Consumer Protection

Burn After Reading is a black comedy spy movie by the Coen brothers. It could also be an extreme encapsulation of the core of data retention rules applicable to communications providers: data should only be kept for as long as:

  • There is an administrative need to keep it to carry out your business or support functions (e.g. billing); or
  • It is required to demonstrate compliance for audit purposes or for legislative requirements (e.g. in case of an order to intercept communications for law enforcement).

Continue Reading Burn After Reading… Data Retention Compliance

CPW’s Kristin Bryan was recently interviewed about “BIPA and Forthcoming Changes to Biometric Privacy Laws” on the LexisNexis Practical Guidance Podcast’s third episode of the Data Privacy Series. During her interview with Kevin Hylton, who hosts the podcast, Kristin sets the stage for the rise in BIPA class action claims in areas such

Continuing the recent trend of holding company executives personally liable for a company’s alleged violation of Section 5 of the Federal Trade Commission Act (“FTC Act”), the Federal Trade Commission (FTC) announced a complaint and consent agreement with Drizly, LLC (“Drizly”), an alcohol delivery app, and Chief Executive Officer James Cory Rellas over the failure

The Interactive Advertising Bureau (IAB) and IAB Tech Lab have proposed updates their industry level agreements and privacy signal program to support the efforts of marketers, agencies, publishers, and ad tech companies to comply with the US state privacy laws going into effect in 2023. The comment period on the updates is open until October 27.
Continue Reading Ad Industry Group Modifies Its Compliance Program to Address 2023 US State Privacy Laws

The UK’s Electronic Communications (Security Measures) Regulations 2022 (the Regulations) came into force on 1 October 2022, together with the Telecommunications Security Code of Practice (the Code of Practice). The Regulations reflect the increased risk of cyber-attack and data breaches, whether for criminal purposes or by potentially hostile states. They supplement general duties imposed on providers of public electronic communications networks and services by the Communications Act 2003, sections 105A and 105C, and provide Ofcom with new powers to monitor and enforce enhanced obligations affecting:

  • providers of public electronic communications networks (“network providers”); and
  • providers of public electronic communications services (“service providers”).

Continue Reading Protecting Electronic Communications Networks and Services from Cyber-Attack and Data Breach: Enhanced Obligations and Board-level Accountability

Is an online-only business a place of public accommodation under Title III of the Americans with Disabilities Act of 1990 (ADA)? Yes, claimed the plaintiff in Martinez v. Cot’n Wash, Inc., 81 Cal. App. 5th 1026 (Cal. App. August 1, 2022). The Martinez plaintiff, who was permanently blind and used screen readers (i.e., software that audibly reads website content), alleged that “well-established industry standards” require websites to allow blind or visually impaired people access to websites, which one of the defendant’s websites—an e-commerce site—did not. No, said the California Court of Appeal, disagreeing with the plaintiff.
Continue Reading Online-Only Businesses Are Not a Place of Public Accommodation: California State Appellate Court Follows the Ninth Circuit in ADA-Related Ruling

This morning, the White House Office of Science and Technology Policy released a long-awaited “Blueprint for an AI Bill of Rights” (“AI Bill of Rights”) that, when implemented, would apply to automated systems that have the potential to meaningfully affect the American public’s rights, opportunities, or access to critical resources or services. The AI

On September 30, 2022, the Colorado Attorney General’s Office (“Colorado AG”) issued its proposed draft Colorado Privacy Act (“CPA”) Rules (the “CPA Rules” or “Rules”). The draft Rules, which add significant complexity and obligations on businesses, go far beyond what was expected of the Colorado AG and, despite the repeated insistence for interoperability with other

Several developments this week underscored the continued importance of a bill that has been introduced to implement uniform privacy federal privacy standards.
Continue Reading Passage of Federal Privacy Bill Remains Possible This Year, Remains a Continued Priority

Kyle Fath, partner in the firm’s Data Privacy, Cybersecurity & Digital Assets group and Los Angeles Office, was appointed this month to serve on the Connecticut Data Privacy Act (CTDPA) working group by the joint standing committee of the Connecticut General Assembly.
Continue Reading Kyle Fath appointed to Connecticut Privacy Legislation Working Group