Cybersecurity and Privacy Law Developments in Q4 of 2019

PDF

Professionals

Practice Areas

Attorneys of the Cybersecurity and Privacy Practice Group
Robinson Bradshaw Publication
Jan. 21, 2020

Cybersecurity and privacy law is evolving quickly as lawmakers, government agencies and plaintiffs respond to new technologies, privacy concerns and cyberattacks. Companies are facing new compliance obligations, greater legal uncertainty, and expanding liability risk from data breaches or privacy scandals. Keeping track of these legal developments can be challenging, but Robinson Bradshaw attorneys are here to help. Our quarterly updates highlight noteworthy developments of cybersecurity and privacy law from the previous quarter. Click here to subscribe to our Cybersecurity and Privacy list and receive future updates via email.

In the fourth quarter of 2019, many of the developments in cybersecurity and privacy law were influenced by the landmark California Consumer Privacy Act of 2018 (CCPA), which took effect at the beginning of 2020. Federal courts and the Federal Trade Commission also reached decisions on some of the major data breaches and privacy scandals of recent years, including a historic class settlement for consumers affected by the Equifax breach. Moreover, there was important guidance concerning the EU's General Data Protection Regulation (GDPR), including the adoption of final guidelines on extraterritorial application of the GDPR to non-EU companies. If you have questions about any of the legal developments highlighted in this quarterly update, please contact any member of our Cybersecurity and Privacy Practice Group for assistance. 

Statutes and Regulations

Litigation and Enforcement

Developments in Europe


References

[1] The text of the amendment to Nevada's Privacy of Information Collected on the Internet from Consumers Act is available at https://www.leg.state.nv.us/App/NELIS/REL/80th2019/Bill/6365/Text.

[2] The California attorney general's Proposed Text of Regulations implementing the CCPA is available at https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-proposed-regs.pdf.

[3] The Notice of Proposed Rulemaking Action issued by the California attorney general is available at https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-nopa.pdf.

[4] The Initial Statement of Reasons issued by the California attorney general is available at https://oag.ca.gov/sites/all/files/agweb/pdfs/privacy/ccpa-isor-appendices.pdf.

[5] The text of New York's Stop Hacks and Improve Electronic Data Security Act is available at https://legislation.nysenate.gov/pdf/bills/2019/A5635A.

[6] The Dec. 2019 Update to the Joint Guidance on the Application of FERPA and HIPAA to Student Health Records is available at https://www.hhs.gov/sites/default/files/2019-hipaa-ferpa-joint-guidance-508.pdf.

[7] The text of the Consumer Online Privacy Rights Act is available at https://www.congress.gov/bill/116th-congress/senate-bill/2968/text.

[8] The text of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act is available at https://www.congress.gov/bill/116th-congress/senate-bill/151/text.

[9] The FTC's opinion in In the Matter of Cambridge Analytica, Dkt. No. 9383 (Nov. 25, 2019), is available at https://www.ftc.gov/system/files/documents/cases/d09389_comm_final_opinionpublic.pdf.

[10] The Northern District of California decision in Adkins v. Facebook, Case No. C 18-05982-WHA (N.D. Cal. Nov. 26, 2019), is available at https://www.robinsonbradshaw.com/assets/htmldocuments/Adkins%20v.%20Facebook.pdf.

[11] The FTC's announcement of settlements with four companies regarding the EU-U.S. Privacy Shield is available at https://www.ftc.gov/news-events/press-releases/2019/12/ftc-announces-settlements-four-companies-related-allegations-they.

[12] The Western District of Pennsylvania decision in Popa v. Harriet Carter Gifts, Case No. 2:19-cv-00450-WSS (W.D. Pa. Dec. 6, 2019), is available at https://www.robinsonbradshaw.com/assets/htmldocuments/Popa%20v.%20Harriet%20Carter%20Gifts.pdf.

[13] The Northern District of California decision in In re Google Location History Litigation, Case No. 5:18-cv-05062-EJD (N.D. Cal. Dec. 19, 2019), is available at https://www.robinsonbradshaw.com/assets/htmldocuments/In%20re%20Google%20Location%20History%20Litigation.pdf

[14] The Northern District of Georgia decision in In re Equifax Consumer Data Security Breach Litigation, Case No. 1:17-md-2800-TWT (N.D. Ga. Jan. 13, 2020), is available at https://www.robinsonbradshaw.com/assets/htmldocuments/In%20re%20Equifax%20Consumer%20Data%20Security%20Breach%20Litigation.pdf

[15] A press release regarding the European Commission's Third Annual Review of the EU-U.S. Privacy Shield is available at https://ec.europa.eu/commission/presscorner/detail/en/IP_19_6134.

[16] The EDPB's final Guidelines 3/2018 on the Territorial Scope of the GDPR (Article 3) are available at https://edpb.europa.eu/sites/edpb/files/files/file1/edpb_guidelines_3_2018_territorial_scope_after_public_consultation_en.pdf.

[17] The EDPB's draft Guidelines 4/2019 on Article 25 Data Protection by Design and by Default under the GDPR are available at https://edpb.europa.eu/sites/edpb/files/consultation/edpb_guidelines_201904_dataprotection_by_design_and_by_default.pdf.

[18] The latest version of the proposed ePrivacy Regulation is available at https://data.consilium.europa.eu/doc/document/ST-13808-2019-INIT/en/pdf.

Main Menu