Photo of Jason Gordon

Jason Gordon

Subscribe to Jason Gordon's Posts
Contact:Read more about Jason Gordon

Catch up on our Tech Law Talks podcast series for practical observations on technology and data legal trends, from product and technology development to operational and compliance issues that practitioners encounter every day.

What’s new in data protection in the EU

It has been a busy few weeks in the EU for all things data protection, particularly data transfers. Cynthia O’Donoghue and Andy Splittgerber walk us through the new Standard Contractual Clauses (SCCs) for international transfers and for controllers to processors, the newly issued EDPB Supplementary Measures Recommendations, and the UK adequacy decision. (18 mins)

M365 in 5: Compliance and governance in M365

E-Discovery consultant Lighthouse returns to our M365 in 5 series for a discussion about the importance of compliance and governance in M365 and collaboration among stakeholders to balance risk and business needs. Reed Smith’s Anthony Diana and Therese Craparo join Lighthouse’s John Holliday to discuss implementing controls and managing data to mitigate risk. (8 mins)Continue Reading Tune in for the latest updates on our Tech Law Talks podcast

In a Law360 article published last week, the top six media and advertising trends expected in 2021 are discussed. It is no surprise that data privacy and protection issues will likely continue to be a major focus for those operating in the media and advertising sectors. Two major themes identified include the potential for increased

Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong.

In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 pandemic. The April 2, 2020 promotion post stated: “Dear Teachers: We want to say thank you. During quarantine we see you working harder than ever to educate our children. To show our gratitude, Draper James would like to give teachers a free dress.”

The Instagram post went on to provide further details of the promotion, including that to “apply”, teachers needed to fill out a form  with their name and work email addresses, a photo of their school IDs, the grade level and subjects they teach, as well as their school name and state. In exchange for providing what the teachers alleged to be “sensitive personal, employment information,” teachers thought they would receive a free dress from the brand. While the Instagram post did caveat in a parenthetical that the offer was “valid while supplies last – winners will be notified on Tuesday April 7th” the post did not disclose that only 250 teachers would receive a free dress. The lawsuit claims that the “vague illusory comment” was insufficient to place a reasonable consumer on notice that that this was a sweepstakes or that the brand would “only be making an unreasonably limited number of products available under this offer.”
Continue Reading Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

In a world where we have been ordered to stay home and shelter in place to combat the spread of COVID-10 our children are now learning remotely. While it is fortunate that technology allows students to continue the school year at home, remote learning presents an obstacle where children’s privacy is concerned.

In the United States, the Children’s Online Privacy Protection Act (COPPA) governs the collection of personal information from children under the age of 13. It generally requires the provider of a website or online service directed at children to obtain “verifiable parental consent” before collecting any personal information from children. “Verifiable parental consent” can be obtained in a number of ways—for example, through a signed consent form that is returned via mail or electronic scan, or the use of a credit card or other online payment system that provides notification of each separate transaction to the account holder—but whatever method is used must be reasonably designed to ensure that the person giving the consent is the child’s parent or legal guardian.
Continue Reading Remember to consent in the time of COVID-19

Social media users may soon be able to easily transfer their personal information to competing platforms. On October 22, 2019, a bipartisan group of U.S. senators (Mark R. Warner (D-VA), Josh Hawley (R-MO), and Richard Blumenthal (D-CT)) introduced the Augmenting Compatibility and Competition by Enabling Service Switching Act (ACCESS Act), a bill aimed at encouraging market-based competition among today’s major social media platforms by requiring the largest of these tech companies to allow users to move their data from one service to another.

The bill, should it become law, would be regulated and enforced by the Federal Trade Commission (FTC), and would require large communications platforms (products or services with over 100 million monthly active users in the U.S.) to:

  • Make users’ personal data portable, by allowing users to retrieve and/or transfer their personal data in a structure and machine-readable format.
  • Maintain interoperability with other platforms, including competing companies.
  • Give users the ability to designate a trusted third-party service to manage their privacy, content, online interactions, and account settings.

Continue Reading Bipartisan social media data portability bill introduced in U.S. Senate

A new Vermont law enforcing data security and annual disclosure obligations on data brokerage companies (e.g., Acxiom, Experian, Epsilon) came into effect on January 1, 2019.  Data brokers are required to register annually with the Vermont Attorney General and pay an annual registration fee.  Annually, data brokers must release information regarding practices related to the

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules