CPW’s Kristin Bryan was recently interviewed by the UK outlet Vixio regarding recent developments in U.S. data privacy and data breach litigation.  As she explains, “there are emerging technologies and practices that will continue to test the limits of preestablished data privacy laws, including in the context of data breaches.”  She predicts that data privacy

CPW has previously covered the significance of arbitration clauses in the context of data privacy litigation.  While an arbitration agreement does not allow a defendant to avoid a lawsuit outright, it does provide an escape mechanism from public scrutiny and the costs associated with litigation. Whether an arbitration agreement applies to a dispute is a

The Fair Credit Reporting Act (“FCRA”) is a frequently litigated data privacy statute.  [Note: For more on the FCRA and what it requires, check out this overview].  In a recent litigation involving claims under the FCRA, the Court denied the defendant’s motion to dismiss.  The opinion is a reminder of the essential

Readers of CPW are already familiar with the New York Biometric Bill, which resembles the Illinois Biometric Privacy Act (“BIPA”) and contains a private right of action.  If enacted, it would be a sea change for data privacy litigation in New York.  However, the New York Biometric Bill is not the only privacy legislation

In its latest filing in Thornley v. Clearview AI, No. 20-3249, defendant Clearview AI petitioned the Seventh Circuit to stay the issuance of its mandate in the litigation because it plans to file a petition for writ of certiorari with the Supreme Court.  The Seventh Circuit has not yet issued its mandate following its

As CPW readers may recall, in December 2020, two notable data privacy multidistrict litigations (“MDLs”) were created:  In re: Clearview AI, Inc., Consumer Privacy Litigation (“Clearview”) and In re Blackbaud, Inc. (“Blackbaud”). Since then, each case has experienced a few developments.  Read our summary of developments below, and be sure to subscribe

As reported in a must-read analysis, the Information Commissioner’s Office has for only the second time in its history successfully prosecuted individuals under the Computer Misuse Act 1990 in order to impose harsher criminal penalties for unauthorized access to personal data (including but not limited to prison sentences and confiscation orders) than are available

CPW has previously covered the state of play for data scraping litigation in the context of hiQ’s and LinkedIn’s ongoing dispute.  For an update on this litigation, read on below.

As a reminder, data scraping is a mechanism of extracting data from websites (including websites not available to the public and accessible only to individuals

Virginia took one step closer the end of last week to becoming the second state with its own comprehensive data privacy legislation, as the Virginia General Assembly voted to send the Consumer Data Protection Act (“CDPA”) to the desk of Governor Ralph Northam.  Governor Northam has previously expressed support for the measure and is expected