Photo of Marcela Robledo

Marcela Robledo’s practice focuses on the intellectual property, data, and technology aspects involved in a wide range of corporate and transactional matters, including mergers and acquisitions, licensing, collaboration agreements, and joint ventures.

In recent weeks, six states, Florida (effective July 1, 2024)[1], Texas (effective July 1, 2024)[2], Montana (effective October 1, 2024)[3], Iowa (effective January 1, 2025)[4], Tennessee (effective July 1, 2025)[5] and Indiana (effective January 1, 2026)[6], have passed consumer privacy laws, adding to the growing list of states with comprehensive privacy legislation alongside California, Virginia, Colorado, Connecticut and Utah.  In the ever-changing landscape of privacy compliance, it is more critical and complicated than ever for businesses to be able to determine which state privacy laws may apply to their business.Continue Reading Determining Applicability of Newly Enacted Comprehensive U.S. Privacy Laws

Following the lead of California, Virginia, Colorado, Connecticut and Utah (as previously discussed here, here, here, here and here respectively), on March 29, 2023, Iowa passed the Iowa Consumer Privacy Act (the “ICPA”), creating compliance obligations for businesses that collect and process personal data of Iowa residents and providing such residents more control over their data. The ICPA will go into effect on January 1st, 2025.Continue Reading Iowa Becomes the Sixth State to Enact a Comprehensive Privacy Law

The following post was originally included as part of our recently published memorandum “Selected Issues for Boards of Directors in 2023”.

As the value of data continues to increase exponentially, so too do the associated risks, including risk of cyberattacks, data breaches or data-related litigation, as well as rising regulation throughout the world

On January 4, 2023, the Irish Data Protection Commission (the “DPC”) announced it issued two decisions that have wide relevance for the adtech industry.  The decisions focus on the extent to which businesses can rely on the GDPR legal basis of ‘performance of a contract’ to justify delivering behavioural advertising to users without separately seeking their consent. Continue Reading Irish Data Protection Commission’s decisions regarding Facebook and Instagram

On December 19, 2022, the United States Federal Trade Commission (“FTC”) announced two separate record-breaking settlements with Epic Games, Inc. (“Epic”), the video game publisher behind the popular online multiplayer game “Fortnite,” totaling over $520 million for alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) and use of “dark patterns” to deceive players into making unwanted, in-game purchases. Continue Reading Regulators Impose Epic Consequences for Children’s Privacy Rights Violations

Today, after over two years of detailed negotiations, President Joe Biden signed an Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities (the “Order”)  outlining steps the U.S. will take to implement its commitments under the European Union-U.S. Data Privacy Framework, originally announced by President Biden and European Commission President Ursula von der Leyen in March of 2022 (as previously discussed here).[1]
Continue Reading President Biden Signs Executive Order on New EU-US Data Privacy Framework

Determined to maintain its position as a pioneer for consumer privacy rights, California is again among the first to take action to tackle issues of children’s safety and privacy online with the enactment of the California Age-Appropriate Design Code (the “Code”), which was signed into law by Governor Gavin Newsom on September 15, 2022.  Once effective on July 1, 2024, the Code would, among other things, prescribe rules that require  businesses to design their online products and services with children’s privacy in mind and identify and mitigate any risks of material detriment to children that arise from businesses’ online data practices.
Continue Reading California Refuses to “Kid Around” on Children’s Privacy With Enactment of the California Age Appropriate Design Code