Over the last few months, we have been presenting and reporting on the California Consumer Privacy Act (CCPA), the county’s first comprehensive state law designed to give consumers significant control over the personal data that companies collect. Not to be outdone, New York is working on data privacy legislation that imposes even heavier burdens on companies that collect consumer information.

The proposed New York Privacy Act (NYPA), Senate Bill S5642, sponsored by Democrat Kevin Thomas, has not yet been passed. If it passes in its current form, however, it would impose the strictest requirements in the country relating to companies’ collection, maintenance, use, and disclosure of consumer information.  Continue Reading New York Data-Privacy Proposal More Stringent than California’s CCPA

April was another busy month for legislative activity on the California Consumer Privacy Act (CCPA), following a very busy February [see our prior post here]. A proposed sweeping revision to the CCPA, AB 1760, was withdrawn, while three key amendments, AB 25, AB 873, and AB 874, are up for a floor vote. Meanwhile, SB 561, which greatly expands the private right of action under the CCPA, is now in the Senate Appropriations Committee’s Suspense File awaiting a May 17, 2019 deadline for a vote as to whether it makes it out of the Suspense File.  Continue Reading CCPA Watch: Proposed Sweeping Overhaul Withdrawn, Three Amendments Providing Key Clarifications Remain Pending

Utah enacted a sweeping data privacy law that affects how employers and corporations respond to police demands for data. With this new law, Utah becomes the first state to protect electronic information individuals disclose to third parties.

Utah’s law requires a search warrant for a law enforcement agency conducting a criminal investigation or prosecution to obtain (i) location information, stored data, or transmitted data of an electronic device or (ii) electronic information or data transmitted by the owner of the electronic information or data to a remote computing processing center. The law further provides that any use of the information gathered must be related to the subject or objective of the warrant.  Continue Reading Utah Sets Limits on Law Enforcement’s Ability to Gather Individuals’ Electronically Transmitted Data

After the Illinois Supreme Court’s decision in January holding that a plaintiff need not show actual harm to be an “aggrieved person” under the Illinois Biometric Information Privacy Act (“BIPA”), parties litigating under BIPA have been testing other defenses. One of those defenses is whether BIPA matters can be compelled to arbitration pursuant to an arbitration provision set forth in the parties’ agreement.

On Tuesday, April 9, the First District Appellate Court of Illinois issued its decision in Liu v. Four Seasons Hotel, Ltd., 2019 IL App (1st) 182645, holding that a BIPA claim could not be compelled to arbitration based on the language of the employment agreement at issue. Specifically, the employment agreement provided that a dispute was subject to mandatory, binding arbitration if it “is based on one of the following types of claims as defined by law:  (a) employment discrimination; (b) harassment as it relates to my employment; (c) a wage or hour violation; (d) or termination of my employment from the Hotel.” Defendant argued that plaintiffs’ BIPA claim was a “wage or hour” dispute because the scans of plaintiffs’ fingerprints were used to track the hours the plaintiffs worked and therefore, it was an “hour” violation claim. The appellate court disagreed.  Continue Reading Arbitration Clauses & BIPA: The Broader the Better

This blog post is the second in a series of Q&A posts following Dykema’s February 27, 2019 webinar on the California Consumer Privacy Act (“CCPA”).  We received questions both before and during the webinar, and over the coming weeks we will be posting our responses. We will answer the most commonly-asked questions first, so please stay tuned if you don’t see your question in our first few posts. And, of course, please feel free to reach out to us if you have a unique question or would like to discuss in detail how the CCPA may apply to you.

You may see our first post here.

Thanks for reading!

Continue Reading February 27, 2019 CCPA Webinar Q&As: Third-Parties & Due Diligence

Data privacy litigation is not a new frontier. The Illinois Biometric Information Privacy Act (“BIPA”) has provided a private right of action for the improper collection of biometric information from Illinois citizens without consent since 2008. Even so, employers and businesses alike were caught off-guard when plaintiffs began filing class actions complaints alleging BIPA violations in 2015. Defendants scored early victories in these cases, as evidenced in the Second District Appellate Court opinion finding that actual harm, and not merely a procedural violation, must be alleged to state a claim under the Act. That ruling placed the viability of private suits under BIPA in serious doubt—because actual harm from an improper collection of biometric information is not easily pled. But then in January 2019, the Illinois Supreme Court reversed the defendant-friendly intermediate appellate ruling and held that mere procedural violations of BIPA standing alone were sufficient to withstand a motion to dismiss. That ruling breathed new life into this pattern litigation, as recent docket filings show.  Continue Reading Is the Illinois Legislature Rethinking BIPA?

This blog post is the first in a series of Q&A posts following Dykema’s February 27, 2019 webinar on the California Consumer Privacy Act (“CCPA”). We received questions both before and during the webinar, and over the coming weeks we will be posting our responses. We will answer the most commonly-asked questions first, so please stay tuned if you don’t see your question in the first one or two posts. And, of course, please feel free to reach out to us if you have a unique question or would like to discuss in detail how the CCPA may apply to you.

Thanks for reading!  Continue Reading February 27, 2019 CCPA Webinar Q&As: Out-of-State, B2B, and GLBA-Covered Businesses

The fallout from the Illinois Supreme Court’s January 25, 2019, opinion in Rosenbach v. Six Flags Entertainment Corp., 19 IL 12316, continues. Rosenbach settled the dispute of who qualifies as an “aggrieved person” under the Illinois Biometric Information Privacy Act (“BIPA”), and in doing so opened the floodgates for this litigation to proliferate. The immediate result was a sharp increase in the filing of BIPA class actions as well as the lifting of stays of the numerous cases pending that were awaiting the Rosenbach ruling.  Continue Reading All Stop: Ruling on the Applicability of Exclusion to BIPA Claims Delayed

On January 19, 2019, federal Magistrate Judge Kandis Westmore of the Northern District of California denied the Government’s application for a search warrant that sought:

  1. “all digital devices” present at a California residence; (Order at 3), and
  2. “any individual present at the time of the search to press a finger (including thumb) or utilize other biometric features…for the purposes of unlocking the digital devices found in order to permit a search of the contents,” (Order at 1).

The request for the “use of biometrics” was stunning. Magistrate Judge Westmore denied the Government’s initial request, but invited the Government to submit a new search warrant. A day later when the Government submitted an amended application, it omitted the request to use biometrics. The court granted that amended application. Since the Government’s application named only two suspects in its affidavit, the Government’s request to compel any other individual present at the time of the execution of the search warrant to unlock their digital device(s) was too expansive.

Continue Reading Biometrics and Search Warrants: The Intersection of Your iPhone and the Fourth and Fifth Amendments

February was a busy month for those monitoring the latest developments with the California Consumer Privacy Act (CCPA). After the month kicked off with a series of California Attorney General Informational Sessions, the California State Assembly’s Privacy and Consumer Protection Committee conducted a hearing with testimony from interested parties, including Alastair Mactaggart (the architect of the initiative that led to the enactment of the CCPA), representatives from the California Attorney General’s Office, public interest groups, and industry groups. This hearing also coincided with the introduction of new proposed amendments to the CCPA that would, among other things, require businesses to disclose an estimate of what they paid or received for the sale of consumer data. The month culminated with the introduction of a Senate Bill that would greatly expand the reach of the CCPA by, among other things, granting consumers a private right of action for all CCPA violations and not just data breach violations.  Continue Reading CCPA Watch – February Marked by Heavy Legislative Activity, Proposal to Expand Private Right of Action under the CCPA