privacy

Supreme Court Leaves Standing for Privacy and Cybersecurity Cases Unresolved

Michelle Visser, David Cohen and Nicole GelsominiPosted on May 20, 2019

Privacy & Cybersecurity Litigation partner Michelle Visser, counsel David Cohen and associate Nicole Gelsomini authored this blog post for the Washington Legal Foundation on the unsettled state of the law on constitutional standing in privacy and cybersecurity cases in the wake of two recent Supreme Court developments. Constitutional standing challenges are, and will continue to be, an important potential tool for privacy and cybersecurity defendants seeking to dismiss certain class actions brought in federal court. To establish standing, a private plaintiff must show, among other things, that he or she faces an actual or imminent concrete injury from the defendant’s conduct. As explained in the Washington Legal Foundation post, however, the Supreme Court recently passed on two chances to clarify the test that will govern this standing inquiry, leaving defendants to wade through conflicting and ambiguous lower court precedent. The uncertain and nuanced state of this area of law underscores the importance of retaining experienced cybersecurity and privacy defense counsel when faced with this type of suit.

Google to Pay $57 Million for GDPR Violations

Christian Schröder, Kolvin Stone, Emily Tabatabai, Antony P. Kim, Amelie von Alten, Colin Hinds and David CurtisPosted on February 13, 2019

On January 21, 2019, the French data protection supervisory authority (“CNIL”) fined Google €50 million (approximately $57 million) for violating the European General Data Protection Regulation (“GDPR”). The fine penalizes Google for failing to comply with the GDPR’s transparency and notice requirements, and for failing to properly obtain consent from users for ads personalization. This is the largest GDPR fine imposed to date and the first action against a major global tech player. The CNIL’s decision sends an important message to companies that tough enforcement actions are not just a theoretical threat. Companies should look closer at data protection compliance and particularly work on their notices and consent forms. READ MORE →

California Sets the Standard With a New IoT Law

Emily Tabatabai, Antony P. Kim and Kyle KesslerPosted on November 14, 2018

This past September Governor Brown signed into law Senate Bill 327, which is the first state law designed to regulate the security features of Internet of Things (IoT) devices. The bill sets minimum security requirements for connected device manufacturers, and provides for enforcement by the California Attorney General. The law will come into effect on January 1, 2020, provided that the state legislature passes Assembly Bill 1906, which is identical to Senate Bill 327. READ MORE →

Making Your Head Spin: “Clean Up” Bill Amends the California Consumer Privacy Act, Delaying Enforcement But Making Class Litigation Even MORE Likely

Emily Tabatabai, Antony P. Kim, Aravind Swaminathan and Kyle KesslerPosted on September 5, 2018

The California Consumer Privacy Act of 2018 (the “CCPA” or the “Act”), which we reported on here and here continues to make headlines as the California legislature fast-tracked a “clean up” bill to amend the CCPA before the end of the 2018 legislative session. In a flurry of legislative activity, the amendment bill (“SB 1121” or the “Amendment”) was revised at least twice in the last week prior to its passage late in the evening on August 31, just hours before the legislative session came to a close. The Amendment now awaits the governor’s signature.

Although many were hoping for substantial clarification on many of the Act’s provisions, the Amendment focuses primarily on cleaning up the text of the hastily-passed CCPA, and falls far short of addressing many of the more substantive questions raised by companies and industry advocates as to the Act’s applicability and implementation. READ MORE →

Understanding Calif.’s Game-Changing Data Protection Law: The California Consumer Privacy Act of 2018

Emily Tabatabai and Antony P. KimPosted on July 13, 2018

Orrick partners Emily Tabatabai, Tony Kim and Jennifer Martin authored this article for Corporate Counsel on the sweeping implications for businesses of California’s newly-enacted privacy law. Members of our global Cybersecurity, Privacy and Data Innovation Practice, Emily, Tony and Jennifer outline the reasons the new law will have “a significant impact on core business operations.”

Are you ready for the CCPA? Take Orrick’s CCPA Readiness Assessment.

Assess your company against CCPA provisions.
Receive a complimentary report summarizing the likely key impacts.
Use the report to development to develop your CCPA project plan.

Data Protection Officer and IT Manager – Two Jobs That Do Not Match

Christian Schröder, Sophie Ratzke and Antony P. KimPosted on December 1, 2016

Companies required to appoint a data protection officer (“DPO” ) in Europe should carefully consider which candidate is best to select for the job. A company established in Bavaria, Germany, was recently fined by the Bavarian data protection authority (Bayerisches Landesamt für Datenschutzaufsicht, “BayLDA“) for appointing a DPO who at the same time held an operational position as an IT manager. The appointment was deemed to create a conflict of interests between the two functions. This decision could potentially influence the interpretation of the upcoming EU General Data Protection Regulation (“GDPR“) and thus influence the appointment of DPOs by international companies.

What is the FTC Doing About Privacy and Drones?

Erica Rothenberg and Aravind SwaminathanPosted on October 25, 2016

4 Major Takeaways from Federal Trade Commission FTC October 2016 panel on drones & privacy

Last week, as part of its Fall Technology Series, the Federal Trade Commission (“FTC”) hosted a much-anticipated workshop to explore the privacy concerns associated with drones. Although many in the audience hoped that this workshop would provide some insight into the FTC’s perspective and position on regulation of drones and privacy, the workshop left attendees with more questions than answers. We were there, and provide you with some of the key takeaways.

What Happens When My Company Receives a National Security Letter? A Primer.

Keith Burney, Aravind Swaminathan, Harry Clark, McGregor Scott and Melinda HaagPosted on October 13, 2016

Cyber Security Keyboard Button National Cybersecurity Awareness Month

Even today, most companies—even technology companies—do not think they have information that the U.S. Government wants or needs, particularly as it might relate to a national security investigation. The reality is that as terrorists and others who threaten national security use a broader spectrum of technology resources to communicate and to finance and conduct operations, the U.S. Government has significantly increased its collection of data from technology companies and others.

Internet Providers on Notice: Draft Privacy Regulations Coming Soon

Sam Castic, Emily Tabatabai, Aravind Swaminathan and Antony P. KimPosted on March 15, 2016

This month, the Federal Communications Commission (FCC) will consider issuing a Notice of Proposed Rulemaking (NPRM) for privacy regulations that will apply to broadband providers. The goals and objectives of the proposed regulations, which will be offered by FCC Chairman Wheeler, are outlined in a short document that the FCC released. The proposed regulations will likely contain strict privacy requirements that broadband providers have never before been subject to under federal law.

Trust Anchor