Iowa became the sixth state to pass a comprehensive data privacy law, joining California, Colorado, Connecticut, Utah and Virginia. Instead of standing out from the crowd, the Iowa legislature passed a law that imposes attenuated obligations stated in those other states’ laws . Below are some highlights from the Act relating to consumer data protection (the “Iowa Act”):

Neil Johnson
Neil Johnson brings his litigation mindset in distilling the multitude of data privacy and cybersecurity issues facing clients in the global digital economy. As a Certified Information Privacy Professional (CIPP/US), he assists domestic and international clients, from small businesses to multinational Fortune 500 companies, to mitigate and manage risks related to data privacy and cybersecurity.
BetterHelp… Themselves: FTC Fines Company for Improper Deceptive Advertising Practices
The Federal Trade Commission (“FTC”) recently issued a proposed order requiring BetterHelp, an online counseling service, to pay $7.8 million over misrepresentations to consumers and improper disclosures of consumers’ health information to advertisers, such as Facebook, Snapchat, Criteo, and Pinterest.[1] This order and consent agreement comes a month after the FTC entered a settlement with GoodRx for similar privacy violations, which we examined in the following article here.…
From Your “Clicks” To Targeted Ads: FTC Fines Company for Its “Deceptive” Use of Pixels
How does Facebook know you want sugar-free snacks? These personal ads may have targeted you based on your online searches or a refill of your diabetes medicine collected by the digital health company GoodRx. GoodRx has been sending this personal health information such as prescription information to ad platforms like Facebook and Google to use and monetize your data.
But the Federal Trade Commission did not approve of GoodRx’s actions and, last Wednesday, fined the digital health company for its “deceptive practices” in the disclosure of personal and health information to third-party advertising companies and platforms like Meta and Google for advertisement purposes.[1] At the core of the complaint, the FTC cited the inconsistencies between the statements made in GoodRx’s privacy policy and its actual business practices, specifically, the company’s use of online tracking tools such as web beacons and software development kits (generally referred to as pixels) for targeted and personalized ads.…
Another Brick in the Wall: California’s Age-appropriate Design Code Act
School is in session and companies are preparing for the slew of new data privacy laws taking effect through 2023 into 2024 but California piled on more homework for those companies handling data of minors. On September 15, 2022, California Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act (the “Act”).[1] Modeled from UK’s Age-Appropriate Design Code, the Act imposes novel legal obligations on entities that provide “an online service, product, or feature likely to be accessed by children.” The obligations stem from the common belief that “children are particularly vulnerable from negotiating perspective with respect to their privacy rights.” [2]
…
Continue Reading Another Brick in the Wall: California’s Age-appropriate Design Code Act