Add blog to your RSS readerPopular Topics
All Topics
- .Com Disclosure Guide
- 140conf
- 140conf Long Island
- 140confLI
- 47 USC 230
- AAA
- ACI 2017
- Ads
- Advance Registration
- Advertising
- Advertising Agencies
- Advertising Agency
- Advertising Disclosure
- Advertising Industry
- Advertising Injury
- Advertising Law
- Advertising Practice
- advertising self-regulation
- Advertising Self-Regulatory Council
- Advertising Software
- Advertising, Marketing & Promotions News
- Advertorials
- Advisory
- Affiliate Marketing
- Affiliate Program
- AG
- All Natural
- Amazon
- Amazon Silk
- Amazon Tax
- Amazon.com
- Amendments
- American Advertising Federation
- American Bar Association
- Americans with Disabilities Act
- Android
- Annual Audit
- Annual Fee
- anti-fraud
- App Developers
- Apple
- Apps
- Arbitration
- Arbitration Clause
- Arbitration Rules
- Ashley Madison
- ASRC
- AT&T Mobility LLC v. Concepcion
- ATDS
- Attorney
- Attorney General
- Audio Beacons
- Augme
- Auto-dial
- Automatic Renewal
- Automobiles
- BBB AdTruth
- Bead Art Playsets
- Behavioral Advertising
- Best Lawyers
- Blackberry
- Bloggers and Influencers
- Bloomberg BNA
- Brain Training
- Branding
- Brands
- Breach
- Burden of Proof
- Business Law
- Business, Marketing & Promotions News
- Buyers
- California
- California Auto-Renewal Task Force
- California Consumer Privacy Act
- California Department of Alcoholic Beverage Control
- California’s Automatic Renewal Law
- California’s Unfair Competition Law
- Campaigns
- CAN-Spam
- Cancer Fund of America
- cannabis
- Caribbean & Latin American Corporate Counsel Summit 2017
- CARU's Guidelines
- CAS
- Cash prizes
- CASL
- CBBB
- CBD
- Celebrities
- Celebrity Images
- Cell Phone Applications
- Cell phones
- CFPB
- CGMP
- Chambers 2017 USA Guide
- Chambers USA 2022 Guide
- Chantal Tode
- Charge Pop-ups
- Charity Fundraising
- Charity Regulators
- Children's Advertising
- Children's Advertising Review Unit (CARU)
- children's marketing
- Children's Privacy
- Civil Penalties
- Class Action
- Class Action Lawsuit
- Class Certification
- Clean Diesel
- Cognitive Claims
- College Athletes
- Colorado
- Commerce Department
- Commercial Advertising
- Commercial Electronic Mail Act (CEMA)
- Communications Decency Act
- compliance
- conference
- Consumer Complaints
- Consumer Complaints List
- Consumer Contracts
- Consumer Data
- Consumer Data Protection Act (“CDPA”)
- Consumer Finance Protection Board
- Consumer Fraud
- Consumer Fraud Act
- consumer health guidelines
- Consumer Privacy
- Consumer Privacy Bill of Rights
- Consumer Protection
- consumer protection laws
- Consumer Sentinel Network
- Contract
- COPPA
- COPPA FTC Olshan Advertising Marketing Promotions Privacy
- Copyright Act
- Copyright Alert System
- Copyright Infringement
- Copyright Infringement Abroad
- Copyright, Trademark and Other Intellectual Property
- Corporate Law
- Council of Better Business Bureau
- Counterclaims
- Court Decisions
- COVID-19
- Cramming
- Credit Card Payment Surcharges
- Crowdfunding
- Cryptocurrency
- cybersecurity
- D.C. Circuit Court
- Daily Fantasy Sports Contests
- dark patterns
- data breach
- Data Broker
- Data Collection Practices
- Data Protection
- Data Security
- Data Transfers
