Rothwell Figg

Last week, 23andMe, the direct-to-consumer genetic testing service, announced its strategic license agreement with Almirall, a leading global pharmaceutical company, for the rights to a bispecific monoclonal antibody designed to treat Il-36 cytokines in autoimmune and inflammatory diseases. The antibody was discovered by 23andMe’s Therapeutics team, using the genetic information from more than 8 million personal testing kits from customers who consented to use of their data for genetic research. While the finances surrounding this…
The number of actions to enforce the European Union’s General Data Protection Regulation (GDPR) against a wide range of companies continues to rise.  Germany, a country where privacy enjoys strong legal protection, is establishing itself as a favorite jurisdiction for enforcement of the GDPR.  And, not surprisingly, Facebook is one of the companies in the crosshairs. Last February, Germany’s Federal Cartel Office held that Facebook’s practice of combining data it collects across its suite of…
The California Attorney General recently released modified CCPA guidance.  While the modified guidance offers additional examples for CCPA compliance and clarifies certain obligations, several open issues and ambiguities still remain. Below are highlights of the changes, and note that written comments are due by February 25, 2020. Definitions: The modified guidance specify the definition of “household” to include a person or group of people who: (1) reside at the same address, (2) share a…
Another BIPA class action was filed this week – this time against Google.  Again.  Google has been sued under BIPA before, and for seemingly the same violations as here, i.e., creating “face prints” from photos stored in Google Photos without having obtained prior, informed written consent.   The Complaint that was filed this week alleges: “Google created, collected, and stored, in conjunction with its cloud-based ‘Google Photos’ service, millions of ‘face templates’ (or ‘face prints’) –…
Christopher A. Ott, CIPP/US, former Supervisory Counterintelligence and Cyber Counsel to the National Security Division of the U.S. Department of Justice (DOJ), and most recently, a partner in private practice at Davis Wright Tremaine LLP advising clients on litigation and business strategy when facing data and privacy issues, has joined Rothwell Figg’s Privacy, Data Protection, and Cybersecurity practice as a partner in Washington, D.C. At the DOJ for more than 13 years, Mr. Ott won…
Earlier this week we wrote about the NJ AG’s ban of the Clearview AI’s facial recognition app, which is marketed to law enforcement agencies to help stop criminals.  We hypothesized about a BIPA suit against Clearview AI and whether, for example, Facebook’s settlement of a BIPA class action would exhaust remedies, at least with respect to Clearview’s biometric information that was scraped from Facebook.  We concluded that while there would likely not be exhaustion,…
“Reasonable” appears several times in the California Consumer Privacy Act (CCPA), and most notably in the section on the private right of action for a data breach resulting from “a business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information.” But what is “reasonable?”  While not defined in the CCPA, there are a few benchmarks to follow.  In 2016,…
On February 3, 2020, Bernadette Barnes, a private resident of California (on behalf of herself and others similarly situated), brought the first data breach suit citing CCPA ever.  The suit named Hanna Andersson (company specializing in high end children’s apparel) and Salesforce.com (cloud technology service as a software (“SaaS”) company) as defendants, and brought claims of negligence, declaratory relief, and violation of the California Unfair Competition Law in connection with the widespread data breach that…
ZDNet.com, relying on research by Forrester Research, recently reported that “GDPR enforcement is on fire!”  This is likely a foreshadowing of the prevalence of US privacy enforcement proceedings in the near future.  Indeed, it appears that if the FTC and AG offices are not able to keep up, plaintiffs in the United States are more than happy to file lawsuits. While the US still does not have a national privacy law, and nor do many…
The Internet of Things (IoT) is often defined as a network of interconnected devices, such as sensors, smartphones, and wearables, or the transfer of data between everyday objects with computing capabilities. It’s where physical infrastructure meets the digital universe, and where machines can “talk” to one another. The IoT creates a connected world, and it’s growing exponentially. One forecast from The Economist predicts that there will be “a trillion connected computers by 2035, built into…