Last week, the Attorney General for California filed a notice of appeal to overturn a federal court ruling that the state’s Age-Appropriate Design Code Act (“CAADCA”) likely violates the First Amendment. The appeal will put the constitutionality of California’s act before the Court of Appeals for the Ninth Circuit.
Following unanimous votes by the California
Data breaches are an all-too-familiar issue, affecting businesses of all sizes and across all industries. Beyond dealing with the operational and reputational impacts and other resulting fallouts of a data breach, businesses also face enhanced class action litigation risk.
A recent high-profile case serves as a valuable reminder that companies should consider reliance upon a well-established mechanism of mitigating class action litigation risk. In In re Marriott International, Inc., Consumer Data Security Breach Litig., 78 F.4th 677 (4th Cir. 2023), the Fourth Circuit Court of Appeals reversed the district court’s certification order in a data breach class action dispute due to the effect of a class action waiver signed by all putative class members. The Marriott decision demonstrates how class action waivers can be utilized as a core strategy for mitigating heightened data breach litigation risks.Continue Reading Recent Marriott Data Breach Class Action Decision Underscores the Importance of Class Action Waivers
The federal Video Privacy Protection Act (“VPPA”) is one of the most frequently litigated data privacy statutes. This month, a California federal court dismissed VPPA claims brought against Hershey, making clear that VPPA liability does not extend to all websites with playable video clips. Rodriguez v. The Hershey Company, et al., No. 3:23-cv-00398-L-DEB, 2023 WL
Originally posted on Squire Patton Boggs’ Global IP and Technology blog by David Elkins.
The U.S. is generally viewed as “behind” in its regulation of AI compared to the European Union and Asian countries. Yet ChatGPT’s release triggered a tsunami of U.S. legislation in 2023 from federal and state legislators seeking to address perceived concerns with the emerging and fast evolving technology. State legislatures have introduced nearly 200 AI bills in 2023. Congress does not have nearly that number of AI bills, with about 30 bills tabled thus far. The various pieces of U.S. legislation – federal or state – seek to regulate both the creation of AI models and how those models may be used.Continue Reading Federal Policymakers: Chasing the Runaway AI Train
As courts throughout the country wrestle with Article III standing in Session Replay Code cases alleging violations of wiretapping laws, consumer protection statutes and privacy torts, another federal court from the Eastern District of Missouri has joined those recently holding that a plaintiff must allege the sharing of some type of personal or sensitive information on the website in question in order to adequately alleged a concrete harm supporting Article III standing. Where the plaintiff failed to do so, the Court found Plaintiff failed adequately allege a concrete harm and dismissed her putative class action complaint for lack of standing in Adams v. PSP Group, LLC, No. 4:22-CV-1210 RLW, 2023 WL 5951784, — F. Supp.3d —- (E.D. Mo. September 13, 2023).Continue Reading Missouri Federal Court Declines to Transfer Case to Join Session Replay Class Actions in Washington and Dismisses Case for Plaintiff’s Failure to Allege Standing
On September 28, 2023, the Cyberspace Administration of China proposed draft regulations, the Regulations on Regulating and Facilitating Cross-border Data Flow (Draft Regulations), seeking public comment. If adopted, it will significantly reduce the restrictions on cross-border data transfers from China. This is a material effort by China to improve free data flows and an implementation of the “whitelist” mentioned under the 24 provisions for attracting foreign investment published in August 2023.Continue Reading China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers
Until late August 2023, California’s data protection law, the California Consumer Privacy Act, or “CCPA,” only provided for future rulemaking on automated decision-making, including profiling, on risk assessments, and on cybersecurity audits. However, during a board meeting it held this past Friday, September 8th, the California Privacy Protection Agency (“CPPA” or “Agency”), which shares enforcement authority of the CCPA with the California Attorney General, discussed a new set of draft regulations (“Regs”) it released for Agency discussion purposes in late August 2023. While not yet part of the official rulemaking, the draft and the discussions around it provides direction on its upcoming rulemaking on these topics. We will refer to the draft and related commentary as the “Roadmap.” Most notably, the Roadmap proposes that condensed versions of assessments and audits completed by businesses pursuant to their CCPA obligations be filed with the CPPA and sets forth detailed obligations surrounding such assessments and audits. The implication of this is that it may become obvious to the Agency which companies are or are not conducting assessments or audits and thus complying with their CCPA obligations. It may also provide the Agency an easily accessible way to review the evaluate businesses’ practices, especially with regard to higher risk processing activities. Furthermore, the Agency’s Roadmap suggests assessment requirements that not only incorporate, but exceed, what is required in the Colorado regulations, including risk / harm assessments of any monitoring of personnel or students, or monitoring of consumers in public places. We will be co-hosting a webinar with Ankura to take a deeper dive into what companies should be doing regarding assessments and audits. Register here to join us on October 18 to learn more.Continue Reading California’s Potential Approach to Regulations on Risk Assessments and Cybersecurity Audits Could Be a Game Changer
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
China Generative AI New Provisional Measures | Privacy World
Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy
As many of our readers know, keeping up with new developments in the privacy landscape is sometimes like drinking from a firehose. With respect to privacy enforcement, particularly in California and Colorado, the hose was turned on June 30th and has been running all summer long. This barrage of information has left unanswered questions for many. What does the delay in enforcement of the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CPRA) (together, CCPA) regulations really mean? What am I required to comply with as of today? What are regulators already focusing on in their privacy enforcement efforts this summer?Continue Reading Red Hot Enforcement Summer: No Vacation for California and Colorado Privacy Regulators
In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.
India Welcomes Landmark Data Protection Law | Privacy World
The French CNIL’s New Guidance on Whistleblowing | Privacy World