Technology

Legislative Update: Privacy Bills Not Immune to COVID-19 As Legislative Efforts Persist and Evolve

Heather Egan Sussman, Melanie D. Phillips, Nicholas Farnsworth and Tori DowneyPosted on May 22, 2020

Today, we are all facing a public health crisis unlike any other we have seen in our lifetime. In addition to serious consequences to global health, the COVID-19 pandemic has created significant disruption in the legal system and privacy law initiatives have not been immune to the virus’s impact. With many state legislatures nearing or at the end of legislative sessions taken over by pandemic priorities, state privacy bill initiatives across the country are grinding to a halt. However, some lawmakers are pushing forward with targeted proposals to protect individual privacy in the face of COVID-19 and some states, particularly California, continue public and private efforts to bolster privacy in their jurisdiction. Below is a summary of the 2020 privacy legislative efforts to date and the impact COVID-19 has had on their progress. READ MORE →

Two Diverging Federal COVID-19 Privacy Bills Proposed

Heather Egan Sussman, Ian Adams and Maria RouvalisPosted on May 18, 2020

In recent days, Congress has introduced two divergent “emergency” bills to address privacy issues arising during the COVID-19 crisis. While both bills aim to protect personal data collected for the purposes of contact tracing and containing the spread of the illness, the bills – one led by Republicans, the other by Democrats – offer different approaches in key areas, including the scope of entities covered, preemption of state law, and whether to provide a private right of action. Given these differences, it is unlikely either bill will pass in its current form, barring significant concessions from each side of the aisle. Here is a high-level summary of the key points addressed in each bill: READ MORE →

EDPB Tears Down Cookie Walls – Implementation of Cookies in Europe Becomes Even More Challenging

Christian Schröder and Dennis SchmidtPosted on May 13, 2020

On May 4, the European Data Protection Board (“EDPB”)—an independent body which ensures that the General Data Protection Regulation (“GDPR”) is consistently applied within the EU—has updated its guidelines on consent under the GDPR, clarifying its requirements regarding the GDPR compliant use of cookies on a website. READ MORE →

Prison Time for Personal Use of Company Computers? Supreme Court Grants Cert to Decide Whether Noncompliance With a Company’s Terms of Use Constitutes a Violation of the Computer Fraud and Abuse Act

Aravind Swaminathan, Jacob M. Heath, Marc Shapiro and Melanie D. PhillipsPosted on May 5, 2020

On Monday, April 20th, the Supreme Court accepted cert in Van Burien v. United States to (hopefully) resolve a longstanding circuit split regarding the Computer Fraud and Abuse Act (or CFAA): Does an individual exceed authorized access when he or she accesses a computer contrary to a policy or agreement limiting access (i.e., accessing a computer for a purpose beyond those permitted by the company). READ MORE →

Tale of Two Acts: Washington Facial Recognition Law Succeeds, Privacy Act Falters

Aravind Swaminathan, Nicholas Farnsworth and Michelle NancePosted on April 3, 2020

On Tuesday, Washington Governor Jay Inslee signed into law legal restrictions on the use of facial recognition by public agencies (SB 6280), while the Washington Legislature previously reached an impasse on the proposed Washington Privacy Act (SB 6281) due to a few big ticket items, particularly whether the Act would be enforceable via a private right of action for Washington residents. READ MORE →

FRAUD ALERT: PAYMENT PROCESSORS AND ISOs MUST ENSURE THAT THEIR COMPLIANCE PROCEDURES CAN DETECT COVID-19 FRAUD

Jonathan Direnfeld, Antony P. Kim, Barrie VanBrackle and Parag PatelPosted on March 26, 2020

The Federal Trade Commission (“FTC”) plans to aggressively police companies that use deceptive marketing to take advantage of consumers’ fears relating to the COVID-19 pandemic. The FTC is focused on a broad range of potential deceptive practices, including unapproved or unsubstantiated health claims, work-at-home schemes, finance schemes, and misrepresentations as to the current availability of in-demand products, such as cleaning, household, and health or medical supplies. The FTC has already issued warning letters to seven sellers of unapproved and misbranded products who claimed that their products could treat or prevent the coronavirus, and additional warning letters or enforcement actions are likely to follow as the pandemic progresses and economic uncertainty increases. READ MORE →

How to Move to Remote Work and Comply with U.S. Privacy and Cybersecurity Laws

Heather Egan Sussman, Antony P. Kim and Matthew E.S. ColemanPosted on March 23, 2020

Cybercriminals are known to attack networks and individuals at inopportune times of crisis—and the coronavirus pandemic unfortunately presents just such an opportunity as millions are accessing corporate networks and databases from home. This past weekend New Jersey and Connecticut joined the growing list of jurisdictions (e.g., California, Delaware, Illinois, Louisiana, Ohio, and New York) to issue orders effectively requiring non-essential workers to avoid the workplace, and in some cases, to shelter-in-place. READ MORE →

The CCPA Is in Effect and It Is Not Too Late to Get Started in 2020

Heather Egan Sussman, Emily Tabatabai, Nicholas Farnsworth and Maria RouvalisPosted on January 2, 2020

Happy New Year! At long last, the California Consumer Privacy Act of 2018 (“CCPA”) went into effect yesterday, January 1, 2020. For those who have not yet heard, the CCPA establishes a comprehensive legal framework to govern the collection and use of personal information, both online and offline, and provides unprecedented privacy rights to California consumers, in effect becoming the de facto national standard for U.S. privacy law. The law introduces new legal risks and considerations for companies that collect information from California consumers, due to the law’s expansive scope, broad definition of personal information, increased disclosure obligations, enhanced consumer rights, potential for statutory fines and, in the event of a security incident, the potential for consumer class action litigation. READ MORE →

Digital Devices Sold in Russia After July 2020 Must Have Russian Software Installed

Konstantin KasyanPosted on December 5, 2019

Amendments to Russian consumer protection law require installation of local software on digital devices to be sold in Russia after July 2020. The Russian government will publish lists of the digital devices covered by the new requirements and local software that is approved by the government. Experts believe that computers, smartphones and smart TVs will likely be named among such digital devices.

The amendments were signed into law on December 2, 2019, and will come into force on July 1, 2020. READ MORE →

Orrick Webinar: CCPA Compliance – It’s Not Too Late to Get Started!

Heather Egan Sussman and Kyle KesslerPosted on November 7, 2019

Webinar | November 21, 2019

Download Powerpoint Presentation

Please join Heather Sussman and Kyle Kessler for the Cyber, Privacy & Data Innovation practice’s webinar “CCPA Compliance – It’s Not Too Late to Get Started!”

Trust Anchor