Photo of Kim Ng

Kim Ng centers her practice on internet and technology issues, with a strong focus on data privacy and information security. She counsels clients on compliance efforts with state, federal, and international privacy laws and regulations, including the California Consumer Privacy Act (CCPA), Communications Decency Act (CDA), and the General Data Protection Regulation (GDPR).

Picture this: you’re a politician in the 21st century. You’re running for election, and like all engaged, modern pols, you reach your voting base by being active on a variety of social media platforms (or, at least, you have someone do social media for you). On one of your social media profiles, someone else makes racist and bigoted comments about your electoral opponent. Can you face criminal charges for their comments?

Blending complex questions of electoral politics, hate speech, free speech, content liability, criminal culpability, and proper online stewardship, this is a question tailor-made for hot takes on tech policy. It’s also a question the European Court of Human Rights (ECtHR) recently addressed in Sanchez v. France: The court said yes; you can be held criminally liable (at least in Europe).Continue Reading Can You Be Charged for Others’ Online Speech? European Court Says Yes.

Last week, the Consumer Privacy Protection Agency (Agency) Board rounded out the first half of 2022 by releasing draft California Privacy Rights Act (CPRA) regulations. This first set of CPRA regulations focus on updating existing California Consumer Privacy Act (CCPA) regulations to account for the new provisions of the CPRA and addressing specific areas such

This past summer, we reported on the July 2021 vote by the Uniform Law Commission (ULC) to approve the Uniform Personal Data Protection Act (UPDPA), a model data privacy bill designed to be promulgated in state legislatures across the United States. Now the District of Columbia becomes the first jurisdiction to have the bill introduced for consideration.
Continue Reading Washington, D.C., Becomes the First Mover on the Uniform Personal Data Protection Act

On June 24, 2021, Google announced that it would extend the phase-out timeline for Chrome’s support of third-party cookies by nearly two years. Although Google originally planned to remove third-party cookie support by early 2022, the revised deadline for late 2023 represents Google’s intent to “move at a responsible pace” that will allow further discussion and engagement with the public and regulators, and to give publishers and the advertising industry at large more time to adjust their services.
Continue Reading Google Extends Phase-Out Timeline for Third-Party Cookies

On March 17, 2021, California officials announced their appointees to the five-member inaugural board of the California Privacy Protection Agency (CPPA). Approved by voters in the November 2020 election cycle, the California Privacy Rights Act (CPRA) called for the creation of the CPPA, an administrative agency tasked with the enforcement of the CPRA and the 2018 California Consumer Privacy Act (CCPA). Below is an overview of the CPPA Board and the appointees who will be leading the agency.
Continue Reading California Officials Announce Board Member Appointees to the California Privacy Protection Agency