CJEU Considers the Use of CCTV and Legitimate Interests
With the use of CCTV on the rise, it has become increasingly important for controllers to find a framework in which the conflicting rights of those who are subject to such surveillance are balanced. In its recent decision of TK v Asociaţia de Proprietari bloc M5A-ScaraA EU:C:2019:1064 (TK), the CJEU considered whether the processing carried out by CCTV cameras was necessary and proportionate for the purposes of legitimate interests pursued by the controller.
Highest European Court Confirms: No Presumption of Confidentiality Over Documents Submitted in Marketing Authorization Dossier
On January 22, 2020, the Court of Justice of the European Union (CJEU) found that there is not a general presumption of confidentiality over documents containing clinical and preclinical data provided to the European Medicines Agency (EMA) to support a marketing authorization application. However, the CJEU indicated that certain information may be protected if the interested party can specifically show that the disclosure will cause it harm. This is the first time the CJEU has ruled on this matter, upholding the EMA’s approach to handling access to documents requests.
The Sixth Edition of The Privacy, Data Protection and Cybersecurity Law Review is Available
The sixth edition of The Privacy, Data Protection and Cybersecurity Law Review takes a look at the evolving global privacy, data protection and cybersecurity landscape in a time when mega breaches are becoming more common, significant new data protection legislation is coming into effect, and businesses are coming under increased scrutiny from regulators, Boards of Directors and their customers. Several lawyers from Sidley’s global Privacy and Cybersecurity practice have contributed to this publication. See the chapters below for a closer look at this developing area of law. (more…)
In an Eagerly Anticipated Decision, the Ninth Circuit Sides With Web Scrapers
For years, companies seeking to block web scrapers from collecting the information on their website would invoke the Computer Fraud and Abuse Act (CFAA), a U.S. law that criminalizes accessing a computer “without authorization.” But the U.S. Court of Appeals for the Ninth Circuit has now ruled that merely instructing scrapers that they are not welcome on a public website, either through a restrictive terms of use or a cease-and-desist letter, is probably not enough to render their access “unauthorized” under the CFAA. This decision is encouraging news for the many hedge funds, academic researchers and other data aggregators that use software bots to compile information online.
11th Circuit Rules Single Text Message Not Sufficient for Article III Standing
Creating a circuit split, the U.S. Court of Appeals for the Eleventh Circuit has held that receiving a single unwanted text message is not enough to confer standing, even if the text violated the federal Telephone Consumer Protection Act (TCPA). The court disagreed with a Ninth Circuit ruling that reached the opposite conclusion in 2017. In so doing, it gave new life to an argument defendants may use to fend off class actions under the TCPA.
Carpenter and Everything After: The Supreme Court Nudges the Fourth Amendment into the Information Age
*This article was first published by the American Bar Association Infrastructure and Regulated Industries in Summer 2019.
Every year, as the calendar turns to June, the legal community looks to the Supreme Court. Eager to get to the Term’s end, the Justices rush to complete all of the outstanding opinions. Since the most difficult and important cases usually take the longest to work out, they are typically the stragglers. June is thus the time when the “blockbuster” opinions are issued—the cases that law professors analyze in their tenure pieces and that law school students study, quite possibly for years to come.
FTC’s Authority to Obtain Monetary Relief is in Doubt
The U.S. Court of Appeals for the Seventh Circuit has struck a major blow to Federal Trade Commission (FTC) enforcement authority, holding that the agency cannot seek its preferred remedy of monetary restitution in federal court.
In recent years, the FTC has used Section 13(b) of the Federal Trade Commission Act (FTC Act)1 as its preferred enforcement mechanism, and it has done so to great effect. In 2017, for example, the FTC obtained $5.29 billion in restitution under this section. Civil penalties, which are authorized under a different part of the statute, totaled just $176 million that same year.
Navigating the CCPA’s ‘Notice and Cure’ Provision
*This article was first published by Bloomberg Law in August 2019
Companies doing business with California consumers are impacted by the California Consumer Privacy Act (effective Jan. 1, 2020). The CCPA’s private right of action provision gives California residents the right to sue companies when their personal information is subject to unauthorized access and exfiltration, theft, or disclosure due to a company’s failure “to implement and maintain reasonable security procedures and practices.”
Under this provision, consumers may seek actual damages, declaratory or injunctive relief, and statutory damages, which begin at $100 and continue up to $750 “per consumer per incident.” The potential aggregated exposure through consumer class actions could be significant, and companies are searching for ways to mitigate private lawsuits.
A Closer Look at California Privacy Law Bar on Two Contract Clauses
*This article first appeared in Law360 on July 8, 2019
In September of 2018, California passed a significant new consumer privacy law, the California Consumer Privacy Act, which is the first U.S. law to regulate how businesses with a presence in California collect, share, and use consumer data. The CCPA not only imposes significant compliance obligations on companies conducting business with California residents but also incentivizes class action litigation through both the CCPA’s private right of action and California’s Unfair Competition law.
U.S. Supreme Court Poses New Questions About the Scope of Hobbs Act Review
On June 20, in PDR Network, LLC v. Carlton & Harris Chiropractic, Inc., the U.S. Supreme Court vacated a decision of the U.S. Court of Appeals for the Fourth Circuit that had been adverse to the interests of our client, PDR Network. Both the majority and concurring opinions in PDR Network raise interesting issues for lower courts to ponder as they consider how much to defer to agency decision making.