*This article was first published by the American Bar Association Infrastructure and Regulated Industries in Summer 2019.
Every year, as the calendar turns to June, the legal community looks to the Supreme Court. Eager to get to the Term’s end, the Justices rush to complete all of the outstanding opinions. Since the most difficult and important cases usually take the longest to work out, they are typically the stragglers. June is thus the time when the “blockbuster” opinions are issued—the cases that law professors analyze in their tenure pieces and that law school students study, quite possibly for years to come.
The U.S. Court of Appeals for the Seventh Circuit has struck a major blow to Federal Trade Commission (FTC) enforcement authority, holding that the agency cannot seek its preferred remedy of monetary restitution in federal court.
In recent years, the FTC has used Section 13(b) of the Federal Trade Commission Act (FTC Act)1 as its preferred enforcement mechanism, and it has done so to great effect. In 2017, for example, the FTC obtained $5.29 billion in restitution under this section. Civil penalties, which are authorized under a different part of the statute, totaled just $176 million that same year.
*This article was first published by Bloomberg Law in August 2019
Companies doing business with California consumers are impacted by the California Consumer Privacy Act (effective Jan. 1, 2020). The CCPA’s private right of action provision gives California residents the right to sue companies when their personal information is subject to unauthorized access and exfiltration, theft, or disclosure due to a company’s failure “to implement and maintain reasonable security procedures and practices.”
Under this provision, consumers may seek actual damages, declaratory or injunctive relief, and statutory damages, which begin at $100 and continue up to $750 “per consumer per incident.” The potential aggregated exposure through consumer class actions could be significant, and companies are searching for ways to mitigate private lawsuits.
*This article first appeared in Law360 on July 8, 2019
In September of 2018, California passed a significant new consumer privacy law, the California Consumer Privacy Act, which is the first U.S. law to regulate how businesses with a presence in California collect, share, and use consumer data. The CCPA not only imposes significant compliance obligations on companies conducting business with California residents but also incentivizes class action litigation through both the CCPA’s private right of action and California’s Unfair Competition law.
On June 20, in PDR Network, LLC v. Carlton & Harris Chiropractic, Inc., the U.S. Supreme Court vacated a decision of the U.S. Court of Appeals for the Fourth Circuit that had been adverse to the interests of our client, PDR Network. Both the majority and concurring opinions in PDR Network raise interesting issues for lower courts to ponder as they consider how much to defer to agency decision making.
In a very significant FOIA decision for business, Food Mktg. Inst. v. Argus Leader Media, decided on June 24, 2019, the Supreme Court reversed 45 years of understanding that Exemption 4 only protects confidential business information whose disclosure by the government would cause “substantial competitive harm.”
Relying on the plain meaning of words in the statute – rather than what the Court majority characterized as muddled legislative history – the Court found that the D.C. Circuit had engrafted a condition on the Exemption that is not supported by the text. Rather, so long as the commercial or financial information obtained by the government is “private” or “secret” – the plain and ordinary meaning of “confidential” – it may be withheld from disclosure under FOIA.
Sidley has consolidated its materials and resources on the CCPA, including an amendment tracker, on the new Sidley CCPA Monitor.
Explore the law and Sidley insights, available now.
The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“GDPR”) came into force. For most in privacy, involvement with the GDPR has been ongoing for well over this year, but on the first anniversary of the GDPR we take an opportunity to look back and reflect on where we are now in relation to some key areas of interest including enforcement action, privacy litigation, breach notification and developing guidance from the European Data Protection Board (“EDPB”).
*This article first appeared in Law360 on May 15, 2019.
The California Consumer Privacy Act, known as the CCPA, is a new law set to go into effect on Jan. 1, 2020. The CCPA is the first U.S. law that will require businesses with an online presence in California to focus on user data and it regulates how businesses collect, share and use such data. One of the most significant risks to online business providers in California is that the CCPA provides for a private right of action for California consumers.
Terms and conditions generally specify the rules governing the use of a website or mobile application. Since every website is different, custom-drafted terms and conditions are necessary to protect a particular business. Well-crafted terms and conditions might address issues such as payment, taxes, refunds, gift certificates, accounts, disclaimers, user behavior on your site, warranties and limitations on liability.