- Debt collectors
- Deceptive Advertising
- Deceptive Pricing
- Deceptive Tracking
- Department of Commerce
- Department of Labor
- Department of Labor (DOL)
- dietary supplements
- Digital
- Digital Advertising
- Digital Media
- Direct listings
- Direct Marketers
- Direct marketing programs
- Direct response marketing
- DirectTV
- Disclosure
- Disclosure Obligations
- Disclosure Rules
- Discounts
- DMA
- DMCA
- Do Not Call
- Do Not Track
- DOJ
- Domain Extensions
- Domino's Pizza
- Dot Com Disclosures
- DPPA
- DraftKings
- Drawing By Chance
- Ecommerce
- Elder Abuse Prevention and Prosecution Act
- Emissions Testing
- endorsement
- Enforcement Action
- Enhanced Ads
- Entry Fee
- EPA
- Epic
- Estoppel
- Ethics
- EU Commission
- EU-US Privacy Shield
- European Commission
- European Court of Justice (ECJ)
- European Union
- European Union registration holders
- European Union Trademark
- Exchange listing
- Ezor
- Factory outlets
- Fair Credit Reporting Act (FCRA)
- Fair Debt Collections Practices Act
- Fair Information Practice Principles
- Fair Labor Standards Act
- fair-use defense
- false advertisement
- False Advertising
- FanDuel
- Fantasy Contests Act
- Fantasy Sports
- Fantasy Sports Operators
- Farm Bill
- fashion law
- Fax broadcsters
- Faxes
- FCC
- FCC Developments
- FCC Solicited Fax Rule
- FDA
- FDCA
- Federal Laws & Regulations
- Federal Overtime Regulations
- Federal Trade Commission
- Final Rule
- FIPP
- First Amendment
- Fit Products
- Fit Tea
- Florida
- food law
- Force Majeure
- Fraud
- FTC
- FTC Act
- FTC Chair
- FTC Guidance
- FTC restitution
- FTC’s Jewelry Guides
- Gambling
- Gambling Laws
- Game Promotions
- GDPR
- General Data Protection Regulation
- Geo-targeted Advertising
- Georgia
- government sanctions
- Guide
- HARO
- Health-related Mobile Apps
- Health-related Products
- Healthy
- HIPAA
- History Sniffing
- HitPath
- Homestead Laws
- HTC
- Hurricane
- IAB
- ICANN
- illegal content
- Illegal Gambling
- Illinois
- IMDb
- Influencer Marketing
- Injury in Fact
- Insider Trading
- Inspection Resources
- Insurance Company
- Insurance Coverage
- INTA
- Intellectual Property
- internet
- Internet and Privacy Law
- iOS
- Iowa
- IP Awareness Assessment Tool
- IPOs
- Jeff Pulver
- Jewelry
- JOLT
- Jurisdiction
- Kindle Fire
- Lanham Act
- Law
- Law Enforcement
- Law Review Article
- law school
- Laws
- lawsuit
- Leading Lawyers
- Lee Bogner
- Legal 500 United States 2017
- Legal opinions
- Legislation
- Licensing Fees
- Lily Robotics
- List managers
- Litigation
- Lumosity
- Lumosity ads
- Lumosity games
- Lustigman Firm
- Luxury Daily
- made in the usa
- Magazine publishers
- Mail Order Sales Rule
- Manufacture
- Manufacturer’s Suggested Retail Price (“MSRP”)
- Marden-Kane
- Marketing
- Marketing & Promotions News
- Marketing and Advertising Law
- Marketshare
- Mass texts
- Material Disclosures
- Mc Donalds
- Media and Entertainment
- Media Companies
- Microsoft
- MLM
- Mobile Financial Services
- Mobile In-app Charges
- Mobile Marketer
- Mobile Marketing
- Mobile Payment Systems
- Mobile Payment Systems Security Programs
- Mortgage Bankers Association
- Mortgage Investors
- NAD
- NARB
- Native Advertising
- Native Advertising Guidelines
- Nautilus, Inc.
