Privacy Counsel

In the absence of a federal privacy bill, nearly 20 states have passed comprehensive privacy laws. On July 1, three of these states — Florida, Oregon, and Texas — have new laws going into effect, with Montana’s effective in October.

This article discusses the principle of data minimization in the context of commercial applications of generative artificial intelligence (GenAI) technology and tools.

The US Department of Health and Human Services (HHS) and Federal Trade Commission (FTC) have distinct yet intersecting roles in regulating business practices involving individuals’ health information.

With the recent passage of Assembly Bill (AB) 254 and AB 1697, California’s Confidentiality of Medical Information Act (CMIA) will extend privacy protections to reproductive and sexual health information on mobile applications and internet websites.

Artificial intelligence (AI) burst into the public consciousness less than one year ago, with OpenAI’s highly successful public release of ChatGPT.

From its founding in 1914 until roughly 2018, the Federal Trade Commission (FTC) enjoyed near complete hegemony as the primary consumer protection enforcement agency in the United States.

The Federal Trade Commission’s (FTC) privacy and consumer protection enforcement program is in the midst of a transformative period under the leadership of Chair Lina Kahn.

The Federal Trade Commission (FTC) is more active in privacy and data security enforcement actions now than at any time in recent memory.

On July 13, 2023, The Washington Post broke the news that the Federal Trade Commission (FTC) had issued a Civil Investigative Demand (CID) — a sort of a pre-litigation subpoena as part of what is supposed to be a nonpublic investigation — to OpenAI, LLC, the maker of ChatGPT and DALL-E.

In a putative class action filed on June 28, 2023, in the Northern District of California, and in other similar cases, plaintiffs allege that OpenAI, Microsoft, and their respective affiliates violated the privacy rights of millions of internet users through large-scale data scraping.

In the closely-watched first case to go to trial under the Illinois Biometric Information Privacy Act (BIPA), a federal judge has now vacated a $228 million award of statutory liquidated damages. The judge concluded that damages under BIPA are discretionary and ordered a new trial on damages.

Companies around the world are rushing to integrate generative artificial intelligence (GenAI) into their user interfaces to automate and deliver tailored website and application interfaces, customer service interactions, and advertising content to individual users in more personalized ways than eve

In the United States, the principle of data minimization is embedded firmly within the Federal Trade Commission (FTC) Act, through FTC enforcement activities, and in the host of state-level privacy laws and rules that have proliferated in recent years.

Data protection assessments are required for high-risk processing activities in a rapidly growing set of federal, state, and international comprehensive privacy laws.

Pixels are the new cookies. Here we go again. The Federal Trade Commission is continuing its assault on trackers with its latest enforcement actions against GoodRx Inc. and BetterHelp Inc.

Headlines that Matter for Privacy and Data Security.

A split Illinois Supreme Court issued on Friday another long-awaited decision interpreting the Illinois Biometric Information Privacy Act (BIPA), holding that a separate BIPA violation occurs with each undisclosed and unconsented-to scan or transmission of an individual’s biometric identifier.

In recent months, there has been a surge of class actions brought under the Illinois Biometric Information Privacy Act (BIPA) against retailers using virtual “try-on” features on their websites.

In a long-awaited development, on February 2, 2023, the Illinois Supreme Court held that all claims under the Illinois Biometric Information Privacy Act (BIPA) are subject to a five-year statute of limitations. 

The newest old privacy law being weaponized in consumer class actions is the Video Privacy Protection Act (VPPA), a Reagan- era law passed in the wake of Judge Robert Bork’s video rental history being leaked to the press.  

Five new state omnibus privacy laws take effect in 2023, with two that already kicked in on January 1.

Headlines that Matter for Privacy and Data Security.

Illinois Biometric Information Privacy Act (BIPA) class action lawsuits were heavily litigated again in 2022, as plaintiffs continued to target companies using biometric technology and their vendors. At the same time, avoiding liability continued to be a challenge for businesses defending BIPA cases

Headlines that Matter for Privacy and Data Security.

Headlines that Matter for Privacy and Data Security.