Business man on laptopThanks to statutory amendments and regulatory changes, compliance with the California Consumer Privacy Act (“CCPA”) continues to be a moving target. As Vedder Price previously reported, the CCPA, effective January 1, 2020, gave consumers new tools and rights for protecting their data privacy.  In October 2020, the California Attorney General (“AG”) approved the “final” set of regulations interpreting the requirements of the CCPA, discussed here. Then in December 2020, the AG proposed some modifications to the regulations in response to comments about the previous set of proposed CCPA modifications.

Recently, on March 15, 2021, the AG announced that the Office of Administrative Law approved the AG’s proposed changes to the CCPA regulations. These newly approved regulations strengthen the language of the CCPA by making three changes relating to the right to opt out of sales and one change to authorized agent requests. Thus, companies that are focused on CCPA compliance should review these regulations with fresh eyes to make sure they are still compliant.

Continue Reading CCPA Regulations Version 2.0 – Are you STILL compliant?

The European Union’s General Data Protection Regulation (“GDPR”) is well known as the toughest privacy and security law in the world, as it has a wide reach and imposes heavy fines against those who violate its privacy and security standards (which are quite broad). The impact of the GDPR has already been felt in the United States since it went into effect in 2018, and now U.S. lawmakers in numerous states are moving to enact similar legislations. The California Consumer Protection Act (“CCPA”) was the first instance of the GDPR’s impact in the United States, as California put in place a statute and regulations that mirrored the GDPR in several respects. Now Virginia has set in motion what could be a year-long string of states enacting similar legislation. In particular, Washington and New York have proposed legislation following the framework of the CCPA. This article will compare the CCPA to the newly enacted and proposed privacy laws in the United States. Continue Reading GDPR in the USA? New State Legislation Is Making This Closer to Reality

Welcome back to Vedder Price’s BIPA Bellwether series. As with our TCPA Turnstile, we intend for the BIPA Bellwether to serve as a periodic report on latest developments.

Last week, the Southern District of Illinois decided to dismiss the lawsuit in Barton v. Swan Surfaces LLC, No. 20-CV-499-SPM, 2021 WL 793983 (S.D. Ill. Mar. 2, 2021). In doing so, the Southern District joined the U.S. Northern District’s trend of finding claims brought under the Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14 et seq., to be preempted by the federal Labor Management Relations Act (“LMRA”), 29 U.S.C. § 185, when interpretation of a collective bargaining agreement is required. This growing trend suggests that Illinois federal courts are beginning to rein in the cottage industry among class action attorneys that BIPA has sparked.

Continue Reading BIPA Bellwether: New U.S. Southern District of Illinois Decision Holds Labor Management Relations Act Preempts Employee BIPA Claims

FingerprintWelcome to Vedder Price’s inaugural edition of the BIPA Bellwether.  As with our TCPA Turnstile, we intend for the BIPA Bellwether to serve as a periodic report on latest developments.

Last week, the Supreme Court of Illinois issued an order that likely will clarify when Illinois Biometric Information Privacy Act (“BIPA”), 740 ILCS 14 et seq., claims may be asserted in the employment context.  This order comes at a time when BIPA cases are surging and Illinois appellate court decisions interpreting the act are scarce.  As a result, the Court’s order—and the decision that will follow—signal a potential avenue for dismissal that may provide much needed guidance for BIPA litigants. Continue Reading BIPA Bellwether: New Illinois Supreme Court Order Foreshadows Employment Guidance

Phone and gavelOne of the few things that hasn’t changed significantly since our last TCPA update is, well, the TCPA. We have a new year, a new President and multiple new COVID vaccines.  And after the December oral argument in Facebook v. Duguid before the Supreme Court, 2021 could be the year when we receive clarity on the critical TCPA question of what constitutes an automatic telephone dialing system (“ATDS”).  Indeed, the argument seemed positive for the TCPA defense bar, with Justices Alito and Thomas chafing at the anachronistic nature of the statute and Justices Sotomayor and Gorsuch expressing concerns about the idea that every cellphone user could be subject to civil liability.  But for now, the TCPA litigation landscape remains the same bizarre, often inconsistent quagmire that it always has been.  We’ll continue to be your guide through the morass, and we summarize here developments since our last update, listed by issue category in alphabetical order. Continue Reading TCPA Turnstile: New Year, Same TCPA – For Now (TCPA Case Update Vol. 14)

Phone and gavelMany had hoped that the summer of 2020 might bring the end of the TCPA as we know it, by way of the Supreme Court’s decision in Barr v. American Association of Political Consultants.  Of course, that’s not how things played out. The government-backed debt exception is dead, but the rest of the TCPA is still very much alive.  And while the pace of litigation has slowed because of the ongoing COVID-19 pandemic, TCPA decisions continue to roll in and there have been new developments before the FCC.  We reviewed the TCPA cases published and other developments since our last update and compiled the most noteworthy items, listed below by issue category in alphabetical order. Continue Reading TCPA Turnstile: No summer vacation for the TCPA defense bar (TCPA Case Update Vol. 13)

Business man on laptopLast month, the California Attorney General approved the final set of regulations interpreting the requirements of the California Consumer Privacy Act (Cal. Civ. Code Sections 1798.100 et seq.) (the “CCPA”).

What does it include?

The final CCPA regulations include a number of points of clarification such as what it means to provide “notice at collection,” the methods to provide a consumer with access to a business’s privacy policy and what content is required to be disclosed in that privacy policy, and the methods by which a company must provide consumers with a right to opt out from the sale of their personal information. Continue Reading What do the final CCPA regulations mean for you?

Phone and gavelUndoubtedly, the biggest TCPA development in the last month was the recent Supreme Court oral argument in Barr v. American Association of Political Consultants Inc., Case No. 19-631, which has the potential to upend TCPA jurisprudence as we know it.  While we wait for a Supreme Court decision, the oral argument made a few things clear:

Continue Reading TCPA Turnstile: As we wait for a ruling in Barr, new case law abounds (TCPA Case Update Vol. 12)

“Should we do a Zoom?” It has taken little more than a month for the Zoom video conference platform to take its place among the likes of Google, Kleenex and Xerox as brand names synonymous with the product or service being offered. But with that name recognition comes scrutiny, and Zoom is getting plenty. The privacy and security issues associated with Zoom have been well-documented. As a result, Zoom is now facing class action lawsuits from both shareholders and users. And the use of Zoom (and other platforms) can raise ethics issues for lawyers.

Continue Reading Zooming into New Privacy Issues

Phone and gavelWe’re a quarter of the way through 2020 — even if March may have seemed liked several years unto itself — and it is shaping up to be another big year for TCPA litigation.  We’ve gone through the dozens of TCPA decisions published this year and identified the five most notable cases and storylines that we will be following closely for the rest of 2020.

Continue Reading Five Key TCPA cases to Know as We Enter the Second Quarter of 2020 (TCPA Case Update Vol. 11)