On June 25, 2021, the U.S. Supreme Court in TransUnion LLC v. Ramirez (No. 20-297, slip op.) clarified that for standing purposes in federal courts, an important difference exists between (i) a plaintiff’s statutory cause of action to sue over a violation of law, and (ii) a plaintiff suffering concrete harm because of the violation of law. The Court stated that “an injury in law is not an injury in fact” and held that only those plaintiffs who suffer a “concrete injury” apart from the violation of law alone have standing to sue. This case involved TransUnion’s alleged inaccurate reporting of class members as potential threats to America’s national security. Only a subset of the class, however, was the subject of these incorrect reports provided to third parties, and the Court acknowledged only these individuals as having standing to sue. Continue Reading Recent Federal Court Decisions Creating Uncertainty Around CCPA Standing
Last week a new privacy law limiting what businesses can do with biometric data (for example, facial recognition information and fingerprints) took effect in New York City. The new ordinance requires commercial establishments that collect biometric information to post notices to customers explaining how their data will be used. The law applies to a wide range of businesses, including stores, restaurants, and theaters. The ordinance defines “biometric identifier information” as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.” The law does, however, permit the collection, use, and retention of biometric identifying data if a notice to customers in “plain, simple language” is clearly displayed. The NYC Commissioner of Consumer and Worker Protection is expected to issue further guidance detailing the exact requirements that businesses must follow to comply with the law. Continue Reading Biometrics Privacy Law Takes Effect in NYC
On June 24, 2021, Google announced that it would extend the phase-out timeline for Chrome’s support of third-party cookies by nearly two years. Although Google originally planned to remove third-party cookie support by early 2022, the revised deadline for late 2023 represents Google’s intent to “move at a responsible pace” that will allow further discussion and engagement with the public and regulators, and to give publishers and the advertising industry at large more time to adjust their services. Continue Reading Google Extends Phase-Out Timeline for Third-Party Cookies
With the release of iOS 14.5, Apple introduced new App Tracking Transparency (ATT) standards requiring iOS app developers to either cease engaging in user and device data tracking or request permission to continue doing so. According to Apple, “tracking” occurs when user or device data is either (1) linked with information that identifies such user or device collected on apps, websites and other locations owned by third parties for the purposes of targeted advertising or advertising measurement, or (2) shared with data brokers. Continue Reading iOS Tracking Analysis
On June 8, the Colorado General Assembly passed Senate Bill 190, the Colorado Privacy Act (“CPA”). The bill now awaits signature from Gov. Jared Polis, who has ten days to sign off on or veto the bill.
On April 26, 2021, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation, jointly released the draft Interim Regulations on the Administration of Personal Information Protection for Mobile Internet Applications. The Draft Interim Regulations apply specifically to data collection via mobile applications and are intended to function alongside China’s currently proposed omnibus data protection legislation, the Personal Information Protection Law. The Draft Interim Regulations were open for public comment until May 26, 2021, and the US-China Business Council submitted comments from its members, including Perkins Coie. Continue Reading China Proposes Draft Regulations for the Protection of Personal Information Collected Via Mobile Applications
Perkins Coie was pleased to host California Attorney General Rob Bonta for a May 25 virtual event with business leaders from across a range of sectors, including healthcare, finance, retail, and technology. Attorney General Bonta is the 34th person to hold his office and was sworn in just a month ago on April 23. He shared about his background as well as his passion for protecting Californians.
California Deputy Attorney General Lisa Kim shared insights on the California Consumer Privacy Act (CCPA) enforcement and rulemaking at a live webinar hosted by the IAPP and California Lawyers Association Privacy Law Section on April 22, 2021. She pointed out key areas of focus for businesses as they develop and improve their CCPA compliance efforts. Here are some key takeaways from her remarks:
On April 7, Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.
Hosted by Perkins Coie partners Dominique Shelton Leipzig, David Biderman, and Jill Louis, the CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions. Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology