On June 25, 2021, the U.S. Supreme Court in TransUnion LLC v. Ramirez (No. 20-297, slip op.) clarified that for standing purposes in federal courts, an important difference exists between (i) a plaintiff’s statutory cause of action to sue over a violation of law, and (ii) a plaintiff suffering concrete harm because of the violation of law. The Court stated that “an injury in law is not an injury in fact” and held that only those plaintiffs who suffer a “concrete injury” apart from the violation of law alone have standing to sue. This case involved TransUnion’s alleged inaccurate reporting of class members as potential threats to America’s national security. Only a subset of the class, however, was the subject of these incorrect reports provided to third parties, and the Court acknowledged only these individuals as having standing to sue. Continue Reading Recent Federal Court Decisions Creating Uncertainty Around CCPA Standing

Last week a new privacy law limiting what businesses can do with biometric data (for example, facial recognition information and fingerprints) took effect in New York City. The new ordinance requires commercial establishments that collect biometric information to post notices to customers explaining how their data will be used. The law applies to a wide range of businesses, including stores, restaurants, and theaters. The ordinance defines “biometric identifier information” as any “physiological or biological characteristic that is used by or on behalf of a commercial establishment, singly or in combination, to identify, or assist in identifying, an individual, including, but not limited to: (i) a retina or iris scan, (ii) a fingerprint or voiceprint, (iii) a scan of hand or face geometry, or any other identifying characteristic.” The law does, however, permit the collection, use, and retention of biometric identifying data if a notice to customers in “plain, simple language” is clearly displayed. The NYC Commissioner of Consumer and Worker Protection is expected to issue further guidance detailing the exact requirements that businesses must follow to comply with the law. Continue Reading Biometrics Privacy Law Takes Effect in NYC

On June 24, 2021, Google announced that it would extend the phase-out timeline for Chrome’s support of third-party cookies by nearly two years. Although Google originally planned to remove third-party cookie support by early 2022, the revised deadline for late 2023 represents Google’s intent to “move at a responsible pace” that will allow further discussion and engagement with the public and regulators, and to give publishers and the advertising industry at large more time to adjust their services. Continue Reading Google Extends Phase-Out Timeline for Third-Party Cookies

With the release of iOS 14.5, Apple introduced new App Tracking Transparency (ATT) standards requiring iOS app developers to either cease engaging in user and device data tracking or request permission to continue doing so. According to Apple, “tracking” occurs when user or device data is either (1) linked with information that identifies such user or device collected on apps, websites and other locations owned by third parties for the purposes of targeted advertising or advertising measurement, or (2) shared with data brokers. Continue Reading iOS Tracking Analysis

On April 26, 2021, the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation, jointly released the draft Interim Regulations on the Administration of Personal Information Protection for Mobile Internet Applications. The Draft Interim Regulations apply specifically to data collection via mobile applications and are intended to function alongside China’s currently proposed omnibus data protection legislation, the Personal Information Protection Law. The Draft Interim Regulations were open for public comment until May 26, 2021, and the US-China Business Council submitted comments from its members, including Perkins Coie. Continue Reading China Proposes Draft Regulations for the Protection of Personal Information Collected Via Mobile Applications

Perkins Coie was pleased to host California Attorney General Rob Bonta for a May 25 virtual event with business leaders from across a range of sectors, including healthcare, finance, retail, and technology. Attorney General Bonta is the 34th person to hold his office and was sworn in just a month ago on April 23. He shared about his background as well as his passion for protecting Californians.

Continue Reading Dominique Shelton Leipzig and David Biderman Host California Attorney General Rob Bonta

On May 18, 2021, a consumer filed a putative class action lawsuit against a tech company in California federal court. The consumer alleges that the company violates users’ privacy by selling their personally identifiable information (PII) to third parties in connection with a real-time bidding system it uses for digital ad sales. In his complaint, the plaintiff alleges that the company represented in its privacy policy, terms of service, and elsewhere that a user’s PII would not be shared with third parties without the user’s consent. However, the complaint avers that the company purportedly sold users’ PII—including user location data, browsing history, and demographic and health information—to third parties that participate in the company’s ad bidding auction process, and that it did so without ever informing users that their data was being shared. The complaint alleges that this conduct violates the Electronic Communications Privacy Act (ECPA) as well as a range of consumer privacy and contract rights under California constitutional, statutory, and common law. Continue Reading Class Action Lawsuit Alleges Improper Sale of PII for Ad Bidding Purposes

California Deputy Attorney General Lisa Kim shared insights on the California Consumer Privacy Act (CCPA) enforcement and rulemaking at a live webinar hosted by the IAPP and California Lawyers Association Privacy Law Section on April 22, 2021. She pointed out key areas of focus for businesses as they develop and improve their CCPA compliance efforts. Here are some key takeaways from her remarks:

Continue Reading California Deputy Attorney General Addresses CCPA Enforcement and Rulemaking, Anticipating CPRA

On April 7, ​​Perkins Coie’s CXO Summit gathered more than 50 C-suite and board leaders for an executive leadership virtual forum addressing how technology is shaping healthcare’s future amid the COVID-19 pandemic.

Hosted by Perkins Coie partners Dominique Shelton Leipzig, David Biderman, and Jill Louis, the CXO Summit participants discussed how technology is being used to further combat COVID-19, monitor patient diagnostics, augment clinical workflows, detect fraud and data breaches, and inform effective treatments, among other key tasks and medical interventions. Continue Reading Perkins Coie Convenes CXO Summit Addressing Future of Healthcare Technology