Recently, there has been a wave of consumer privacy class action litigation against website operators alleging privacy violations around the use of session replay and chatbot technology. Remarkably, no specific legislative change triggered this increase. Instead, the rise follows recent court decisions holding businesses liable under state wiretap and eavesdropping…
On 22 May 2023, the Irish Data Protection Commission (“DPC”) fined Facebook parent Meta EUR 1.2 billion for transferring personal data to the U.S. in violation of GDPR. The DPC also ordered Meta to suspend further transfers unless it can bring such transfers into compliance within 5 months. Meta is…
In honor of Data Privacy Week, and as we kick off 2023, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity sector. How will the new Privacy Shield in the EU and UK affect data regulation? How will state privacy…
On December 13, 2022, the European Commission published a draft adequacy decision on the EU-US Data Privacy Framework (the “Framework”), the successor to the EU-US Privacy Shield Framework that was famously struck down by Europe’s top court two years ago. While the purpose of the draft adequacy decision, once adopted,…
Introduction On June 4, 2021, the European Commission (the “EC”) abolished the old Standard Contractual Clauses (the “Old SCCs”) and published a new more flexible set of clauses (the “New SCCs”) for companies that wish to export personal data from the EU to elsewhere to rely on (for more information,…
UPDATE: On October 7, 2022, President Biden signed an Executive Order on “Enhancing Safeguards for United States Signals Intelligence Activities,” establishing new privacy safeguards and oversight mechanisms for foreign intelligence that will form the basis of a new EU-U.S. Data Privacy Framework (“DPF”). The DPF, which President Biden and European…
After years of lengthy debates, Congress passed and the President signed into law a bipartisan bill requiring entities in sectors deemed to constitute “critical infrastructure” to report certain cyber incidents and ransomware payments. Currently, companies may and often do voluntarily report cyber incidents to the FBI or other federal agencies,…
In a decision that is certain to reverberate through the big data community, the U.S. Court of Appeals for the Ninth Circuit ruled that the primary legal tool that companies tried to use to limit scraping of their websites – the criminal statute Computer Fraud and Abuse Act (“CFAA”) –…
On March 25, 2022, President Biden and the President of the European Commission (“EC”) von der Leyen announced that the US and EU reached an agreement in principle on a new Trans-Atlantic Data Privacy framework for transatlantic data flows (the New Framework). The parties now need to translate the consensus…
As a significant step in its ongoing initiatives on the disclosure, management and oversight of cybersecurity risks and incidents, on March 9, 2022 the U.S. Securities and Exchange Commission (SEC) proposed new rules that would significantly increase cyber-related disclosures by public operating companies. The proposed rules would: Require disclosure in Form 10-Q…