Litigation may be necessary to protect our trademarks and other intellectual property rights or to enforce these rights. Any litigation or claims brought by us could result in substantial costs and diversion of our resources, which could have a material adverse effect on our business, financial condition, and results of operations.
Unfavorable changes or failure by us to comply with evolving internet and e-commerce regulations could substantially harm our business and results of operations.
We are subject to general business regulations and laws as well as regulations and laws specifically governing the internet and e-commerce. These regulations and laws may involve taxes, privacy and data security, customer protection, the ability to collect and/or share necessary information that allows us to conduct business on the internet, marketing communications and advertising, content protection, electronic contracts or gift cards. Furthermore, the regulatory landscape impacting internet and e-commerce businesses is constantly evolving.
We collect personal information and other data from our employees, customers, prospective customers and others. We use this information to provide services and relevant products to our customers, to support, expand and improve our business, and to tailor our marketing and advertising efforts. We may also share customers’ personal information with certain third parties as authorized by the customer or as described in our privacy policy.
As a result, we are subject to or affected by laws, governmental regulation and other legal obligations related to data protection, privacy and information security in certain countries where we do business, and there has been and will continue to be new proposed laws and regulations and changes to existing legal frameworks that govern how we collect, use, share, and process personal data.
In the United States, the federal government and various state governments have adopted or proposed guidelines or rules for the collection, distribution, use and storage of information collected from or about individuals or their devices. For example, in 2020, the CCPA came into force, and provides new data privacy rights for California consumers and new operational requirements for covered companies. Specifically, the CCPA mandates that covered companies provide new disclosures to California consumers and afford such consumers new data privacy rights that include, among other things, the right to request a copy from a covered company of the personal information collected about them, the right to request deletion of such personal information, and the right to request to opt-out of certain sales of such personal information. The California Attorney General can enforce the CCPA, including seeking an injunction and civil penalties for violations. The CCPA also provides a private right of action for certain data breaches that is expected to increase data breach litigation. Additionally, a new privacy law, the CPRA, took effect on January 1, 2023 and significantly amends and expands the CCPA, which could result in further uncertainty and require us to incur additional costs and expenses in an effort to comply. As another example, some U.S. courts have interpreted certain two-party consent wiretap statutes, such as the California Invasion of Privacy Act (the “CIPA”), to require the collection of prior consent from consumers who engage in a dialogue with chatbots. If the scope of such laws or newly enacted legislation were interpreted to apply to our services, we and/or our customers may be required to obtain the express consent of web visitors in order for our technology to perform its intended functions.
In addition, Virginia enacted the Virginia Consumer Data Protection Act, (the “CDPA”), which became effective on January 1, 2023, Colorado enacted the Colorado Privacy Act, (the “CPA”), which takes effect on July 1, 2023, Utah enacted the Utah Consumer Privacy Act (“UCPA”), which takes effect on December 31, 2023, and Connecticut enacted the Connecticut Data Privacy Act (“CTDPA”), which takes effect on July 1, 2023. The CPA, CDPA, CIPA, UCPA and CTDPA are similar to the CCPA and CPRA, but aspects of these state privacy statutes remain unclear, resulting in further legal uncertainty and potentially requiring us to modify our data practices and policies and to incur substantial additional costs and expenses in an effort to comply. Complying with the GDPR in Europe, the UK General Data Protection Regulation (“UK GDPR”); the UK Data Protection Act 2018, FADP, the CCPA, CIPA, CPRA, CDPA, CPA, UCPA and CTDPA or other laws, regulations, amendments to or re-interpretations of existing laws and regulations, and contractual or other obligations relating to privacy, data protection, data transfers, data localization, or information security may require us to make changes to our services to enable us or our customers to meet new legal requirements, incur substantial operational costs, modify our data practices and policies, and restrict our business operations. Any actual or perceived failure by us to comply with these laws, regulations, or other obligations may lead to significant fines, penalties, regulatory investigations, lawsuits, significant costs for remediation, damage to our reputation, or other liabilities. Other state regulators and the FTC with authority to enforce federal and state customer protection laws may also impose standards for the online collection, use and dissemination of data.
Foreign privacy laws are also undergoing a period of rapid change, have become more stringent in recent years and may increase the costs and complexity of offering our products and services in new geographies. In Canada, the Personal Information Protection and