Consumer Protection

Key Takeaway: Organizations must conduct a fact-based analysis to determine whether health data collection and tracking technology deployed on their websites and mobile apps complies with the federal Health Insurance Portability and Accountability Act (“HIPAA”) and other applicable laws and guidance.

Cookies, web beacons, and similar technology are used to collect and analyze

In a decision on October 27, 2022, the European Court of Justice has clarified the operators’ obligations regarding consent and the right to object in relation to public directories and information services.

Legal Context

The ePrivacy Directive contains several provisions relating to public directories and information services of telecommunications operators.

In particular, EU Member States

Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.

Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.

Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report

Since October 1, 2022, new obligations relating to the warranties of conformity and of hidden defects, as well as new warranties for digital content and services, have come into force and require the update of the consumer Terms and Conditions.


The changes were made by the decree n°2022-946 of June 29, 2022, “relating to the statutory warranty of conformity for goods, digital content and digital services,” which came into effect on October 1, 2022.

This decree revises and completes the regulatory provisions of the French consumer code following the reform carried out by Ordinance No. 2021-1247 of September 29, 2021, which transposed European Directives (EU) 2019/770 “on certain aspects concerning contracts for the supply of digital content and digital services” and (EU) 2019/771 “on certain aspects concerning contracts for the sale of goods.”

The objective of these texts is to modernize the statutory warranty of conformity and consumer contracts to strengthen consumer protection and create a statutory warranty for the provision of digital content or digital services.

Continue Reading Have You Updated Your French B2C T&Cs Yet?

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric

On Monday, it was announced that the Federal Trade Commission (“FTC”) was taking action against education technology provider Chegg Inc. (“Chegg”) for its deficient data security practices that exposed the sensitive information of millions of its customers and employees, including Social Security numbers, email addresses and passwords.  According to the FTC, Chegg allegedly failed to fix problems with its cybersecurity despite experiencing four breaches since 2017.  This latest development is another reaffirmation of the FTC’s prioritization of privacy and security, as previously covered on CPW.

Continue Reading Ed Tech Company’s Four Data Breaches in Three Years Leads to FTC Enforcement Action

Burn After Reading is a black comedy spy movie by the Coen brothers. It could also be an extreme encapsulation of the core of data retention rules applicable to communications providers: data should only be kept for as long as:

  • There is an administrative need to keep it to carry out your business or support functions (e.g. billing); or
  • It is required to demonstrate compliance for audit purposes or for legislative requirements (e.g. in case of an order to intercept communications for law enforcement).

Continue Reading Burn After Reading… Data Retention Compliance

CPW’s Kristin Bryan was recently interviewed about “BIPA and Forthcoming Changes to Biometric Privacy Laws” on the LexisNexis Practical Guidance Podcast’s third episode of the Data Privacy Series. During her interview with Kevin Hylton, who hosts the podcast, Kristin sets the stage for the rise in BIPA class action claims in areas such

Continuing the recent trend of holding company executives personally liable for a company’s alleged violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), the Federal Trade Commission (FTC) announced a complaint and consent agreement with Drizly, LLC (“Drizly”), an alcohol delivery app, and Chief Executive Officer James Cory Rellas over the failure

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws