Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing. See Flynn v. FCA US LLC, — F. 4th —-, 2022 WL 2751660 (7th Cir.
Emerging Trends: Renewed Wave of Video Privacy Class Actions
Recent months have seen a growing trend of data privacy class actions asserting claims for alleged violations of federal and state video privacy laws. In this year alone, plaintiffs have filed dozens of new class actions in courts across the country asserting claims under the federal Video Privacy Protection Act (“VPPA”), Michigan’s Preservation of Personal…
China Releases Measures for a Security Assessment of Cross-Border Data Transfers To Take Effect in September 2022
In addition to the two developments we reported on in our last blog post, on July 7, 2022, the long-waited, final version of the Measures for Security Assessment of Cross-border Data Transfer (《数据出境安全评估办法》, “Measures”) were released by the Cyberspace Administration of China (“CAC”). With a very tight implementation schedule, the…
Cross-border Data Transfer Developments in China
After more than seven months since China’s Personal Information Protection Law (《个人信息保护法》, “PIPL”) went into effect, Chinese regulators have issued several new (draft) rules over the past few days to implement the cross-border data transfer requirements of the PIPL. In particular, Article 38 of the PIPL sets out three legal mechanisms for lawful transfers of personal information outside of China, namely: (i) successful completion of a government-led security assessment, (ii) obtaining certification under a government-authorized certification scheme, or (iii) implementing a standard contract with the party(-ies) outside of China receiving the data. The most recent developments in relation to these mechanisms concern the standard contract and certification.
Chinese Government Issues Draft SCCs
On June 30, 2022, the Cyberspace Administration of China (“CAC”) released draft Provisions on the Standard Contract for the Cross-border Transfers of Personal Information (《个人信息出境标准合同规定（征求意见稿）》, “Draft Provisions”) for public consultation. The full text of the Draft Provisions can be found here (currently available only in Mandarin Chinese). The public consultation will end on July 29, 2022.…
Continue Reading Cross-border Data Transfer Developments in China
Italian Garante bans use of Google Analytics
The Garante’s statement follows an order (here) issued against an Italian website operator to stop data transfers to Google LLC in the U.S., and joins other European data protection authorities in their actions relating to the use of Google Analytics (see our previous blogs here and here).
Below we summarize the Garante’s key considerations.
- Google Analytics’ “IP Anonymization” feature
The Garante analyzes Google Analytics’ so-called “IP-Anonymization” feature, which allows the transfer of user IP addresses to Google Analytics after masking the IP address’ last octet. The Garante finds that such feature constitutes a pseudonymization of the IP address, and not anonymization. According to the Garante, the feature does not prevent Google LLC from re-identifying the user, given Google’s capabilities to enrich such data through additional information it holds, especially in circumstances where those users maintain and use a Google account.…
Continue Reading Italian Garante bans use of Google Analytics
FTC Announces Plans to Begin Privacy Rulemaking In June
Today, the Federal Trade Commission (FTC) announced that it anticipates proposing a privacy rulemaking this month, with comments closing in August. This announcement follows the agency’s statement in December that it planned to begin a rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.” …
Robotics Spotlight: Global Regulatory Trends Affecting Robotics
On April 28, 2022, Covington convened experts across our practice groups for the Covington Robotics Forum, which explored recent developments and forecasts relevant to industries affected by robotics. Sam Jungyun Choi, Associate in Covington’s Technology Regulatory Group, and Anna Oberschelp, Associate in Covington’s Data Privacy & Cybersecurity Practice Group, discussed global regulatory trends that affect robotics, highlights of which are captured here. A recording of the forum is available here until May 31, 2022.
Trends on Regulating Artificial Intelligence
According to the Organization for Economic Cooperation and Development Artificial Intelligence Policy Observatory (“OECD”), since 2017, at least 60 countries have adopted some form of AI policy, a torrent of government activity that nearly matches the pace of modern AI adoption. Countries around the world are establishing governmental and intergovernmental strategies and initiatives to guide the development of AI. These AI initiatives include: (1) AI regulation or policy; (2) AI enablers (e.g., research and public awareness); and (3) financial support (e.g., procurement programs for AI R&D). The anticipated introduction of AI regulations raises concerns about looming challenges for international cooperation.…
Continue Reading Robotics Spotlight: Global Regulatory Trends Affecting Robotics
Online Safety Bill to Proceed Through Parliament
On May 10, 2022, Prince Charles announced in the Queen’s Speech that the UK Government’s proposed Online Safety Bill (the “OSB”) will proceed through Parliament. The OSB is currently at committee stage in the House of Commons. Since it was first announced in December 2020, the OSB has been the subject of intense debate and scrutiny on the balance it seeks to strike between online safety and protecting children on the one hand, and freedom of expression and privacy on the other.
To what services does the OSB apply?
The OSB applies to “user-to-user” (“U2U”) services—essentially, services through which users can share content online, such as social media and online messaging services—and “search” services. The OSB specifically excludes email services, SMS, “internal business services,” and services where the communications functionality is limited (e.g., to posting comments relating to content produced by the provider of the service). The OSB also excludes “one-to-one live aural communications”—suggesting that one-to-one over-the-top (“OTT”) calls are excluded, but that one-to-many OTT calls, or video calls, may fall within scope.…
Continue Reading Online Safety Bill to Proceed Through Parliament
Connecticut Legislature Passes Comprehensive Privacy Bill
The Connecticut legislature passed Connecticut SB 6 on April 28, 2022. If signed by the governor, the bill would take effect on July 1, 2023, though the task force created by the bill will be required to begin work sooner.
The bill closely resembles the Colorado Privacy Act, with a few notable additions. Like the…
Fourth Circuit Holds Statements About Importance of Data Security Not Actionable
The Fourth Circuit’s opinion last week in In re Marriott International, Inc., — F.4th —-, No. 21-1802 (4th Cir. Apr. 21, 2022), could prove useful to companies facing data breach class actions. Following a data breach of the Starwood guest reservation system, Marriott investors brought securities claims alleging that the purported failure to…