Categories
Archives
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok
Data Matters
Cybersecurity, Privacy, Data Protection, Artificial Intelligence, Internet Law, and Policy
Massachusetts’ Highest Court Signals Willingness to Scrutinize State Wiretapping Laws and Knock Out Claims at the Pleading Stage
For the past few years, hundreds of companies have been caught in a wave of privacy class actions relying on decades-old wiretapping laws to attack modern website technologies and business tools. Last week, Massachusetts’s highest court engaged in a thorough assessment of that state’s wiretap law and rejected plaintiff’s argument that commonly used website advertising and analytical tools intercepted “communications” in violation of the law. The basis for the suit is not novel — hundreds of similar cases have been filed in the past few years. But the Supreme Judicial Court’s willingness to engage in a deep analysis of the wiretapping law early in the case is noteworthy.
(more…)
Amy P. Lally
Century City
alally@sidley.com
Jack W. Pirozzolo
Boston
jpirozzolo@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Sheri Porath Rockwell
Century City
sheri.rockwell@sidley.com
Kseniya K. Belysheva
Los Angeles
kbelysheva@sidley.com
CFPB Releases Final Rule on Personal Financial Data Rights
On October 22, 2024, the U.S. Consumer Financial Protection Bureau (CFPB) issued a final rule under Section 1033 of the Consumer Financial Protection Act of 2010.1 The final rule includes several important changes from the proposed rule. This client alert focuses on those changes. For an analysis of the proposed rule, please see our Sidley Update here. The final rule also includes hundreds of pages of Supplementary Information that provide important insights into the manner in which the CFPB will enforce the final rule.
(more…)
Joel D. Feinberg
Washington, D.C.
jfeinberg@sidley.com
David E. Teitelbaum
Washington, D.C.
dteitelbaum@sidley.com
Stanley J. Boris
Washington, D.C.
sboris@sidley.com
Second Circuit Offers Guidance on Meaning of “Consumer” Under the U.S. Video Privacy Protection Act
Yesterday, in Salazar v. National Basketball Association, the Second Circuit Court of Appeals reversed a district court’s dismissal of a putative class action under the Video Privacy Protection Act (VPPA), offering an interpretation of the VPPA’s definition of “consumer” that differs from how the majority of courts have used that term.
(more…)
Amy P. Lally
Century City
alally@sidley.com
Ian M. Ross
Miami
iross@sidley.com
Top Trends in the European Digital Health/AI Market
Digital health AI technologies are transforming the advancement of drug development and healthcare delivery at an unprecedented speed, backed by governments facilitating the momentum to improve healthcare for their growing populations. Sidley’s European life sciences lawyers Josefine Sommer, Eva von Mühlenen, and Francesca Blythe share a timely take on the top 5 life sciences industry trends being shaped by pioneering digital technologies. We are delighted to present a series of insightful interviews with leaders from a diverse digital health ecosystem giving their perspectives from Roche, Origen Genetics, FemTech Insights, Verge, Steto, and Clario.
(more…)
Josefine Sommer
Brussels
jsommer@sidley.com
Eva von Mühlenen
Geneva
emuhlenen@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Compliance Programs Expected to Evolve With Technology: DOJ Updates Corporate Compliance Guidance to Include Artificial Intelligence
On September 23, 2024, the U.S. Department of Justice (DOJ) updated its Evaluation of Corporate Compliance Programs (the ECCP) to reflect DOJ’s evolving expectations with respect to corporate compliance programs, including how those programs appropriately address the compliance risks of new technology such as artificial intelligence (AI). While the ECCP is drafted as a guidance document for prosecutors to assess the effectiveness and adequacy of a company’s compliance program, the ECCP also is a tool for companies to conduct a similar assessment. With DOJ’s most recent update to this document, this tool now reflects DOJ’s focus on disruptive technology risks. This Update provides some general background on the ECCP and analyzes DOJ’s latest revisions to the ECCP, including the introduction of questions and considerations for companies concerning their use of new and emerging technology such as AI.
(more…)
Data Matters Contributors
sidleyprivacyblog@sidley.com
Advisor to the CJEU Confirms GDPR Fines For Subsidiary Infringements Should Reflect Group Turnover
On 12 September 2024, Advocate General Medina issued their Opinion in Case C-383/23 in which they confirmed that supervisory data protection authorities must, when calculating the fine for a GDPR infringement committed by a subsidiary, take into account the total annual turnover of the entire group—a concept known as parental liability.
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
Anila Rayani
London
anila.rayani@sidley.com
U.S. Department of Commerce Issues Proposed Rule on ICTS Supply Chain for Connected Vehicles
On September 26, 2024, the U.S. Department of Commerce Bureau of Industry and Security (BIS) Office of Information and Communications Technology and Services (OICTS) published a long-awaited rule proposing to ban certain connected vehicles transactions involving hardware and software linked to the People’s Republic of China (China) and Russia. BIS also proposed extensive compliance obligations for importers and manufacturers of connected vehicles and related components, which come as the automotive industry continues to grapple with how to protect critical safety-related data as vehicle interconnectivity increases.
(more…)
Jen Fernandez
Washington, D.C.
jen.fernandez@sidley.com
Elyssa R. Kutner
Washington, D.C.
ekutner@sidley.com
Aaron L. Flyer
Washington, D.C.
aflyer@sidley.com
Heather Hedges
Washington, D.C.
hhedges@sidley.com
Sophia E. Wallach
Century City
swallach@sidley.com
DOL Confirms Cybersecurity Guidance Applies to All Employee Benefit Plans
The U.S. Department of Labor (DOL) published Compliance Assistance Release No. 2024-01 on September 6, 2024. The release, titled “Cybersecurity Guidance Update,” clarifies that the cybersecurity guidance the DOL issued in April 2021 applies to all employee benefit plans, including health and welfare plans. The DOL states that since the guidance was published, service providers have told plan fiduciaries and Employee Benefits Security Administration (EBSA) investigators that the guidance applies only to retirement plans.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Beth J. Dickstein
Chicago
bdickstein@sidley.com
Mary C. Niehaus
Chicago
mniehaus@sidley.com
Madeline Clasen
Chicago
mclasen@sidley.com
Effective Dates and Links to Recent Privacy, Cybersecurity, and Digital Laws in the U.S. and EU
Consumer Privacy Statutes EFFECTIVE DATES:
U.S. State Comprehensive Consumer Privacy Laws EFFECTIVE DATES:
U.S. State Comprehensive Consumer Privacy Laws
and EU Digital, Cybersecurity Acts
Upcoming Events
Women in Privacy Networking Lunch
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Sharon R. Flanagan
sflanagan@sidley.com
David A. Gordon
dgordon@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Robert D. Keeling
rkeeling@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Glenn G. Nash
gnash@sidley.com
Rollin A. Ransom
rransom@sidley.com
Alan Charles Raul
araul@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com