- NCAA
- Network Advertising Initiative
- New Jersey
- New Jersey Supreme Court
- New York
- New York Law Journal
- New York SHIELD Act
- New York’s Automatic Renewal Law
- NFT
- NIL
- Nomi
- Non-Commercial Calls
- Non-profit Organization
- Notice
- Nutrient Content
- NY Attorney General
- objective consumer harm
- Off-label Prescriptions
- Office for Civil Rights (OCR)
- Office of Foreign Assets Control (OFAC)
- Office of National Coordinator for Health Information Technology (ONC)
- Ohio
- Oklahoma
- Olshan
- Olshan Grundman
- Olshan News
- Online Advertising
- Online Apps
- Online Cancellation
- Online Contracts
- Online Discount Pricing
- Online Entertainment Co
- Online Retail
- Online Reviews
- Online Tracking
- Online travel agencies
- Overstock
- Paid Advertising
- Paid Promotions
- pandemic
- Patents
- Payment Methods
- Penny Auction
- Performance Marketing
- Personally Identifiable Information
- Pet Care
- Peter Shankman
- Pharmaceutical Advertising
- Pharmaceutical Manufacturers
- pre-orders
- Pre-recorded Message
- Price Match Guarantee
- Pricing Guides
- Pricing Practices
- Privacy
- Privacy Act
- Privacy Policy
- Privacy Practices
- Privacy Shield
- Pro-Consumer
- Products
- Professional Association for Customer Engagement (PACE)
- Promotion
- Promotions
- Proposed Rulemaking
- Public Database
- Publication of Age
- Publisher Magazine
- Q&A
- RCT Requirements
- Real Estate
- Real-estate-advertising
- Reasonableness
- Registration
- Regulations
- Resale Value
- Resignation
- Restrictions
- retail
- Retail Stores
- Revisions
- Risk
- Robocalls
- Roundtable
- Safe Harbor
- Sales
- Sales Practices
- Sales Tax
- Sandy
- SDNY
- SEC
- SEC disclosure
- SEC disgorgement
- SEC Form 10
- Section 17600 of the Business and Professions Code
- securities
- Securities Act
- Securities Act of 1933
- Securities Act Section 17(b)
- Securities Exchange Act of 1934
- self-regulatory
- Sellers
- Service-Mark Infringement
- Settlement
- Sex Offenders
- SilverPush Apps
- Skill Contest
- Skin Care Products
- Smartphone
- Social Media
- Social Media Accounts
- Social Media Marketing
- Social Media Posts
- Social Networking
- South Dakota
- Southern District of Florida
- Spam
- Special Olympics
- Spotify
- Staff Reshuffling
- State Law
- Statute of Limitations
- Subscribers' privacy rights
- subscription
- Subscription Arrangements
- substantiation rules
- Super Lawyers
- Supreme Court
- Sweeping
- Sweepstakes Law
- Sweeptstakes Contest
- SWIFT
- symposium
- Tasty
- TCCWNA
- TCPA
- TCPA Appeals
- TCPA Claim
- TCPA Class Actions
- TCPA Lawsuit
- TCPA Liability
- TCPA Regulation
- TCPA Ruling
- TCPA Violation
- Tech Companies
- Tech Day New York 2017
- Telecom Law
- Telemarketers
- Telemarketing
- Telemarketing Calls
- Telemarketing Law
- Telemarketing Sales Rule (TSR)
- Telephone Consumer Act
- Terms & Conditions
- Text Message Ads
- Text Messages
- Text Messengers
- Textile Fiber Products Identification Act
- The 2017 ANA/BAA 39th Marketing Law Conference: Breakthrough: Legal Strategies for Dynamic Businesses
- The Americans with Disabilities Act
- The Electronic Retailing Self-Regulation Program
- The Kardashians
- The Pennsylvania Record
- Third Circuit Court
- Throttling
- Top Ten Complaints
- Trademark Clearinghouse
- Trademark Protection
- Trademark Rights
- Trademarks
- Transactions
- Transnational Criminal Organization (TCO
- Truth-in-Consumer Contract, Warranty & Notice Act
- U.S. Patent and Trademark Office
- Unauthorized Data
- United Kingdom
- Unsolicited Advertisement
- Unsubscribe Act of 2019
- US Supreme Court
- Use Tax
- Velti
- Vermont
- Vermont House Bill 593
- Vicarious Liability
- Violations
- virtual reality
- Wal-Mart v. Dukes
- Warning Letter
- Washington D.C.
- Washington Law
- Washington’s Consumer Protection Act
- WBO
- Web Agreements
- Web Browsers
- webinar
- webOS
- Websites
- Western District of Washington
- White House
- World Boxing Organization
Recent Posts
- Supreme Court Limits the Fair-Use Defense in Copyright Litigation
- Does TACO TUESDAY Belong to the “People”?
