US

Last month, the United States Court of Appeals for the Third Circuit decided a set of consolidated appeals in Fair Credit Reporting Act (“FCRA”) actions brought by consumers against a credit reporting agency.  The consumers all alleged that a notation in their credit reports was misleading and inaccurate under the FCRA, which requires credit reporting

In case you missed it, below are recent posts from Consumer Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 State Privacy Laws: How to Assess and Ensure Readiness by Year-end

Malcolm Dowden and Niloufar Massachi Discuss Vendor

We head into the fourth quarter on the heels of the first public California Consumer Privacy Act (CCPA) civil penalty, while also looking ahead to the new state privacy laws in Virginia, Colorado, Connecticut, and Utah and the significant updates that the California Privacy Rights Act (CPRA) will bring to the CCPA. Considering that regulations

In a CLE webinar earlier this week, Malcolm Dowden (Partner, London) and Niloufar Massachi (Associate, Los Angeles) discussed evaluating, drafting, and updating vendor agreements to meet the privacy and security requirements of new US privacy laws and the GDPR.

Continue Reading Malcolm Dowden and Niloufar Massachi Discuss Vendor Contracting Requirements Under New US Privacy Laws and the GDPR

The Federal Trade Commission (FTC) has released a staff reportBringing Dark Patterns to Light, which discusses misleading and manipulative design practices—dark patterns—in web and mobile apps. These design choices take advantage of users’ cognitive biases to influence their behavior and prevent them from making fully informed decisions about their data and purchases. Dark patterns are employed to get users to surrender their personal information, unwittingly sign up for services, and purchase products they do not intend to purchase. The consequences of dark patterns have been increasingly noticed in the regulatory and legislative sphere, both in the United States and Europe

Continue Reading Dark Patterns under the Regulatory Spotlight Again

Recently, eyewear brands that offer virtual try-on (“VTO”) tools—which allow website visitors to “try before they buy” while shopping online—have faced a barrage of class action lawsuits alleging violations of the Illinois Biometric Information Privacy Act (“BIPA”). Importantly, however, BIPA suits are not the only legal risks that continue to increase for eyewear retailers today,

Earlier this month, Law360 released the names of those chosen for the 2022 MVP awards. Of the 900 attorneys who were nominated for the honor, Law360 notes that, “[t]he attorneys chosen as Law360’s 2022 MVPs have distinguished themselves from their peers by securing hard-earned successes in high-stakes litigation, complex global matters and record-breaking deals.”

Continue Reading Congratulations to CPW’s Kristin Bryan on Being Named a 2022 Cybersecurity & Privacy MVP by Law360!

As previously reported, the Federal Communications Commission last month released responses from the 15 major wireless carriers concerning their data retention and privacy practices, particularly with respect to location information.

In doing so, the FCC Chairwoman announced that she had asked the agency’s “Enforcement Bureau to launch a new investigation into mobile carriers’ compliance with FCC rules that require carriers to fully disclose to customers how they are using and sharing geolocation data.”

Continue Reading FCC Reportedly Issues Letters of Inquiry Seeking Further Information on Wireless Providers Data Privacy Practices

With the implementation of new regulations involving the handling of “HR data” across the US and the EU, transatlantic employers can expect to face unique challenges as they make efforts to incorporate these new regulations with existing procedures. In the coming months, managing data subject rights and business obligations that apply to HR data will

The California Consumer Privacy Act (CCPA) currently has limited carve-outs for personal information (PI) collected from a job applicant, employee, owner, director, officer, medical staff member, or independent contractor of a business acting in such capacity (including, without limitation, communications, emergency contact and benefits PI) (HR data). An even broader exception applies to B-to-B communications and related PI (e.g., vendor, supplier and business customer contacts and communications) (B-to-B data). As a result, businesses subject to the CCPA are not currently required to honor CCPA rights requests received from persons concerning HR data and B-to-B data. These carve-outs are set to sunset on January 1, 2023, when the California Privacy Rights Act (CPRA), which substantially amends the CCPA, goes into full effect, at which point HR data and B-to-B data will be fully subject to all of the requirements of the CCPA/CPRA. Many business administrators had hoped that either the California legislature would extend the HR data exceptions (or maybe even make them permanent), or a federal law that limited data subject rights to traditional consumers would pass and preempt CCPA/CPRA. It is now clear that the former is impossible and the latter is highly unlikely. Accordingly, many companies have a lot to do by year-end to prepare to stand up a CCPA/CPRA program for HR data and B-to-B data.

Continue Reading HR and B-to-B Data Compliance Deadline Looming – Legislative Efforts to Extend California Consumer Privacy Act Exemptions Fail