Alston & Bird Privacy, Cyber & Data Strategy Blog

CalPrivacy Seeks Input on Reducing Friction in Privacy Rights Experience and Challenges with Opt-Out Preference Signals

March 16, 2026 By Maki DePalo and Hyun Jai Oh

On March 6, 2026, the California Privacy Protection Agency (CalPrivacy) published an Invitation for Preliminary Comments seeking public input on whether regulatory changes are needed in two related areas under the California Consumer Privacy Act (CCPA): (1) reducing friction in exercising privacy rights ; and (2) the operation and use of opt-out preference signals (OOPS). Businesses subject to the CCPA are required to honor multiple consumer privacy rights, including the rights to know, … [Read more] about CalPrivacy Seeks Input on Reducing Friction in Privacy Rights Experience and Challenges with Opt-Out Preference Signals

CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement

March 9, 2026 By Cynthia Cole, Dorian Simmons and Anna von Spakovsky

On February 27, 2026, the California Privacy Protection Agency (“CalPrivacy”) issued an order (the “Order”) requiring a sports-focused media and technology company (the “Company”) to pay a $1.10 million administrative fine for violations of the … [Read more] about CalPrivacy Goes to the Board with Digital Advertising-Focused Enforcement

The FTC’s COPPA Policy Statement to Incentivize Age Verification Through a More Flexible Enforcement Approach

March 5, 2026 By Cynthia Cole, Maki DePalo, Jennifer Everett and Lili Song

On February 25, 2026, the Federal Trade Commission (“FTC”) issued an enforcement policy statement announcing that the Commission will not bring enforcement actions under the Children's Online Privacy Protection Act ("COPPA") Rule against operators of … [Read more] about The FTC’s COPPA Policy Statement to Incentivize Age Verification Through a More Flexible Enforcement Approach

NYDFS Revises Prescriptive FAQs on Multifactor Authentication

March 5, 2026 By Kim Peretti, Kate Hanniford, Lance Taubin, Ashley Miller and Carson Kuck

Two months after the New York Department of Financial Services (“NYDFS”) updated its Frequently Asked Questions (“FAQs”), which we wrote about here, NYDFS has released updated FAQs on multifactor authentication (“MFA”) that further clarify 23 NYCRR § … [Read more] about NYDFS Revises Prescriptive FAQs on Multifactor Authentication

Threat Actors Exploit Google’s Gemini to Accelerate Cyberattacks

March 3, 2026 By Seol Namgoong and Kim Peretti

Google Threat Intelligence Group (GTIG) recently reported that cybercriminals—in particular, state-sponsored threat actors from North Korea, Iran, China, and Russia—are misusing Gemini, Google’s large language model (LLM), to support all stages of … [Read more] about Threat Actors Exploit Google’s Gemini to Accelerate Cyberattacks