February 16, 2022 |

Privacy News Roundup – February 16, 2022

United States News

Incentives programs violate the California Consumer Privacy Act (CCPA)

The California Attorney General sent notices to major corporations in the retail and food services industries alleging the operation of their loyalty programs violated the CCPA.

The CCPA requires businesses to provide a notice to customers before they opt in to incentives such as discounts, free items, and rewards in exchange for personal information. The notice must clearly describe the material terms of the program.

Minnesota Congressman urges Secretary of Education to update student privacy laws

Congressman Emmer (R-MN) sent a letter to the Secretary of Education asking the Department of Education what their approach is to modernize student data privacy.

The letter asks the department to address their awareness of student data being shared with vendors and whether parents and students are able to opt-out of information sharing. With the rise of online learning, the current FERPA law does not cover the modern state of students’ data protection.

US Treasury reconsidering use of biometric technology to access tax records

The U.S. Treasury is looking for alternatives to facial-recognition for online taxpayer verification after privacy concerns were raised.

This comes after the IRS announced in November 2021 that it would transition to identity verification using technology for accessing online services for tax records. The technology would require the user to take a selfie to create an profile account to be used for facial recognition.

Indiana edges closer to passing a consumer privacy law

SB 358, mirrored after Virginia’s Consumer Data Protection Act, was advanced by Indiana’s Senate Commerce and Technology Committee with a favorable recommendation, edging Indiana closer to being the next state to pass a consumer privacy law.

The new bill also includes a definition of "child" covering minors 13 and under, the ability to use de-identified data, and no retroactivity for violations that took place before the bill’s effective date of January 1, 2024.

Two claims in a class action against Google are dismissed by US federal judge

In Anibal Rodrigues, et al. v. Google LLC, a proposed class action against Google, two claims for breach of contract were dismissed in the US Northern District of California.

The plaintiff turned off Google’s “Web & App Activity” (WAA) feature, but Google continued to collect her data. However, the judge held that such an expectation is not enough to cause a contract. The case centers around Google’s WAA feature which allows users to control whether data related to their Google activity can be saved in their Google account.

NIST releases guidelines for conducting assessments of security and privacy controls

National Institute of Standards and Technology (NIST) has released a new set of procedures for performing assessments of privacy and security controls within an organization as well as information to build effective security and privacy assessment plans.


Use of, access to, and information exchanged on this web page or any of the e-mail links contained within it cannot and does not create an attorney-client relationship between Han Santos, PLLC, and the user or browser. Please do not post any personal or confidential information. You should contact your attorney to obtain advice with respect to any particular issue or problem. Contact us for additional information. One of our lawyers will be happy to discuss the possibility of representation with you. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.