Data Retention

In a decision on October 27, 2022, the European Court of Justice has clarified the operators’ obligations regarding consent and the right to object in relation to public directories and information services.

Legal Context

The ePrivacy Directive contains several provisions relating to public directories and information services of telecommunications operators.

In particular, EU Member States

Biometric privacy suits brought under the Illinois Biometric Information Privacy Act (“BIPA”) continue to remain one of the hottest areas of class action litigation today, which can be attributed primarily to the fact that high statutory damages awards can be recovered by large classes of employees, consumers, and similar groups of individuals for mere technical violations of the law. To further compliance matters, many BIPA decisions issued to date have skewed heavily in favor of plaintiffs, which has resulted in a significant expansion of potential litigation risk under the statute. 

In Mora v. J&M Plating, Inc., No. 2-21-0692, 2022 IL App (2d) 210692 (Ill. App. Ct. 2d Dist. Nov. 30, 2022), the Illinois Second District Court of Appeals continued the trend of plaintiff-favorable BIPA decisions in 2022, holding that private entities run afoul of BIPA’s Section 15(a) data retention and destruction disclosure requirements where they fail to have in place a BIPA-compliant data retention/destruction disclosure at the time biometric data is initially possessed, and that subsequent disclosures cannot serve retroactively to remedy prior violations of this component of the law. Importantly, Mora underscores the need for companies to ensure they have satisfied all of the applicable requirements of BIPA prior to the time any biometric data is collected or possessed in order to mitigate the sizeable legal risks associated with legal non-compliance.  Continue Reading Illinois Appellate Court Issues Key, Plaintiff-Favorable Opinion On BIPA Data Retention Disclosure Requirements 

Welcome to the 2022 Q3 edition of the Artificial Intelligence & Biometric Privacy Report, your go-to source for keeping you in the know on all recent major artificial intelligence (“AI”) and biometric privacy developments that have taken place over the course of the last three months. We invite you to share this resource with your colleagues and visit Squire Patton Boggs’ Data Privacy, Cybersecurity & Digital Assets and Privacy & Data Breach Litigation homepages for more information about our capabilities and team.

Also, we are extremely pleased to announce that our own Kristin Bryan was named as a 2022 Law360 Cybersecurity & Privacy MVP. As Law360 notes, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.” You can read more about Kristin’s Law360 award here: Law360 MVP Awards Go to 188 Attorneys From 78 Firms.Continue Reading 2022 Q3 Artificial Intelligence & Biometric Privacy Report

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

WEBINAR Federal Privacy Legislation: Within Reach After a Decade of Debate. If So, What Next?

Federal Court Dismisses Biometric

A federal court recently sanctioned defendants for spoilation of evidence in litigation. In doing so, the Court rejected the Defendant’s argument that they changed their data settings in good faith to align with the California Consumer Privacy Act of 2018 (“CCPA”) and the International Standard of Operation Compliance (“ISO”). 2022 U.S. Dist. LEXIS 178233 (N.D. Ohio Sep. 29, 2022). Read on to learn more.
Continue Reading Federal Court Sanctions Company for Spoilation of Evidence Over Arguments Data Settings Changed to Comply with CCPA and ISO Requirements

Burn After Reading is a black comedy spy movie by the Coen brothers. It could also be an extreme encapsulation of the core of data retention rules applicable to communications providers: data should only be kept for as long as:

  • There is an administrative need to keep it to carry out your business or support functions (e.g. billing); or
  • It is required to demonstrate compliance for audit purposes or for legislative requirements (e.g. in case of an order to intercept communications for law enforcement).

Continue Reading Burn After Reading… Data Retention Compliance

CPW’s Kristin Bryan was recently interviewed about “BIPA and Forthcoming Changes to Biometric Privacy Laws” on the LexisNexis Practical Guidance Podcast’s third episode of the Data Privacy Series. During her interview with Kevin Hylton, who hosts the podcast, Kristin sets the stage for the rise in BIPA class action claims in areas such

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Profiling and Automated Decision-Making: How to Prepare in the Absence of Draft CPRA Regulations | Consumer Privacy World

Protecting

In January 2019, the Illinois Supreme Court opened the floodgates to class action litigation pursued under the Illinois Biometric Information Privacy Act (“BIPA”) when the state’s highest court held in Rosenbach v. Six Flags Ent. Corp., 2019 IL 123186, 129 N.E.3d 1197 (Ill. 2019), that plaintiffs do not have to allege any actual injury or damages to pursue claims under the state’s biometric privacy statute; instead, mere technical violations of the law are sufficient. Today, the world of biometric privacy litigation experienced a development noteworthy enough to put it on equal footing with Rosenbach, with a jury finding in favor of a class of Illinois truck drivers in the first BIPA class action to be tried to verdict.
Continue Reading BREAKING: Plaintiff Prevails In First BIPA Class Action Jury Trial

With rising concerns from consumers about data protection, companies across the nation are doing their utmost to avoid data incidents. As such, the seriousness of allegations that a data breach has occurred, true or not, can potentially lead to lasting damage to an organization’s credibility, leaving many companies to wonder what actions can be taken