Photo of Sushila Chanana

Sushila Chanana is a high-stakes technology litigator and legal advisor, who has a background in privacy and cybersecurity. She counsels companies on compliance with data privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Invasion of Privacy Act (CIPA), and the General Data Protection Regulation (GDPR). She also represents companies in complex civil matters, including patent, trademark, copyright, and trade secrets disputes. Her clients have ranged from startups to Fortune 500 companies. In addition to representing clients in federal and state court, at both the trial and appellate levels, Sushila also assists clients with matters before the U.S. International Trade Commission (ITC) and the Patent Trial and Appeal Board (PTAB).

She counsels companies on compliance with various data protection laws, including the California Consumer Privacy Act (CCPA).

Contact: schanana@fbm.com

The California Privacy Protection Agency (CPPA) released its draft regulatory framework for automated decision-making technology (ADMT) on November 27. These regulations are a preview of what new requirements may look like for companies currently regulated by the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, the “CCPA”).

The proposed regulations generally require comprehensive disclosures and opt-out provisions for California consumers and employees regarding the use of ADMT. Continue Reading California Proposes New AI & Automated Decision-Making Technology Regulations

Shortly before Privacy Day, California Attorney General (Cal AG) Rob Bonta announced a California Consumer Privacy Act (CCPA) enforcement sweep that targeted mobile applications.

The sweep focused on popular apps in the retail, travel, and food service industries, which allegedly failed to comply with consumer opt-out requests. The sweep also included businesses that failed to comply with requests submitted by consumers’ authorized agents, including those sent by Permission Slip, a mobile app that allows consumers to send opt-out and deletion requests on the consumer’s behalf.
Continue Reading California Attorney General Announces Enforcement Sweep of Mobile Applications

Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras and security equipment. See In re: Wyze Data Incident Litigation, Case No. C20-0282-JCC (W.D. Wa. 2020). The lawsuit – which centered around a 2019 data breach incident – alleged that Wyze failed to comply with Federal Trade Commission requirements for safeguarding users’ personal information.
Continue Reading Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to become a reality for some. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings poses some unique challenges.

By taking proactive measures, a business can transform the personal data it holds from a reorganization liability into an asset. However, the issue of whether or not personally identifiable information (PII) can be sold (and under what terms) is a common way privacy issues come into play during liquidation and reorganization proceedings. As further discussed below, the GDPR and the CCPA, along with the prior positions taken by the FTC and various State Attorneys General, are all factors for companies to consider to ensure that data does not lose its value as part of the bankruptcy process.
Continue Reading Privacy During Bankruptcy Proceedings: Why It Matters

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic.

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida – joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes.
Continue Reading Zoom Successfully Addresses New York’s Privacy and Security Concerns

As privacy-related litigation continues to heat up, Judge Beth Freeman (ND Cal.) recently laid out in In re Google Assistant Privacy Litigation (Case No. 19-cv-04286)[1] a potential roadmap for surviving or winning a motion to dismiss on privacy-related causes of action.

The consolidated lawsuit against Google alleges violations on twelve counts, all relating to the Google Assistant product – a voice-activated technology used in mobile and home devices that listens for “hotwords” in order to carry out user commands. This case is an important one to watch and should be broadly instructive as many companies, big and small, are and have been hard at work on voice-activated technologies (compare, for instance, to Amazon’s Alexa, Apple’s Siri, and countless speech recognition start-ups around the world). Huge numbers of households and individuals currently have these devices in their homes and/or on their person at all times.
Continue Reading A Roadmap to Litigating Privacy Claims? A Look at a Recent Order From the Google Assistant Privacy Litigation

As large portions of society become subject to coronavirus-related quarantines, increasing numbers of people have turned to web-based communications platforms for classes, meetings, events, and socialization. One such platform, Zoom, has become, in some estimations, the most important app in the business world, and the single most downloaded mobile app in all of India.

With such rapid expansion in its user base, there was bound to be increased focus on the company. Over the last few weeks, Zoom has faced questions related to the legality of its privacy and information-gathering practices. In fact, in addition to addressing concerns on social media and national television programs, Zoom must also now defend itself in a new class action lawsuit involving the newly enacted California Consumer Privacy Act (“CCPA”), which we analyze below.
Continue Reading New CCPA Lawsuit Against Zoom: Issues to Watch