What do privacy lawyers need to know about the technologies and data practices at the heart of emerging legislation? The California Privacy Rights Act (CPRA), and other new state laws, will introduce a host of new compliance obligations for businesses subject to the laws. Privacy lawyers charged with operationalizing these requirements will need to understand the technologies that are central to these businesses, such as online and mobile data collection, digital advertising, automated decisionmaking, design, and de-identification.
In this winter 2022 series, the California Lawyers Association, Privacy Law Division and FPF will host a series of informational sessions on technological basics for privacy lawyers. Each session will provide a brief summary of new requirements under the CPRA, VCDPA, and CPA, accompanied by an exploration of the technologies that are addressed in these laws.
Kickoff Session: CPRA and Emerging US Privacy Laws
In this kickoff session, Jennifer Urban, Chairperson of the California Privacy Protection Agency, will open the series with an update on the status of CPRA rulemaking and opening remarks. This will be followed by a presentation from guest experts Keir Lamont (FPF) and Jeewon Serrato (Baker Hostetler) on key provisions of the CPRA, VCDPA, and CPA and how these laws may regulate technologies such as digital advertising, automated decisionmaking, dark patterns, global opt outs, and location data.
Friday, February 18, 2022 from 12PM – 1:15PM (PT) / 3PM – 4:15PM (ET)
Session 2: Sensitive Data: Health Conditions, Demographics, and Inferences
This session will explore what makes certain kinds of consumer data “sensitive” and how to identify such data and think about new regulations that limit its collection and use. You’ll learn the definitions of “sensitive data” under existing legal regimes (CPRA, VCDPA, and CPA), with a specific discussion of the legal parameters of non-HIPAA and non-CMIA consumer health data.
Friday, February 25, 2022 from 12PM – 1:15PM (PT) / 3PM – 4:15PM (ET)
Session 3: Basics of Online Advertising
The CPRA, and other new state privacy laws, are giving consumers rights to exercise controls around “behavioral” and “targeted” digital advertising, while often seeking to preserve “contextual” advertising. Yet many California privacy lawyers may still be unfamiliar with what these terms mean in practice. In order to help equip privacy lawyers to understand the new provisions, this session will provide a “101” introduction to ad tech.
Friday, March 4, 2022 from 12PM – 1:15PM (PT) / 3PM – 4:15PM (ET)
Session 4: “Dark Patterns” and Manipulative Design
This session will provide an overview of provisions in emerging privacy legislation, discuss concrete examples of what constitutes a “dark pattern” and design elements that influence user decisions, and explore the ways in which the CPRA and other proposals may add to existing protections under the FTC Act and other laws.
Friday, March 11, 2022 from 12PM – 1:15PM (PT) / 3PM – 4:15PM (ET)
Session 5: Universal Opt-Outs and Global Privacy Controls
How do specific kinds of global opt-out signals work in practice, and what could they look like in the future? This session will provide a lawyer-friendly explanation of how such signals work, summarize what website operators should know in order to implement these technologies, and explore other technical and design issues related to their development in practice.
Friday, March 18, 2022 from 12PM – 1:15PM (PT) / 3PM – 4:15PM (ET)