Litigation

On May 8, 2023, the Online Criminal Harms Bill[1] (Bill) was introduced for its first reading in Singapore’s Parliament.

The Bill empowers a competent public authority[2] to issue any of five distinct types of directions:

  1. A Stop Communication Direction, which requires a person or entity to remove, stop posting or transmitting, and/or disable access to online criminal content so it is not accessible by any persons in Singapore.
  2. A Disabling Direction, which requires an online service provider (such as a social media platform or instant messaging provider) to disable access to specified content, such as material that had been posted or transmitted on or through an online service. This extends to disabling access to any identical copies of the relevant material, as well as to any location on the online service from where the content could be retrieved.
  3. An Access Blocking Direction, which requires an internet service provider to block access by persons in Singapore to any material or location such as a website.
  4. An Account Restriction Direction, which requires an online service provider to stop or restrict interaction between an account on its online service from communicating and interacting with any persons in Singapore.
  5. An App Removal Direction, which requires an app store to stop distributing an app to, and to stop enabling the download of this app by, any persons in Singapore.

Continue Reading Singapore Introduces New Law to Order Removal, Blocking of Harmful Online Content

A growing area of privacy litigation concerns claims brought under federal and state wiretapping laws against website operators.  In many of those cases, plaintiffs allege that their personal information was improperly intercepted and disclosed to third parties, including in relation to information purportedly provided through a website’s chat feature.  Last month, a federal court in

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

NIST Not Voluntary in the Volunteer State: Tennessee Privacy Law Requires Comprehensive Written Privacy Program that Conforms to a Voluntary

This article was originally published on Privacy World on May 4, 2023 and was updated on May 16, 2023.

The Tennessee Information Protection Act (“TIPA”), signed into law on May 11, 2023, is a hodgepodge of the current U.S. state consumer privacy laws, but with a notable twist.

What’s the Same

Like the other state

2023 has swiftly become the year of the U.S. National Cybersecurity Strategy.  On March 2, 2023, the Biden Administration issued its National Cybersecurity Strategy brief, outlining its vision to: (1) defend critical infrastructure; (2) disrupt and dismantle threat actors; (3) shape market forces to drive security and resilience; (4) invest in a resilient future; and (5) forge international partnerships to pursue shared goals. In furtherance of the goal to defend critical infrastructure, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by-Design and -Default” (the “Report”), on April 13.

Calling the current state of technology “vulnerable by design,” the Report aims to encourage technology manufacturers to integrate security into their products from the ground up, factoring security into product development beginning at the design phase.  In addition to the CISA, several American security agencies (the National Security Agency and Federal Bureau of Investigation) and international cybersecurity agencies (from Australia, Canada, the United Kingdom, Germany, the Netherlands, and New Zealand) collaborated to provide a unified recommended approach to the development of both software and hardware.  Below, we break down what the Report means for the tech sector.Continue Reading New CISA Guidelines Lay Out Unified International Principles on Security-by-Design and Security-by-Default

Today the Seventh Circuit issued a ruling which affirmed the dismissal of claims filed under Illinois’s Genetic Information Privacy Act.  Bridges, et al. v. Blackstone, Inc., No. 22-2486 (7th Circ. 2023).  Because this decision limits in most instances the circumstances under which claims could be brought under the statute in the context of a

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Law360 Publishes “CFPB’s Hazy ‘Abuse’ Definition Creates Compliance Questions” Article by Keith Bradley and David Coats | Privacy World

Governor

Key takeaway: Last week, Arkansas became the latest state to pass legislation requiring social media companies to obtain parental consent before allowing minor users to create accounts on their platforms. The new law, titled Social Media Safety Act (“SMSA”) – is effective on September 1, 2023.

Similar to Utah’s Social Media Regulation Act (“Utah SMRA”,

This week a federal court in the Southern District of New York dismissed a privacy litigation brought against a website operator for claims under the federal Video Privacy Protection Act (“VPPA”), holding the allegation that plaintiffs had electronically subscribed to defendant’s newsletter was not sufficient for them to qualify as “subscribers” under the VPPA.  Carter v. Scripps Network LLC, Case No. 1:22-cv-02031 (S.D.N.Y.)

As Privacy World has previously covered, dozens of website operators have been named as defendants recently in putative class actions, with claims also being filed in arbitration, for alleged violation of the VPPA.  In many circumstances, plaintiff in such cases allege that the defendant improperly disclosed their video viewing history to social media companies for advertising purposes.  Because this ruling limits the scope of claims that can be brought under the VPPA and is persuasive authority in other pending cases, it will likely be relied upon by defendants going forward.Continue Reading Federal Court Dismisses Privacy Claims Brought Against Website Operator, Finding Online Subscriptions for Electronic Newsletter Insufficient To Impose Liability Under Federal Video Privacy Protection Act

A putative federal class action brought on behalf of delivery drivers asserting invasion of privacy and wiretapping claims against a global e-commerce company survived an interlocutory appeal last week.  The Ninth Circuit Court of Appeals upheld a decision from the U.S. District Court for the Southern District of California that allows plaintiff’s claims to proceed.