The Illinois Genetic Information Privacy Act, 410 ILCS 513/1, et seq. (“GIPA”), which was passed in 1998 and amended in 2008, had until recently received little attention from the plaintiffs’ bar. That changed last August, after a court granted certification in a federal GIPA class action involving alleged unauthorized disclosure of consumers’ genetic information to unknown third-party developers by a website that sold DNA analysis reports. See Melvin v. Sequencing, LLC, 344 F.R.D. 231, 233 (N.D. Ill. 2023). Over 50 GIPA cases were filed in 2023 alone in the wake of that ruling, with many more now pending in Illinois state and federal courts. As this litigation trend continues almost a year following the granting of class certification in Melvin, companies are asking: what is GIPA, are we subject to it, and what should we do to mitigate litigation risk?  Employers, insurance companies, and others that collect health- and genetic-related information should read on to learn more.

Continue Reading Employers and Insurance Companies Continue To Be Targeted with Deluge of Claims Under the Illinois Genetic Information Privacy Act

The Federal Communications Commission (FCC) recently issued four orders imposing $196 million in fines against the three largest national mobile services providers in the United States (i.e., AT&T, T-Mobile, and Verizon) and Sprint, who merged with T-Mobile in 2020 (the “Mobile Providers”).[1] The FCC fined them for sharing customer location information with third parties without prior customer consent and then failing to take reasonable measures to protect that information against unauthorized disclosure. Although AT&T, T-Mobile, and Verizon suspended in 2019 the specific programs that gave rise to the fines, the Forfeiture Orders stand as the definitive guidance from the FCC on the treatment of customer location information under Section 222 of the Communications Act and the FCC’s rules regulating access to “customer proprietary network information” or “CPNI.” They also provide a window into upcoming debates and possible additional FCC actions.

Continue Reading FCC Fines National Mobile Providers for Sharing Customer Location Information: What Are the Lessons and What to Expect in this New Era of FCC Mobile Data Privacy Oversight

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Congress Could Disrupt Prevailing State Law Approach to Online Ads | Privacy World

Squire Patton Boggs Lawyers to Present on Several Upcoming Webinars and Events | Privacy World

California Privacy Regulator Holds Townhall Sessions On Draft Rules | Privacy World

When the EDPB is Weaponized, It Is Our Privacy That Is at Risk | Privacy World

Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court | Privacy World

Singapore Progresses Towards Amended Cybersecurity Law | Privacy World

Heavyweight Fight, Did the US or EU KO the AI Treaty? | Privacy World

Are you Ready for Washington and Nevada’s Consumer Health Data Laws? | Privacy World

April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024? | Privacy World

The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy? | Privacy World

The recently released discussion draft of the American Privacy Rights Act rejects the opt-out approach to targeted advertising in 17 state consumer privacy laws, and instead requires express affirmative opt-in consent for tailoring online ads based on a specific viewer’s interests and activities, akin to the prevailing European approach.  In a guest post published earlier this week by Bloomberg Law, Privacy World’s Alan Friel and Kyle Fath explain why this would do more harm than good to consumers, threaten the ad-supported online content business model that supports a free and open Internet, and increase the economic digital divide.  Read more here.

Our lawyers are well known for thought leadership across many platforms, and that tradition continues over the coming weeks. Please join us at these upcoming events to hear the latest trends, updates and insights within the global Data Privacy realm. For more information, contact the presenters or your relationship attorney.

Global Cybercrime Management Executive Roundtable for POLCYB
Wednesday, May 1

On May 1st, Scott Warren will be speaking and moderating panels at the Global Cybercrime Management Executive Roundtable for The Society for the Policing of Cyberspace (POLCYB), a full day conference in Vancouver and online. The theme of the conference is Thought Leadership on Managing Cybercrime Amidst Evolving AI, Quantum Technologies and the Metaverse. It will feature speakers from US and Canadian law enforcement, prosecutors, The Council of Europe, corporations and many others united to find more effective ways to prevent cybercrime and the tools that enable it.

Continue Reading Squire Patton Boggs Lawyers to Present on Several Upcoming Webinars and Events

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

California Privacy Regulator Holds Townhall Sessions On Draft Rules | Privacy World

When the EDPB is Weaponized, It Is Our Privacy That Is at Risk | Privacy World

Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court | Privacy World

Singapore Progresses Towards Amended Cybersecurity Law | Privacy World

Heavyweight Fight, Did the US or EU KO the AI Treaty? | Privacy World

Are you Ready for Washington and Nevada’s Consumer Health Data Laws? | Privacy World

April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024? | Privacy World

The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy? | Privacy World

The California Privacy Protection Agency (CPPA) announced three statewide public stakeholder sessions to learn about and provide preliminary feedback on the Agency’s proposed regulations on automated decision-making technology, risk assessments, and cybersecurity audits:

Locations and Times:

  • May 13, 2024, 3:00 pm to 7:00 pm (in-person only)
    Los Angeles Junipero Serra Office Building, 320 West Fourth Street, Los Angeles, CA 90013
  • May 15, 2024, 3:00 pm to 7:00 pm (in-person only)
    Fresno Hugh Burns State Building, 2550 Mariposa Mall, Fresno, CA 91721
  • May 22, 2024, 2:00 pm to 6:00 pm (Hybrid: In-person and streamed via Zoom)
    Sacramento CCAP, 400 R Street, Sacramento, CA 95811
Continue Reading California Privacy Regulator Holds Townhall Sessions On Draft Rules

Op-ed on what we know of the EDPB opinion on Pay or OK

April 17, 2024, 5:15 p.m. (Brussels)

Today, the EDPB plenary had a moment. It discussed an opinion on the Pay or OK models for social media. It was not its role, but it was likely trapped to do, as Art. 64(2) GDPR didn’t consider that national data protection authorities would sometimes use tactics similar to privacy activists to weaponize fundamental rights in a fight that has very little to do with privacy at its core. The discussion is much more about the Internet we want (or not).

“In most cases, it will not be possible for large online platforms to comply with the requirements for valid consent if they confront users only with a binary choice between consenting to processing of personal data for behavioral advertising purposes and paying a fee” says the opinion (according to the leak from POLITICO).

Continue Reading When the EDPB is Weaponized, It Is Our Privacy That Is at Risk

On March 22, the Western District of Washington granted a motion to remand cases removed from state court in In re Fred Hutchinson Data Security Litigation, 2:23-cv-01893-JHC, 2024 WL 1240681 (W.D. Wash. March 22, 2024). In doing so, it highlighted for litigators and companies alike a lesson in the importance of understanding how courts determine citizenship when determining diversity jurisdiction under the Class Action Fairness Act (“CAFA”).

Continue Reading Relying on CAFA’s Discretionary “Home-State” Exception, Federal Court Punts Data Breach Class Action Back to State Court

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Singapore Progresses Towards Amended Cybersecurity Law | Privacy World

Heavyweight Fight, Did the US or EU KO the AI Treaty? | Privacy World

Are you Ready for Washington and Nevada’s Consumer Health Data Laws? | Privacy World

April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024? | Privacy World

The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy? | Privacy World