Latest Articles

With barely half a year until the California Consumer Privacy Act (CCPA) takes effect in January 2020, the landmark privacy law is in a state of flux. The already-amended landmark law is likely to face further rounds of revision, and the California Attorney General is required to hammer out many key compliance requirements through an administrative rulemaking. Gerry Stegmaier and Mark Quist recently co-authored an article for the Washington Legal Foundation examining the key issues…
Last week, the California Assembly’s Committee on Privacy and Consumer Protection, which exercises jurisdiction over privacy and personal information protection matters, approved several amendment bills intended to clarify and narrow the scope of the California Consumer Privacy Act (CCPA or the Act). In January 2020, the CCPA will impose landmark burdens and obligations on businesses that in many respects go beyond those required by the EU’s General Data Protection Regulation (GDPR). Businesses nationwide will be…
On February 26, 2019, the Federal Trade Commission’s (FTC) Bureau of Competition announced a new Technology Task Force, which will monitor anticompetitive conduct in U.S. technology markets “to ensure consumers benefit from free and fair competition.” With the consumer protection agency already a chief arbiter of privacy enforcement in the tech sector, the new task force increases the likelihood that the continued convergence between competition and consumer protection policy, which began in earnest at…
BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would: Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA; Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by the AG (cure provision); and Eliminate businesses’ right to ask the AG’s opinion on how to comply with the CCPA.…
The President has made artificial intelligence technology a policy priority. On February 11, 2019, the President issued an Executive Order to direct most federal executive agencies to promote and protect American advancements in artificial intelligence while working with private industry. The order recognized that public trust in artificial intelligence is an important factor in the development and use of the technologies, and highlights the need to “protect civil liberties, privacy, and American values in their…
Following our previous blog on the upcoming second annual review of the EU-U.S. Privacy Shield, the European Commission published its report on 19 December 2018. In its report, the Commission concludes that the level of protection for personal data transferred under the Privacy Shield from the European Union to the United States continues to be adequate. The Privacy Shield’s terms must be reviewed every year. You can find our blog post on the first annual…
The Food and Drug Administration (FDA) published a draft update to its premarket cybersecurity guidance for device makers on October 18, 2018. The expanded draft guidance includes recommendations on tiered classification of cybersecurity risk, trustworthiness, cybersecurity bill materials, and device cybersecurity labeling that are specific enough to be helpful to manufacturers while at the same time keeping the guidance sufficiently flexible to comply with an industry filled with advancing devices that pose greater and more…
California enacted Internet of Things (IoT) legislation intended to help protect consumer privacy and safety from potential hacking of connected devices. Under the state legislation that may apply to any connected devices sold in California, manufacturers of connected devices are required to equip the devices with security options suitable to the nature of the device and the information processed by the device. The objective of the legislation is to protect consumers, yet adapt to different…
The Office of the Inspector General (OIG) published a report in September 2018 after a review of the Food and Drug Administration’s (FDA) policies, procedures, and guidance relating to cybersecurity reviews of networked medical1 devices. In its findings, covered in our recent client alert, the OIG determined that while the FDA has started to include cybersecurity concerns in its review process, the FDA should take steps to ensure their cybersecurity review is systematic and…
On Thursday, September 27, the Federal Trade Commission (FTC) announced settlements with four companies, IDmission, LLC, mResource LLC (doing business as Loop Works, LLC), SmartStart Employment Screening, Inc., and VenPath, Inc., following allegations that the companies falsely claimed to be certified under the EU-U.S. Privacy Shield. Specifically, the FTC alleged that IDmission, LLC misrepresented participation in the program by claiming certification on its website despite never completing the steps necessary to participate…