On April 26, 2021, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation, jointly released the draft Interim Regulations on the Administration of Personal Information Protection for Mobile Internet Applications. The Draft Interim Regulations apply specifically to data collection via mobile applications and are intended to function alongside China’s currently proposed omnibus data protection legislation, the Personal Information Protection Law. The Draft Interim Regulations were open for public comment until May 26, 2021, and the US-China Business Council submitted comments from its members, including Perkins Coie. Continue Reading China Proposes Draft Regulations for the Protection of Personal Information Collected Via Mobile Applications

Perkins Coie was pleased to host California Attorney General Rob Bonta for a May 25 virtual event with business leaders from across a range of sectors, including healthcare, finance, retail, and technology. Attorney General Bonta is the 34th person to hold his office and was sworn in just a month ago on April 23. He shared about his background as well as his passion for protecting Californians.

Continue Reading Dominique Shelton Leipzig and David Biderman Host California Attorney General Rob Bonta

On May 18, 2021, a consumer filed a putative class action lawsuit against a tech company in California federal court. The consumer alleges that the company violates users’ privacy by selling their personally identifiable information (PII) to third parties in connection with a real-time bidding system it uses for digital ad sales. In his complaint, the plaintiff alleges that the company represented in its privacy policy, terms of service, and elsewhere that a user’s PII would not be shared with third parties without the user’s consent. However, the complaint avers that the company purportedly sold users’ PII—including user location data, browsing history, and demographic and health information—to third parties that participate in the company’s ad bidding auction process, and that it did so without ever informing users that their data was being shared. The complaint alleges that this conduct violates the Electronic Communications Privacy Act (ECPA) as well as a range of consumer privacy and contract rights under California constitutional, statutory, and common law. Continue Reading Class Action Lawsuit Alleges Improper Sale of PII for Ad Bidding Purposes

California Deputy Attorney General Lisa Kim shared insights on the California Consumer Privacy Act (CCPA) enforcement and rulemaking at a live webinar hosted by the IAPP and California Lawyers Association Privacy Law Section on April 22, 2021. She pointed out key areas of focus for businesses as they develop and improve their CCPA compliance efforts. Here are some key takeaways from her remarks:

Continue Reading California Deputy Attorney General Addresses CCPA Enforcement and Rulemaking, Anticipating CPRA

On April 7, ​​Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.

Hosted by Perkins Coie partners Dominique Shelton Leipzig, David Biderman, and Jill Louis, the CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions. Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology

On March 19, 2021, Colorado State Senators Richard Rodriguez (D) and Paul Lundeen (R) introduced Senate Bill 21-190 as part of a bipartisan effort to make Colorado the latest state to implement comprehensive legislation establishing certain consumer data privacy rights. Dubbed “A Bill for an Act Concerning Additional Protection of Data Relating to Personal Privacy,” SB 21-190 largely follows in the footsteps of California’s CCPA, Virginia’s CDPA and the European Union’s GDPR with a stated intent to “empower consumers to protect their privacy and require companies to be responsible custodians of data as they continue to innovate.” Continue Reading Colorado Joins Ranks of States Introducing Consumer Data Privacy Legislation

Guest Author Bird & Bird, Anna Shashina, Partner

On March 1, 2021, substantial amendments to the Russian Federal Law on Personal Data (No. 152-FZ), implemented on July 27, 2006, came into effect (“Amendments”). The Amendments change the rules on processing of publicly disseminated personal data and affect businesses that publish or use personal data on the internet. In particular, employers who publish employee personal data on a website need to examine the Amendments and implement new consent requirements. Data subjects now have wider powers to control and authorize the processing of their data in the public domain. Data subjects also have a right to request that data operators that are disseminating their data (and any company down the data processing chain) cease transferring such data.

What Are the Key Amendments? Continue Reading Russia: Overhaul of Publicly Disseminated Data Processing

On March 15, 2021, the California Attorney General approved additional regulations for the California Consumer Privacy Act (CCPA), which focuses on the right to the right to opt-out of sale, authorized agents, and notices to consumers under 16 years of age.  Specifically, sections 999.306, 999.315, 999.326 and 999.332 were revised and/or added to the CCPA regulations in this final review.  This privacy quick tip highlights the changes that were made. Continue Reading California Attorney General Approves New Regulations Governing the California Consumer Privacy Act

On March 17, 2021, California officials announced their appointees to the five-member inaugural board of the California Privacy Protection Agency (CPPA). Approved by voters in the November 2020 election cycle, the California Privacy Rights Act (CPRA) called for the creation of the CPPA, an administrative agency tasked with the enforcement of the CPRA and the 2018 California Consumer Privacy Act (CCPA). Below is an overview of the CPPA Board and the appointees who will be leading the agency. Continue Reading California Officials Announce Board Member Appointees to the California Privacy Protection Agency

A federal court in California recently dismissed a lawsuit brought under the California Consumer Privacy Act (CCPA) against Walmart, concluding that the CCPA did not apply retroactively and that the plaintiff had failed to specify the date of the alleged violation giving rise to his claim. The case—Gardiner v. Walmart Inc.—represents a meaningful hurdle for potential CCPA plaintiffs whose claims are either undated or predate the CCPA’s effective date. Continue Reading Court Rules that CCPA Does Not Apply Retroactively and Requires Specific Allegations Regarding Date of Violation