Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras and security equipment. See In re: Wyze Data Incident Litigation, Case No. C20-0282-JCC (W.D. Wa. 2020). The lawsuit – which centered around a 2019 data breach incident – alleged that Wyze failed to comply with Federal Trade Commission requirements for safeguarding users’ personal information. Continue Reading Arbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA

During these particularly trying times resulting from the COVID-19 pandemic, businesses of all sizes have been concerned about the future. As a result, considering potential liquidation or restructuring through bankruptcy is inevitably starting to become a reality for some. Companies in this situation should keep privacy concerns in mind, because the handling of personal data in bankruptcy proceedings poses some unique challenges.

By taking proactive measures, a business can transform the personal data it holds from a reorganization liability into an asset. However, the issue of whether or not personally identifiable information (PII) can be sold (and under what terms) is a common way privacy issues come into play during liquidation and reorganization proceedings. As further discussed below, the GDPR and the CCPA, along with the prior positions taken by the FTC and various State Attorneys General, are all factors for companies to consider to ensure that data does not lose its value as part of the bankruptcy process. Continue Reading Privacy During Bankruptcy Proceedings: Why It Matters

With a little time to consider the finalized California Consumer Privacy Act regulations released by the California Attorney General on August 14, 2020, it is clear that some last-minute negotiations (or perhaps just some thoughtful additional analysis) took place that led to some unexpected changes. The lion’s share of the regulation requirements have been discussed in depth, so let’s just focus on the following noteworthy changes: Continue Reading Twists in the Plot: California AG Releases Final CCPA Regulations

A few weeks ago on this blog, we addressed some of the legal issues that have arisen for Zoom, as it becomes a significant part of American daily life during the COVID-19 pandemic.

Among those legal issues was an inquiry by the New York State Attorney General into Zoom’s privacy practices, and particularly into its measures to detect and prevent hackers or other outside parties attempting to observe or interfere with online meetings. In several incidents, the third parties interrupted meetings with disturbing messages or images. In fact, two other states – Connecticut and Florida – joined the New York probe after state government officials fell victim to “zoombombing.” Based on perceived security flaws, on April 6, 2020, the New York City Department of Education implemented a ban on public schools’ use of Zoom for classes and educational purposes. Continue Reading Zoom Successfully Addresses New York’s Privacy and Security Concerns

As privacy-related litigation continues to heat up, Judge Beth Freeman (ND Cal.) recently laid out in In re Google Assistant Privacy Litigation (Case No. 19-cv-04286)[1] a potential roadmap for surviving or winning a motion to dismiss on privacy-related causes of action.

The consolidated lawsuit against Google alleges violations on twelve counts, all relating to the Google Assistant product – a voice-activated technology used in mobile and home devices that listens for “hotwords” in order to carry out user commands. This case is an important one to watch and should be broadly instructive as many companies, big and small, are and have been hard at work on voice-activated technologies (compare, for instance, to Amazon’s Alexa, Apple’s Siri, and countless speech recognition start-ups around the world). Huge numbers of households and individuals currently have these devices in their homes and/or on their person at all times. Continue Reading A Roadmap to Litigating Privacy Claims? A Look at a Recent Order From the Google Assistant Privacy Litigation

While far from getting us back to any kind of normal that predated the COVID-19 pandemic, states have begun to relax lockdown requirements and some previously closed “nonessential” businesses are returning to operations. With such openings, governmental entities, trade organizations, and others are wisely recommending protocols, including using wellness screenings, in an effort to lower the risk that such reopenings result in a reversal of trends that have flattened the infection curve. While such protocols focus on ensuring the health and wellbeing of employees, customers, and others physically visiting the businesses and are necessary in any consideration of reopening, businesses implementing new data collection from their employees and customers need to consider the privacy implications of doing so. Continue Reading Reopening Plans and Recommended Protocols Beg New Privacy Issues

Democratic Senators Richard Blumenthal and Mark Warner have introduced the Public Health Emergency Privacy Act in response to the bill of the same subject released by Senate Republicans (the COVID-19 Consumer Data Protection Act) at the end of last month. As with the CCDPA, the PHEPA regulates the collection of emergency health data. While the respective bills differ in many ways, the most glaring distinctions focus (not surprisingly) on enforcement, preemption, and certain uses of data. Continue Reading Senate Democrats Release Competing COVID-19 Privacy Bill

Californians for Consumer Privacy has announced that it has secured and submitted enough signatures to qualify its California Privacy Rights Act (“CPRA”) for inclusion on California’s November 2020 ballot.

Alistair Mactaggart, the architect behind the ballot initiative that led to the California legislature’s adoption of the CCPA, pushed forward with the CPRA to amend perceived issues and shortcomings in the CCPA. Continue Reading Signatures Submitted for Inclusion of New California Privacy Law on November Ballot

A group of Republican senators has proposed a new privacy law to govern the collection and use of certain personal information thought to be both important and at risk during the current coronavirus crisis.

While numerous companies and governments have developed and deployed apps and programs to track individuals and trace contacts between individuals in furtherance of the laudable goal of helping to better understand and address the pandemic, there have been concerns that such data could be collected without proper authorization and/or used for purposes outside of the scope for which the data is willingly provided. Continue Reading Federal “COVID-19 Consumer Data Protection Act” Proposed

As we are all well aware by now, the California Consumer Privacy Act (CCPA) (Cal. Civ. Code Sections 1798.100 et seq.) went into effect on Jan. 1. Through its amendments and regulations (the latter of which have yet to be finalized as of this article’s publication), one aspect of the act has stayed largely consistent: the CCPA grants a private right of action only in limited situations. While the California Attorney General has the ability to impose fines for any CCPA violation, the private right of action is specifically limited (over significant debate and a proposed amendment that failed to pass) to data breach. Moreover, in creating that private right of action, the act specifically notes that violations “shall not be interpreted to serve as the basis for a private right of action under any other law.”

Does that mean there will not be significant litigation concerning the CCPA outside of the data breach realm? The answer is clearly a resounding “no.” Indeed, we have already seen multiple lawsuits filed taking direct aim at the CCPA’s claimed limitations on private enforcement. In those cases, in direct contravention of the stated limitation on private rights of action, plaintiffs have claimed (among other things) that the failure to provide proper notice required by the CCPA predicates a violation of California’s Unfair Competition Law (Cal Civ. Code. Section 17200) (the UCL). See, e.g., Burke v. Clearview AI, Case No. 3:20-cv-00370 (S.D. Cal., filed Feb. 27, 2020); Sheth v. Ring, Case No. 2:20-cv-01538 (C.D. Cal., filed Feb. 18, 2020). Whether such claims will fail as expressly barred by the act remains to be seen. Continue Reading Private Rights of Action and the CCPA—Unlimited Limitation?