Bureau (CFPB or Bureau) Director Rohit Chopra announced the Bureau’s intention to expand the reach of the Fair Credit Reporting Act (FCRA) to data brokers. He stated, “Next month, the CFPB will publish an outline of proposals and alternatives under consideration for a proposed rule. We’ll soon hear from small businesses, which will help us craft the rule.”
CPRA Regulations Delayed. On June 29, 2023, two days before enforcement of the California Consumer Privacy Act (CCPA) was to begin, a Sacramento Superior Court issued a temporary injunction, enjoining enforcement of newly promulgated regulations under the California Privacy Rights Act (CPRA), which amended the CCPA earlier this year. The new regulations were promulgated and purportedly went into effect on March 29, 2023. Specifically, the court enjoined enforcement of these final CPRA regulations, which will be stayed for a period of 12 months from the date that individual regulation becomes final. The court declined to mandate any specific date to finalize the remaining regulations.
Editor’s Note: Texas, Oregon, and Delaware became the latest states to pass a comprehensive privacy bill, while the CPRA, Connecticut, and Colorado’s privacy laws came into force. In the litigation world, the FTC filed an amended complaint against Kochava, and the HHS settled with a psychiatric center that disclosed patient information in an online review. This month, international efforts focused on AI, as European Parliament members approved the AI Act, and the Japanese privacy watchdog warned OpenAI about collecting sensitive user data.
Editor’s Note: Montana became the latest state to pass a comprehensive privacy bill, joining California, Virginia, Colorado, Connecticut, Utah, and Tennessee. Florida, too, passed a privacy bill, but with a much narrower scope. Meanwhile, at the federal level, the House Energy and Commerce Committee continued to work on the federal analog: the American Data Privacy and Protection Act. In U.S. litigation, courts continued to see litigation under the Video Privacy Protection Act, including a new suit against Hearst Television. At the international level, European Parliament members adopted a nonbinding opinion to vote against the EU-U.S. Transfer Agreement, and the French CNIL leveraged a fine against Clearview AI for noncompliance.
Ron Raether, leader of Troutman Pepper’s Privacy + Cyber Industry Group, was interviewed in the April 26, 2023 BankInfoSecurity article, “Protecting CISOs From Taking the Blame.”
“Just like a CISO, a general counsel might be seen as the individual that is a cost center, that says ‘no’ to projects and is seen as