- Andrew Lustigman and Morgan Spina Publish Article in Sports Litigation Alert on How MLB’s Apple TV+ Arrangement Highlights Subscription Legal Compliance Obligations
- FTC Sends Notices Warning of Potential Unsubstantiated Product Claims
- Andrew Lustigman and Morgan Spina Publish Article in the New York Law Journal on FTC’s Proposed New Rules for Businesses Selling Subscriptions Heighten Compliance Obligations
- NAD SWIFT to Allow Implied Claim Challenges
- CLIENT ALERT: FTC Proposes Changes to Automatic Renewal Rule, Including Online Cancellation Requirement
- NFT Marketers Could Face Liability under U.S. Securities Laws
- Andrew Lustigman Speaking at ACI’s 7th Annual Summit on Food Law – Regulation, Compliance and Litigation
- Olshan Advertising and Branding Law Groups' Hot Topics - 2023
Archives
- May 2023
- April 2023
- March 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- July 2022
- June 2022
Contact Us
212.451.2258
Virginia Poised to Become Second State to Pass Comprehensive Consumer Privacy Legislation
Following the lead of California, Virginia is set to become the second U.S. state to enact comprehensive consumer privacy legislation. Virginia Governor Ralph Northam is expected to sign the Consumer Data Protection Act (“CDPA”) into law, which will go into effect on January 1, 2023. As it may take businesses some time to make sure they are in compliance by the January 1, 2023 effective date, it is recommended that businesses review their current privacy practices and make any necessary changes.
Among the similarities between the current California consumer privacy law, the California Consumer Privacy Act (“CCPA”), and the CDPA are the rights given to Virginia residents and the responsibility of businesses to respect those rights; namely, the right to access their personal data collected by the business, the right to amend or correct such personal data, the right to request deletion of the data, and the right to data portability.
Some of the key differences between the CCPA and CDPA are:
- There is no minimum revenue requirement to determine the applicability of the law. Under the CCPA, one criterion for determining if a business must comply with the CCPA is if the business earns gross revenues of $25 million a year or more. The CDPA contains no minimum income requirement.
- The CDPA will apply to any business that controls or processes: (a) data of at least 100,000 Virginia residents in a year; or (b) data of at least 25,000 Virginia residents and derives 50% or more of its gross revenue from the sale of personal data. Under the CCPA, the law applies to any business that: (a) controls or processes data of at last 50,000 California residents; or (b) earns 50% or more of its gross revenue from the sale of personal data.
- The definition of “consumer” under the CDPA means any natural person who is a resident of Virginia but is acting only in their capacity as an individual, excluding anyone who is acting in a commercial context. The CCPA contains no such exclusion.
- Personal information under the CDPA excludes “publicly available” information, and the CDPA takes a broader view of what constitutes “publicly available” than the CCPA. Under the CCPA, publicly available data means only data available from official public records. The definition of “publicly available” under the CDPA includes data available from public records but also includes “information that a business has a reasonable basis to believe is lawfully made available to the general public through widely distributed media, by the consumer, or by a person to whom the consumer has disclosed the information, unless the consumer has restricted the information to a specific audience.”
- The CDPA will be enforced only by the Virginia Attorney General and does not provide any private right of action, unlike the CCPA which provides for a private right of action in the event of a data breach.
- The CDPA will allow consumers to opt-out of not only the “sale” of personal information but also from the use of their personal data for targeted advertising and profiling. The CCPA currently provides for such an opt-out only in relation to the “sale” of personal information.
Takeaway: Any business that collects data from Virginia residents should carefully review the new legislation to determine if compliance is mandated. If so, the business should start the compliance process as soon as possible to be able to meet the expected January 1, 2023 effective date. While a business already in compliance with the CCPA may have a head start on compliance with the CDPA, there are certain key differences between the laws that may need to be addressed.
Please contact either privacy law partner Mary Grieco or the Olshan attorney with whom you regularly work if you would like to discuss further, have questions, or need help with CCPA or CDPA compliance. Mary, who is certified as an Information Privacy Professional for Europe (CIPP/E) by the International Association of Privacy Professionals, has broad experience advising clients on compliance with consumer privacy laws and related issues.
Update: Virginia Governor Ralph Northam signed the bill on March 2, 2021. The law is slated to take effect on January 1, 2023.