Tag Archives: privacy

Only Sheriff in Town? Not so fast: National Association of Attorneys General announces the formation of the Center on Cyber and Technology.

By Divonne Smoyer, Roger Gibboni and Karim Alhassan on Posted in Regulatory
With the continued rapid growth of both technological innovations and the market power of the companies spurring these innovations, calls for greater regulation and enforcement of companies in the technology sector are only growing louder. However, the same question continues to be asked – “how can governments regulate businesses they don’t fully understand?”… Continue Reading

Department for Digital, Culture, Media and Sport launches consultation on app security

By Cynthia O’Donoghue, Yunzhe Zhang and Sarah O'Brien on Posted in Data & Cyber Security, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)
On 4 May 2022, the Department for Digital, Culture, Media and Sport (DCMS) launched a consultation (available here) to request views from the tech industry on potential interventions to enhance security and privacy requirements for firms running app stores and developers making apps.… Continue Reading

Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action

By Gerard Stegmaier, Sarah Bruno, Mark Quist, Hubert Zanczak and Stuart Cobb on Posted in Privacy & Data Protection
Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of … Continue Reading

U.S. Data Privacy Compliance Roadmap for 2022

By Sarah Bruno, Idara Udofia and Hubert Zanczak on Posted in Cookies, Tracking & Online Behavioral Advertising, Privacy & Data Protection
There’s no doubt 2022 will be a big year for data privacy compliance with three new laws going into effect in 2023. On January 1, 2023, the California Privacy Rights Act (CPRA) will replace and amend California’s most recent, comprehensive data privacy law, the California Consumer Privacy Act (CCPA), and Virginia’s first extensive privacy law, … Continue Reading

Lloyd v. Google: Supreme Court rejects compensation claim

By Cynthia O’Donoghue and Sarah O'Brien on Posted in In the Courts, Privacy & Data Protection
In one of the most highly anticipated judgments in recent years, the UK Supreme Court has unanimously rejected a class-action style compensation claim under the Data Protection Act 1998. The Supreme Court decision was handed down as a result of a claim raised against Google LLC (Google) by Richard Lloyd on behalf of four million … Continue Reading

California amends CCPA and clarifies rulemaking deadline

By Sarah Bruno, Bart Huffman, Christian Blair and Hubert Zanczak on Posted in Data & Cyber Security
On October 5, 2021, California Governor Gavin Newsom signed into law amendments to the California Consumer Privacy Act (CCPA) via Assembly Bill 694. Businesses are eagerly awaiting clarification on many aspects of the CCPA and the California Privacy Rights Act (CPRA) (the CPRA is set to go into effect on January 1, 2023, with a 12-month look-back … Continue Reading

California privacy update: New state enforcement agency leadership discuss extending CPRA rulemaking deadline and doubling the number of current CCPA regulations

By Sarah Bruno, Gerard Stegmaier, Mark Quist and Hubert Zanczak on Posted in Privacy & Data Protection
California’s new enforcement agency, the Consumer Privacy Protection Agency (CPPA), recently held a meeting of its Board of Directors (Board), where they discussed the possible need to extend the July 1, 2022 CPRA rulemaking deadline and estimated that the updated privacy law, which takes effect in 2023, may require doubling the existing body of CCPA … Continue Reading

Washington State weighs enforcement mechanism for its comprehensive privacy bill

By Sarah Bruno and Hubert Zanczak on Posted in Privacy & Data Protection
Washington State legislators continue in their effort to pass only the second comprehensive privacy legislation in the U.S., the Washington Privacy Act (WPA).  Introduced on January 11, 2021, the WPA is currently making its way through committee hearings.  The debate continues, with the Washington State Senate Ways & Means Committee recently holding a public hearing … Continue Reading

Use of biometric technology is latest trend toward a verified internet

By Sarah Bruno, Michael Galibois and Jacqueline Lefebvre on Posted in Privacy & Data Protection
Many online platforms are using verification tools to address the broader concern of trustworthiness and credibility on the Internet. With a general move toward a “verified internet,” these online platforms are looking at new verification measures, including facial recognition and other biometric technology. The online adult video platform Pornhub announced last week that it will … Continue Reading

Six advertising law trends and what brands should watch out for in in 2021

By Jason Gordon and Casey Perrino on Posted in Privacy & Data Protection
In a Law360 article published last week, the top six media and advertising trends expected in 2021 are discussed. It is no surprise that data privacy and protection issues will likely continue to be a major focus for those operating in the media and advertising sectors. Two major themes identified include the potential for increased … Continue Reading

New York proposes a new Biometric Privacy Act

By Karen Lee Lust, Michael Galibois and Jacqueline Lefebvre on Posted in Privacy & Data Protection
On January 6th, the first day of the New York legislature’s 2021 session, NY lawmakers proposed Assembly Bill 27 (AB 27), the Biometric Privacy Act.  The legislative purpose of AB 27 is to provide safeguards for consumers regarding their biometric identifiers, such as fingerprints, handprints, retina or iris scans, voiceprints, and other facial and hand … Continue Reading

CPRA: The next frontier in (California) privacy

By Sarah Bruno, Divonne Smoyer and Alexis Cocco on Posted in Privacy & Data Protection
Before the dust has even settled on many California Consumer Privacy Act (CCPA) compliance projects, California voters have welcomed the future of privacy by overwhelmingly approving Proposition 24: The California Privacy Rights Act (CPRA).  Building off of the CCPA framework, the CPRA expands the rights of California consumers, adds new responsibilities for both business and … Continue Reading

Comparing legal privilege when dealing with privacy issues in England and Wales and the United States

By Gerard Stegmaier, Mark Quist, Elle Todd and Tom Gates on Posted in Privacy & Data Protection, Regulatory
The protection afforded by attorney-client privilege brings about a candid conversation between lawyers and clients. Privilege can attach to communications covering a variety of topics, from responding to a data subject access request (DSAR) to handling a security incident or managing complex and time consuming investigations on a multinational scale. Different privilege rules may apply … Continue Reading

EDPB releases draft guidelines on the targeting of social media users

By Cynthia O’Donoghue and Nadia Avraham on Posted in Privacy & Data Protection
In September 2020, the European Data Protection Board (EDPB) released new guidelines on the targeting of social media users (Guidelines) for consultation. Background The Guidelines address the privacy risks and legal issues that arise when social media services are used to direct specific messages to users based on particular criteria, such as the users’ perceived … Continue Reading

Federal judge dismisses data-related antitrust claims in hiQ Labs, Inc. v. LinkedIn Corp.

