In the continuing absence of comprehensive federal law regulating data privacy and protection, the states have continued to pursue their own agenda.  Pennsylvania recently became the most recent state to throw its hat into the ring with its legislature’s introduction of HB-1126, the Consumer Data Privacy Act (“CDPA”).  If passed, the CDPA would make Pennsylvania the third state to enact its own data privacy and protection laws, following California and Virginia.  CPW is here…

For those covering developments across the Atlantic, as Stéphanie Faber, Matus Huba and Rosa Barcelo cover at Security & Privacy Bytes, the new Standard Contractual Clauses (“SCCs”) have been adopted by the European Commission on June 4, 2021 and should be published in the next few weeks.  As they explain, the new SCCs will go into effect twenty (20) days following publication in the Official Journal of the European Union (“EU”) and the old…

Today President Biden issued an Executive Order (“EO”) with respect to the threat posed to the United States’ information and communications technology and services (“ICTS”) supply chain.  The EO “directs the use of a criteria-based decision framework and rigorous, evidence-based analysis to address the risks posed by ICTS transactions involving software applications that are designed, developed, manufactured, or supplied by persons that are owned or controlled by, or subject to the jurisdiction of a foreign…

Colorado’s SB 21-190 has passed both chambers and if not vetoed will become the 3rd omnibus state privacy law enforceable 7/1/23.  It has no private right of action, but includes the right to object to processing for purposes of targeted advertising, the sale of personal data, or profiling, including via means of an online global privacy control, as well as the rights to access, correct and/or delete personal data, or obtain a portable copy of…

Earlier this year, a federal court granted preliminary approval of a proposed class action settlement in connection with litigation arising under the Driver’s Privacy Protection Act (“DPPA”).  Gaston v. Lexisnexis Risk Solutions, 2021 U.S. Dist. LEXIS 12872 (W.D.N.C. Jan. 25, 2021).  Last week, the court gave the settlement final approval, marking an end to five years of litigation between the parties. To recap, the DPPA is a federal statute governing the sale and resale…

In case you missed it, below is a summary of recent posts from CPW.  Please feel free to reach out if you are interested in additional information on any of the developments covered. BREAKING: SCOTUS Slashes Scope of Cybercrime Statute | Consumer Privacy World Do You Want Fries With That? McDonald’s Customer BIPA Class Action Lands in Federal Court | Consumer Privacy World Recent California Supreme Court Decision Expands Liability Arising Under the California Invasion …

BIPA is a frequently litigated data privacy statute, and as readers of CPW know, we’ve been covering BIPA litigations for some time (for some of our prior coverage, check out here, here and here).  Often these claims are brought in the context of a preexisting employee-employer relationship, where employees allege that their employer improperly collected their data in violation of BIPA for timekeeping purposes.  A recent BIPA lawsuit against McDonalds filed on…