Privacy Zone

Where technology and intellectual property meet privacy

Subscribe
Visit Blog
By: Rothwell Figg

Blog Authors

Caroline O'Banion
Jenny Colgate
Jennifer Maisel
Caitlin Wilmot
Martin Zoltick

Latest from Privacy Zone

AI, circuit board
The European Commission recently presented strategies for data and Artificial Intelligence (AI) focusing on promoting excellence in AI and building trust.  The Commission’s White Paper, “On Artificial Intelligence – A European approach to excellence and trust,” addresses the balance between the promotion of AI with regulation of its risks.  “Given the major impact that AI can have on our society and the need to build trust, it is vital that European AI is grounded…
Test Tube pic
Last week, 23andMe, the direct-to-consumer genetic testing service, announced its strategic license agreement with Almirall, a leading global pharmaceutical company, for the rights to a bispecific monoclonal antibody designed to treat Il-36 cytokines in autoimmune and inflammatory diseases. The antibody was discovered by 23andMe’s Therapeutics team, using the genetic information from more than 8 million personal testing kits from customers who consented to use of their data for genetic research. While the finances surrounding this…
general data protection regulation GDPR
The number of actions to enforce the European Union’s General Data Protection Regulation (GDPR) against a wide range of companies continues to rise.  Germany, a country where privacy enjoys strong legal protection, is establishing itself as a favorite jurisdiction for enforcement of the GDPR.  And, not surprisingly, Facebook is one of the companies in the crosshairs. Last February, Germany’s Federal Cartel Office held that Facebook’s practice of combining data it collects across its suite of…
Act or CCPA symbol
The California Attorney General recently released modified CCPA guidance.  While the modified guidance offers additional examples for CCPA compliance and clarifies certain obligations, several open issues and ambiguities still remain. Below are highlights of the changes, and note that written comments are due by February 25, 2020. Definitions: The modified guidance specify the definition of “household” to include a person or group of people who: (1) reside at the same address, (2) share a…
Googleplex office in Silicon Valley.
Another BIPA class action was filed this week – this time against Google.  Again.  Google has been sued under BIPA before, and for seemingly the same violations as here, i.e., creating “face prints” from photos stored in Google Photos without having obtained prior, informed written consent.   The Complaint that was filed this week alleges: “Google created, collected, and stored, in conjunction with its cloud-based ‘Google Photos’ service, millions of ‘face templates’ (or ‘face prints’) –…
ROT012-Bio_Photos_475x475_Ott
Christopher A. Ott, CIPP/US, former Supervisory Counterintelligence and Cyber Counsel to the National Security Division of the U.S. Department of Justice (DOJ), and most recently, a partner in private practice at Davis Wright Tremaine LLP advising clients on litigation and business strategy when facing data and privacy issues, has joined Rothwell Figg’s Privacy, Data Protection, and Cybersecurity practice as a partner in Washington, D.C. At the DOJ for more than 13 years, Mr. Ott won…
AI and software concept
Earlier this week we wrote about the NJ AG’s ban of the Clearview AI’s facial recognition app, which is marketed to law enforcement agencies to help stop criminals.  We hypothesized about a BIPA suit against Clearview AI and whether, for example, Facebook’s settlement of a BIPA class action would exhaust remedies, at least with respect to Clearview’s biometric information that was scraped from Facebook.  We concluded that while there would likely not be exhaustion,…
gertruda-valaseviciute-xMObPS6V_gY-unsplash
“Reasonable” appears several times in the California Consumer Privacy Act (CCPA), and most notably in the section on the private right of action for a data breach resulting from “a business’s violation of the duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information.” But what is “reasonable?”  While not defined in the CCPA, there are a few benchmarks to follow.  In 2016,…
CCPA California Consumer Privacy Act Lock Blue Gradient
On February 3, 2020, Bernadette Barnes, a private resident of California (on behalf of herself and others similarly situated), brought the first data breach suit citing CCPA ever.  The suit named Hanna Andersson (company specializing in high end children’s apparel) and Salesforce.com (cloud technology service as a software (“SaaS”) company) as defendants, and brought claims of negligence, declaratory relief, and violation of the California Unfair Competition Law in connection with the widespread data breach that…
general data protection regulation GDPR
ZDNet.com, relying on research by Forrester Research, recently reported that “GDPR enforcement is on fire!”  This is likely a foreshadowing of the prevalence of US privacy enforcement proceedings in the near future.  Indeed, it appears that if the FTC and AG offices are not able to keep up, plaintiffs in the United States are more than happy to file lawsuits. While the US still does not have a national privacy law, and nor do many…