By Gerard Stegmaier, Christopher Brennan, Michelle A. Mantine and Gregory Vose on Posted in Privacy & Data Protection, Regulatory
On September 9, a federal judge in California dismissed claims brought by hiQ Labs, Inc. (hiQ) against LinkedIn Corp. (LinkedIn) that alleged that LinkedIn’s attempts to prevent hiQ from accessing public information on its website violated various antitrust laws. In an opinion that will continue to fuel debate over the relationship between antitrust and privacy, … Continue Reading

The rise of data protection group litigation actions in England and Wales

By Cynthia O’Donoghue and Sarah O'Brien on Posted in In the Courts
Class actions are widely known for their popularity in the United States. These types of actions are now developing in the UK because of recent data breach litigations. In the UK, group litigation can arise in two different scenarios: Group Litigation Order (“GLO”) or representative actions. GLOs are orders given by the Courts to manage … Continue Reading

Illinois Attorney General Kwame Raoul talks to Reed Smith about consumer privacy, biometrics, and data breaches

By Divonne Smoyer and Alexis Cocco on Posted in Privacy & Data Protection, Regulatory
In a recent Q&A with Illinois Attorney General Kwame Raoul, the first term AG discusses potential changes to data breach laws in Illinois and whether his state could implement a privacy statue similar to the California Consumer Privacy Act (CCPA), the effectiveness of federal data breach legislation, and reasonable steps that businesses could take to … Continue Reading

Legally blown: Reese Witherspoon and her fashion line face breach of contract and privacy class action over ‘free dress’ giveaway

By Jason Gordon, Sarah Bruno, Alexis Cocco and Erika Auger on Posted in Privacy & Data Protection, Regulatory
Hollywood movie star Reese Witherspoon and her clothing line, Draper James, LLC, have found themselves the subjects of a public relations debacle, and now, a class action after running a promotion for teachers gone horribly wrong. In April, Draper James ran an Instagram promotion to recognize and thank teachers for their work during the COVID-19 … Continue Reading

GDPR vs. U.S. discovery: The conflict continues

By Katalina Bateman and Karen Lee Lust on Posted in In the Courts
Recent cases have highlighted the continued tensions between the GDPR and U.S. demands for discovery in the context of U.S. litigation and investigations. This issue can present a real concern for companies operating on both sides of the pond seeking to comply with obligations on either side. Whilst the GDPR provides EU citizens with valuable … Continue Reading

The wait is over: Final CCPA regulations have been submitted

By Sarah Bruno, Casey Perrino and Alexis Cocco on Posted in Privacy & Data Protection
After many months and several rounds of revisions, the Office of the California Attorney General has finally submitted the final proposed regulations package under the California Consumer Privacy Act (CCPA) to the California Office of Administrative Law (OAL). The complete package, which includes the Final Text of Proposed Regulations and the Final Statement of Reasons, … Continue Reading

No, we haven’t forgotten about Brexit: UKTF publishes a draft agreement for the future EU-UK partnership

By Cynthia O’Donoghue and Sarah O'Brien on Posted in Privacy & Data Protection
On 18 March, the Task Force for Relations with the United Kingdom (UKTF) of the European Commission published its Draft Text of the Agreement on the New Partnership with the United Kingdom (Draft Agreement). It translates the negotiating directives, approved by Member States, into a legal text, in line with the Political Declaration agreed between … Continue Reading

Singapore proposes significant changes to its data protection law

By Charmian Aw and Carolyn Chia, Resource Law LLC on Posted in Privacy & Data Protection, Regulatory
The Personal Data Protection (Amendment) Bill 2020 (the Bill) was published today for public consultation. Key amendments proposed in the Bill include: Increased financial penalties for breaches of the Personal Data Protection Act (the Act) of up to 10 per cent of annual gross turnover in Singapore or S$1 million, whichever is higher. Mandatory data … Continue Reading

Amendments to D.C.’s data breach law create new data security and breach notification obligations for businesses

By Samuel F. Cullari, Alexis Cocco and Taber Rueter on Posted in Privacy & Data Protection, Regulatory
On March 26, 2020, amendments to Washington, D.C.’s data breach notification law were enacted in bill number B23-0215.  Put briefly, the amendments impose various prevention, response, and mitigation obligations on businesses regarding data breaches that affect D.C. residents.  Below is a summary of the key changes of which businesses should be aware.… Continue Reading

California relaxes key telehealth regulatory requirements during COVID-19 emergency

By Kimberly Gold, Alexis Cocco, James F. Hennessy and Emily Lynch on Posted in Data & Cyber Security, Privacy & Data Protection, Regulatory
On March 17, 2020, the federal government relaxed a number of telehealth-related regulatory requirements due to COVID-19. On April 3, 2020, California Governor Gavin Newsom issued Executive Order N-43-20 (the Order), which relaxes various telehealth reporting requirements, penalties, and enforcements otherwise imposed under state laws, including those associated with unauthorized access and disclosure of personal … Continue Reading
LexBlog