Kelly DeMarchis Bastide advises clients on issues related to consumer data privacy and security, and online gaming. As a co-chair of the Privacy and Data Security Group, Kelly provides actionable, business-friendly legal guidance to multinational companies and organizations that process personal data. A key focus of her practice is assessing clients' privacy programs against laws in multiple jurisdictions. She works with clients to understand their goals, then develops tailored compliance programs to minimize risk, prepare clients for incidents, and increase business opportunities. Kelly has examined the privacy implications of emerging technologies, such as artificial intelligence (AI) and blockchain, for clients.

Join us as we spotlight select chapters of Venable’s popular Advertising Law Tool Kit, which helps marketing teams navigate the legal risk of campaigns and promotions. Click here to download the entire Tool Kit, and tune in to the Ad Law Tool Kit Show podcast, to hear the authors of this chapter dive deeper into the issue of State Privacy Laws in this week’s episode.


State privacy laws continue to evolve rapidly, challenging businesses to keep pace. In 2023, new omnibus privacy laws went into effect in California, Colorado, Connecticut, Utah, and Virginia, while eight additional states enacted similar laws. Of the eight states with newly enacted laws, four have laws that will come into effect in 2024—Florida, Montana, Oregon, and Texas. Therefore, businesses should be prepared to comply with up to nine comprehensive state privacy laws in 2024, with more laws slated to come into force in 2025 and 2026.Continue Reading State Privacy Laws: An Excerpt from the Advertising Law Tool Kit

Not to be left behind by other regulators, the California Privacy Protection Agency (CPPA) recently issued an enforcement advisory on “dark patterns” in the context of the notice and consent required under the California Consumer Privacy Act (CCPA). As we’ve previously discussed, dark patterns are a subset of “deceptive marketing” and are also known as “deceptive design patterns.” The Federal Trade Commission (FTC) released a report in 2022 outlining the various methods companies employ, such as “making it difficult for consumers to cancel subscriptions or charges, burying key terms or junk fees, and tricking consumers into sharing their data.”

The scrutiny of dark patterns has only intensified since then, and states like California are jumping in. The CCPA defines dark patterns as “[u]ser interfaces or choice architectures that have the substantial effect of subverting or impairing a consumer’s autonomy, decision making, or choice” and says consumer agreement obtained through dark patterns does not constitute consent. The CPPA advises companies seeking to obtain consumer information to use language that is easy to understand and to avoid technical or legal jargon.Continue Reading California Privacy Protection Agency Warns Businesses Against “Dark Patterns” and Urges “Symmetry in Choice”