Cookies

Privacy compliance has entered a new phase—one defined not only by high-profile enforcement actions but by the growing expectation that organizations implement and maintain mature information governance programs capable of validating true, system-level technical compliance rather than merely projecting the appearance of it.  A spate of recent California enforcement actions makes clear that companies must be prepared to validate how privacy control’s function, including across systems, platforms, and data flows, making thoughtful, system-oriented self-assessment an increasingly important tool for aligning policy commitments with operational reality—before regulators do it for them.  SPB helps client’s self-access, identify gaps and remediate issues under the cloak of privilege.

Continue Reading CalPrivacy Update: Shifting to Structural Compliance and Auditing

For years, one of the most frequently litigated privacy laws has been the Video Privacy Protection Act (“VPPA”), 18 U.S.C. § 2710, a federal statute enacted in 1988 in response to the disclosure of then-Supreme Court nominee Robert Bork’s videotape rental history by a video store to a reporter, who published the list.  Despite its analogue origins, this decades-old statute has been used by the plaintiff’s bar (incentivized by the VPPA’s $2,500 per violation liquidated damages provision) in putative class action litigation brought against any business whose website contains playable videos and third-party cookies.

This past year, there were several significant court rulings in litigation under the VPPA.  These decisions addressed hotly contested VPPA elements while also laying the foundation for a potential circuit split.  Squire Patton Boggs’ globally ranked “Elite” Data Disputes team is well experienced defending businesses and their data practices, including in the realm of VPPA litigation and (mass) arbitration.  In this article, informed by our practical experience litigating and arbitrating VPPA cases, we: (I) provide a brief primer on VPPA elements and litigation theories, (II) cover a Second Circuit decision, and other district court decisions, on the definition of personally identifiable information under the VPPA (III) address decisions from the Sixth, Seventh, and D.C. Circuits on the scope of persons who can bring VPPA claims, and (V) give an update on a recent Eighth Circuit decision regarding which businesses are subject to the VPPA.  These areas are all likely to bear upon VPPA claims and ongoing litigation in 2026, making this a must read for in-house counsel and practitioners in this space.

Continue Reading 2025 Video Privacy Protection Act Litigation Year in Review

Mass arbitrations—where a plaintiffs’ firm brings dozens, hundreds, or thousands of identical claims against a business—is a mechanism increasingly relied upon by the plaintiffs’ bar in the past few years.  This is because mass arbitrations enable a plaintiffs’ firm to create settlement pressure by leveraging unavoidable arbitration fees borne by a business regardless of the merits of the claims filed.  Further powered by litigation funding, plaintiffs’ firms have used the mass arbitration device to bring vexatious claims and escape review of the merits or any downside risk.

Continue Reading 2025 Mass Arbitration Year in Review

Each year, the French data protection authority, “CNIL”, conducts hundreds of investigations (345 in 2022) on the basis of complaints received, notification of data breaches, information conveyed by press or other media, but also annual priority topics set by the CNIL. These topics are the following for 2023.
Continue Reading Priority Topics for French CNIL Investigations in 2023: “Smart” Cameras, Mobile Apps, Bank and Medical Records

Kyle Dull (Senior Associate, New York/Miami) will speak on Friday, September 16, at the Association of Corporate Counsel (ACC) South Florida Chapter’s 12th Annual CLE Conference, “Casino Royale: Accepting the In-House Mission.” Kyle’s aptly named panel, “For Your Eyes Only: Dealing with Security Risks, New Privacy Laws, and Vendor Management,” will cover the current

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

CJEU Rules Consumer Associations Can File Data Infringement Class Actions Without a Consumer Mandate

CPW’s Scott Warren Joins Faculty

Members of the globally recognized Squire Patton Boggs (US) LLP’s Data Privacy, Cybersecurity & Digital Assets Practice gathered in Washington, DC, to participate in person at the IAPP Global Privacy Summit (“GPS 2022”). The Practice has experienced tremendous growth in the past twelve months under the leadership of Alan Friel. The full contingency of

On Tuesday, April 5, CPW’s Alan Friel joined forces with Rebecca Perry, Director of Strategic Partnerships at Exterro, to share their expertise during the “Preparing for 2023 – Tools and Tips to Be Ready for New US Privacy Laws” webinar hosted by Global Data Review.

During this one-hour long virtual session, the duo discussed

The UK’s Competition and Markets Authority (“CMA”), Information Commissioner’s Office (“ICO”) and Google have agreed legally binding commitments from Google on the development of its Privacy Sandbox proposals.

These proposals relate to the removal of third-party cookies – to be phased out by 2023 – in the Chrome browser and Chromium browser engine, which will

On February 2, 2022, the Belgian Data Protection Authority (the ‘Belgian DPA’) imposed a number of sanctions against Interactive Advertising Bureau Europe (‘IAB Europe’), for alleged violations of the EU General Data Protection Regulation (the ‘GDPR’) by its Transparency and Consent Framework (the ‘TCF’).

TCF is developed by IAB Europe, in partnership with IAB Tech