Privacy & Data Protection

Key Takeaway: Companies and social media influencers should conduct reasonable due diligence and consider the potential for trademark infringement lawsuits before they post promotional content. Both parties should also consider what contractual protections and provisions make sense for each influencer relationship.
Continue Reading Social Media Influencer Faces Trademark Infringement Suit

Takeaway:

The Second Circuit recently affirmed a district court decision denying enforcement of an arbitration clause because it found that Subway’s website was “cluttered” and that the terms and conditions were not clear and conspicuous. The decision emphasizes that terms and conditions must be easily located.
Continue Reading Court Holds That Subway’s “Cluttered” Website Inhibits Ability to Compel Arbitration

Against the background of lawsuits and debate about the role of communications service providers in moderating speech on their platforms, the U.S. Supreme Court has weighed in, affirming that private entities that host forums for speech are not state actors subject to constitutional requirements.

The Decision

In a 5-4 decision by Justice Kavanaugh, the Court held in Manhattan Community Access Corp. v. Halleck, 587 U.S. __ (2019) that a private, nonprofit corporation operating a public-access TV channel is not a state actor subject to the First Amendment. Producers of public access programming had claimed the channel was a state actor that violated their First Amendment rights after it suspended them from its services due to their films’ content. The Court disagreed.
Continue Reading SCOTUS: Private Entities Operating Forums for Speech Are Not State Actors

Businesses that market and sell to consumers are heavily focused on navigating federal and state legal issues related to advertising, privacy, promotions, products liability, government investigations, unfair competition, class actions and general consumer protection. The California Consumer Privacy Act (CCPA) has introduced a series of robust obligations for brick and mortar businesses that collect personal

California’s new Autobot Law, Cal. Bus. & Prof. Code § 17940, et seq. (SB 1001), which goes into effect July 1, 2019, may affect businesses that use chatbots to interact with customers online. As the nation’s first autobot regulation, SB 1001 makes it unlawful “to use a bot to communicate or interact with another person

Nevada is the latest state to strengthen privacy laws to address the perceived need for more oversight of how companies handle personal data. On May 29, 2019, Nevada’s governor signed into law Senate Bill 220, which amends the state’s online privacy notice statute, Nev. Rev. Stat. Ann. § 603A.300 et. seq. The amendments provide consumers with the right to restrict an entity’s “sale” of covered information while also excluding certain entities from the statute’s application. The amendments become effective October 1, 2019.

Continue Reading Nevada Expands Online Privacy Law to Grant Consumers Additional Rights While Excluding Certain Institutions From Compliance

The Ninth Circuit recently held a company vicariously liable for the actions of a downstream vendor of text message and telephone marketing activities. Companies should consider due diligence and vendor oversight protocols as counter-measures to limit the risk of liability for digital advertising and text marketing activities. Read the full article here.

New changes to the Massachusetts data breach notification statute emphasize timely and public disclosure of data security incidents, including requiring companies to disclose compliance with Massachusetts’ data security law. Among other more technical changes, H. 4806, effective April 11, increases the information that breached companies must provide to Massachusetts state agencies and provides for ways that information will be made public. Under the changes, when a breach is reported to the attorney general and the director of the Office of Consumer Affairs and Business Regulation (OCABR):

  • Companies are required to disclose whether or not they have the written information security plan required by MA law;
  • The OCABR is required to make consumer notices provided to it public within one day, and update the breach notification report on its website within 10 days; and
  • The OCABR is required to inform consumers of their ability to file a public records request to obtain a copy of the notice provided to the AG and OCABR.


Continue Reading Updates to Massachusetts Data Security Requirements

On December 29, 2018, Google won summary judgment in Rivera v. Google, a privacy class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The case involved “face grouping,” a feature that enables Google Photos to automatically sort and group the photographs in a user’s private account based on visual similarities between