Data Law Insights

Legal insights on navigating privacy, data protection, cybersecurity, information governance, and e-discovery

Latest from Data Law Insights - Page 2

Crowell & Moring has released Litigation Forecast 2020: What Corporate Counsel Need to Know for the Coming Year. The eighth-annual Forecast provides forward-looking insights from leading Crowell & Moring lawyers to help legal departments anticipate and respond to challenges that might arise in the year ahead. For 2020, the Forecast focuses on how the digital revolution is giving rise to new litigation risks, and it explores trends in employment non-competes, the future of stare…
On January 13, 2020, U.S. District Court Judge Castel of the Southern District of New York in SEC v. Telegram Group Inc. et al., No. 19 Civ. 9439 (PKC) granted the motion of the U.S. Securities and Exchange Commission (“SEC”) to compel Telegram Group Inc., a technology company best known for its secure messaging app, to produce overseas bank records (Dkt. 67). The SEC had sought these records “fully unredacted” on an expedited basis in…
On January 1, 2020, California’s landmark privacy law, the California Consumer Privacy Act (CCPA), took effect. The CCPA imposes various obligations on covered businesses and provides extensive rights to consumers with respect to controlling the collection and use of their personal information. While some companies have largely completed their CCPA compliance efforts, many others are still digesting the CCPA and draft proposed regulations, and taking steps to meet the CCPA’s myriad compliance obligations. Confusion persists…
– GN Netcom, Inc. v. Plantronics, Inc., 930 F.3d 76 (3d. Cir. 2019) The Third Circuit’s decision in GN Netcom illustrates how Federal Rule of Civil Procedure 37(e) has elevated the bar to obtaining a default judgment based on spoliation, raising the question of what level of egregious conduct would justify that penalty. The decision also is notable for its exploration of the evidentiary support that aggrieved parties should be permitted to submit when the…
This time of year, everything tends to be more scary and spooky, but one thing doesn’t have to be – creating a defensible privilege log! Creating a privilege log can be one of the most time consuming, labor intensive and expensive parts of litigation. The last thing you want is to have to spend additional time and money defending or re-doing work on your privilege log. Federal Rule of Civil Procedure 26(b)(5) only requires that…
Consent is only one of the six legal grounds for processing personal data under the GDPR, but it is certainly the most well-known. While it might look safe and solid at first sight, it is becoming the weakest link of the GDPR compliance chain. First, consent can be withdrawn at any time, and the process for withdrawal must be as easy as the process for providing consent. Thus, a system built only on consent can…
On October 1, 2019, the Court of Justice of the European Union (CJEU) issued a final ruling in the Planet49 case (case C-673/17 – available here). Following a request for preliminary ruling from the German Federal Court of Justice, the Bundesgerichtshof, the CJEU interpreted the consent requirement of Directive 2002/58/EC, as amended by Directive 2009/136/EC (hereafter the “e-Privacy Directive”) in light of former Directive 95/46/EU (hereafter the “Data Protection Directive”) as well as in…
Executive summary On September 17, 2019, the Belgian Data Protection Authority (DPA) issued a fine of EUR 10,000 for a breach of the General Data Protection Regulation’s (GDPR). The case related to a merchant who required the use of an electronic identity card as the sole means for the issuance of loyalty cards. The DPA found that this practice did not comply with GDPR’s standards on (a) data minimization, as the electronic identity card contains…
On 29 July 2019, the Court of Justice of the European Union (CJEU) issued a decision in the Fashion ID case, a case referred to it by a German court. In this blog post we will focus on what this case means with regard to joint controllership when you have social media plug-ins on your website. To go directly to the section on the implications of this case, please click here. Background to the Fashion…
On August 8, 2019, the U.S. Court of Appeals for the Ninth Circuit issued yet another decision adopting relaxed standing requirements in privacy litigation, this time in a decision permitting a plaintiff to pursue claims under Illinois’s Biometric Information Privacy Act (BIPA). In Patel v. Facebook, the Ninth Circuit rejected arguments from Facebook Inc. (Facebook) that claims under the BIPA require assertions of real-world harm, and that BIPA claims only apply to conduct within Illinois.…