The U.S. Supreme Court dealt a blow last week to litigants—both criminal and civil—who have attempted to use the “exceeds authorized access” provision of the Computer Fraud and Abuse Act (“CFAA” or “Act”), 18 U.S.C. § 1030, to hold former employees, competitors and others accountable for inappropriately utilizing electronic information. In its 6-3 decision in Van Buren v. United States, the Court resolved a long-standing split on the scope of Section 1030(a)(2), providing a narrow answer to the question of whether an individual “exceeds authorized access” to electronic information in violation of the CFAA if he or she is authorized to access the information but does so for an improper purpose. The holding will make it more difficult for prosecutors and civil litigants to wield the CFAA in some scenarios where data is misused, but not necessarily stolen. Continue Reading Supreme Court Slashes CFAA Claims Involving Authorized Access for an Illicit Purpose
Thanks to statutory amendments and regulatory changes, compliance with the California Consumer Privacy Act (“CCPA”) continues to be a moving target. As Vedder Price previously reported, the CCPA, effective January 1, 2020, gave consumers new tools and rights for protecting their data privacy. In October 2020, the California Attorney General (“AG”) approved the “final” set of regulations interpreting the requirements of the CCPA, discussed here. Then in December 2020, the AG proposed some modifications to the regulations in response to comments about the previous set of proposed CCPA modifications.
Recently, on March 15, 2021, the AG announced that the Office of Administrative Law approved the AG’s proposed changes to the CCPA regulations. These newly approved regulations strengthen the language of the CCPA by making three changes relating to the right to opt out of sales and one change to authorized agent requests. Thus, companies that are focused on CCPA compliance should review these regulations with fresh eyes to make sure they are still compliant.
The European Union’s General Data Protection Regulation (“GDPR”) is well known as the toughest privacy and security law in the world, as it has a wide reach and imposes heavy fines against those who violate its privacy and security standards (which are quite broad). The impact of the GDPR has already been felt in the United States since it went into effect in 2018, and now U.S. lawmakers in numerous states are moving to enact similar legislations. The California Consumer Protection Act (“CCPA”) was the first instance of the GDPR’s impact in the United States, as California put in place a statute and regulations that mirrored the GDPR in several respects. Now Virginia has set in motion what could be a year-long string of states enacting similar legislation. In particular, Washington and New York have proposed legislation following the framework of the CCPA. This article will compare the CCPA to the newly enacted and proposed privacy laws in the United States. Continue Reading GDPR in the USA? New State Legislation Is Making This Closer to Reality
Welcome back to Vedder Price’s BIPA Bellwether series. As with our TCPA Turnstile, we intend for the BIPA Bellwether to serve as a periodic report on latest developments.
Last week, the Southern District of Illinois decided to dismiss the lawsuit in Barton v. Swan Surfaces LLC, No. 20-CV-499-SPM, 2021 WL 793983 (S.D. Ill. Mar. 2, 2021). In doing so, the Southern District joined the U.S. Northern District’s trend of finding claims brought under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14 et seq., to be preempted by the federal Labor Management Relations Act (“LMRA”), 29 U.S.C. § 185, when interpretation of a collective bargaining agreement is required. This growing trend suggests that Illinois federal courts are beginning to rein in the cottage industry among class action attorneys that BIPA has sparked.
Welcome to Vedder Price’s inaugural edition of the BIPA Bellwether. As with our TCPA Turnstile, we intend for the BIPA Bellwether to serve as a periodic report on latest developments.
Last week, the Supreme Court of Illinois issued an order that likely will clarify when Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14 et seq., claims may be asserted in the employment context. This order comes at a time when BIPA cases are surging and Illinois appellate court decisions interpreting the act are scarce. As a result, the Court’s order—and the decision that will follow—signal a potential avenue for dismissal that may provide much needed guidance for BIPA litigants. Continue Reading BIPA Bellwether: New Illinois Supreme Court Order Foreshadows Employment Guidance
One of the few things that hasn’t changed significantly since our last TCPA update is, well, the TCPA. We have a new year, a new President and multiple new COVID vaccines. And after the December oral argument in Facebook v. Duguid before the Supreme Court, 2021 could be the year when we receive clarity on the critical TCPA question of what constitutes an automatic telephone dialing system (“ATDS”). Indeed, the argument seemed positive for the TCPA defense bar, with Justices Alito and Thomas chafing at the anachronistic nature of the statute and Justices Sotomayor and Gorsuch expressing concerns about the idea that every cellphone user could be subject to civil liability. But for now, the TCPA litigation landscape remains the same bizarre, often inconsistent quagmire that it always has been. We’ll continue to be your guide through the morass, and we summarize here developments since our last update, listed by issue category in alphabetical order. Continue Reading TCPA Turnstile: New Year, Same TCPA – For Now (TCPA Case Update Vol. 14)
Many had hoped that the summer of 2020 might bring the end of the TCPA as we know it, by way of the Supreme Court’s decision in Barr v. American Association of Political Consultants. Of course, that’s not how things played out. The government-backed debt exception is dead, but the rest of the TCPA is still very much alive. And while the pace of litigation has slowed because of the ongoing COVID-19 pandemic, TCPA decisions continue to roll in and there have been new developments before the FCC. We reviewed the TCPA cases published and other developments since our last update and compiled the most noteworthy items, listed below by issue category in alphabetical order. Continue Reading TCPA Turnstile: No summer vacation for the TCPA defense bar (TCPA Case Update Vol. 13)
Last month, the California Attorney General approved the final set of regulations interpreting the requirements of the California Consumer Privacy Act (Cal. Civ. Code Sections 1798.100 et seq.) (the “CCPA”).
What does it include?
Undoubtedly, the biggest TCPA development in the last month was the recent Supreme Court oral argument in Barr v. American Association of Political Consultants Inc., Case No. 19-631, which has the potential to upend TCPA jurisprudence as we know it. While we wait for a Supreme Court decision, the oral argument made a few things clear:
“Should we do a Zoom?” It has taken little more than a month for the Zoom video conference platform to take its place among the likes of Google, Kleenex and Xerox as brand names synonymous with the product or service being offered. But with that name recognition comes scrutiny, and Zoom is getting plenty. The privacy and security issues associated with Zoom have been well-documented. As a result, Zoom is now facing class action lawsuits from both shareholders and users. And the use of Zoom (and other platforms) can raise ethics issues for lawyers.