Tag: Data Privacy

1
Will 2023 Be the Year When the United States Receives an Adequacy Decision under GDPR from the European Union?
2
Children’s Online Privacy Protection Act (COPPA) of 1998: Protection for the US’s Youngest Data Subjects
3
New Data Privacy Considerations Heighten the Need for Attention to Records Management and Information Governance Practices
4
Chinese Data Security, Data Protection, and Cybersecurity Law: A Recent Enforcement Action Resulting in Large Fines Highlight Risks
5
New Risks of the Evolving Workforce
6
Allen v. PPE Casino Resorts Maryland, LLC (D. Md. 2021)
7
AnywhereCommerce, Inc. v. Ingenico, Inc. (D. Mass. 2021)
8
In re Valsartan N-Nitrosodimethylamine, Losartan, & Irbesartan Prod. Liab. Litig. (D.N.J. 2021)
9
Denson v. Corp. of the President of the Church of Jesus Christ of Latter-Day Saints (D. Utah, 2020)
10
Rodriguez-Ruiz v. Microsoft Operations Puerto Rico (District of Puerto Rico, 2020)

Will 2023 Be the Year When the United States Receives an Adequacy Decision under GDPR from the European Union?

Electronic discovery for legal matters within the United States often involves preserving, collecting, processing, reviewing, and producing data that concern individuals living outside the United States. In some of these situations, the data privacy laws of jurisdictions outside the United States can complicate electronic discovery to be performed in the United States. Perhaps the most well-known data privacy law is the European Union’s General Data Protection Regulation (“GDPR”), which outlines requirements related to the processing of the personal data of individuals residing in the and the European Economic Area (“EEA”) and addresses the transfer of data outside the EEA.

Read More

Children’s Online Privacy Protection Act (COPPA) of 1998: Protection for the US’s Youngest Data Subjects

A number of recent state regulations address privacy rights for consumers of all ages, but there is no equivalent federal law protecting all consumer’s privacy rights. That being said, the Children’s Online Privacy Protection Act of 1998 (“COPPA,” at 15 U.S. Code §6501 et seq.) provides some federal protection for data subjects under 13 years of age.  This act requires the operator of a “website or online service directed to children” to provide notice on the website regarding the collection, use, and disclosure of a child’s personal information and to obtain “verifiable parental consent” for the noticed collection, use, and disclosure, with some exemptions.  Parents have the right to request a description of the types of personal information collected, to revoke consent (including the operators’ use and maintenance of already collected data in addition to termination of future collection), and to obtain the personal information collected from their child(ren).  By the same token, a website operator may terminate provision of services to a child when the parent has revoked consent for the use, maintenance, and/or further collection of personal information from the child.  Additionally, website operators are prohibited from offering a prize for, or requiring a child to provide, additional personal information in order to participate in a game or activity.  Under 15 U.S. Code §6504, the Attorney General of any US state may bring civil action for violations of 15 U.S. Code §6502(b) as parens patriae on behalf of the residents of that state.

Read More

New Data Privacy Considerations Heighten the Need for Attention to Records Management and Information Governance Practices

Information governance and records management are important considerations for all organizations.  New data and documents are generated at ever-increasing rates through the normal (and “new normal”) course of business, and these data and documents must be maintained for different periods of time to satisfy their business and legal compliance purposes.  With regard to legally-mandated retention requirements, certain business sectors (such as banking institutions, aviation and maritime companies, and businesses operating within the scope of federal Department of Energy regulations) are subject to record retention and reporting obligations that extend beyond those applicable to other types of organizations. Also, there may be insurance, contractual, and other considerations applicable to certain types of records that impact the period of time they should be maintained in the ordinary course of business. Finally, the need to preserve records potentially relevant to known or reasonably anticipated legal proceedings can create additional record preservation burdens on an organization.

Read More

Chinese Data Security, Data Protection, and Cybersecurity Law: A Recent Enforcement Action Resulting in Large Fines Highlight Risks

Electronic discovery for US litigation and legal proceedings often implicates data outside the US.  As data privacy and protection laws evolved around the globe, it’s critical to understand the limitations obstacles that may arise when collecting, processing, reviewing, and producing such data. China’s Data Security Law (“DSL”) and Personal Information Protection Law (“PIPL”), both enacted in 2021, have received heightened attention following China’s imposition of fines totaling roughly $1.2 billion in light of violations of these laws and its Cybersecurity Law (“CSL,” enacted in 2017) by Didi, China’s largest ride-sharing service provider.  China’s DSL and PIPL are particularly noteworthy of their potential application to data processing and transfer actions that may occur both during the ordinary course of business and in response to litigation in other jurisdictions, such as the United States.

Read More

New Risks of the Evolving Workforce

K&L Gates recently hosted a series of webinars covering potential legal and regulatory implications businesses must consider as a result of the now common hybrid work setting. The cross-practice series focused on compliance issues from a Tax, Data Protection, Privacy, and Security, e-Discovery Analysis and Technology, and Labor, Employment, and Workplace Safety perspective.

Webinar recordings and associated materials are available on the K&L Gates HUB.

Read More

Allen v. PPE Casino Resorts Maryland, LLC (D. Md. 2021)

Key Insight: Plaintiffs sought a protective order to prevent defendant from obtaining ESI from five different social media platforms they were active on. The court found that while a plaintiff’s social media postings could be relevant to a claim for “garden variety” emotional distress damages, some caution was necessary, such that a “deeper dive” into social media postings may be justified only in cases involving “severe and specific emotional distress” allegations. Since plaintiff alleged “garden variety” emotional distress stemming from defendant’s allegedly wrongful conduct, the discovery must be narrowed as follows: “specific references to serious, non-transient emotional distress in connection with the incidents described in their Complaint,” i.e., diagnosable conditions, visits to professionals for treatment of distress, treatment regimens and conversations regarding same; time frame limited from date contained in complaint of onset of difficulties to the date of filing of complaint; production limited to information found in a typical download of data from plaintiffs’ own accounts and plaintiffs “need not engage in extraordinary efforts in obtaining responsive information.”

Nature of Case: Employment discrimination

Electronic Data Involved: Social media posts

Case Summary

AnywhereCommerce, Inc. v. Ingenico, Inc. (D. Mass. 2021)

Key Insight: The court granted reconsideration of plaintiffs’ motion to compel discovery of documents in the possession of a corporate defendant in France. In a prior order, the court found that the GDPR did not preclude the court from ordering defendants to produce evidence, but based the order on plaintiffs’ representation that much of the requested information was located in the U.S. and therefore in the possession of domestic defendants. Thus, the court bifurcated its analysis to exclude any documents in the possession of French defendants. On reconsideration, plaintiffs claimed the important and relevant documents were located in France. Applying the factors from Restatement (Third) of Foreign Relations Law § 442(1)(c), the court found they weighed in favor of disclosure, together with the entry of a protective order that would protect France’s interests under the GDPR.

Nature of Case: Breach of contract

Electronic Data Involved: ESI generally

Case Summary

In re Valsartan N-Nitrosodimethylamine, Losartan, & Irbesartan Prod. Liab. Litig. (D.N.J. 2021)

Key Insight: Defendant claimed that information sought by Plaintiff was discoverable. Plaintiff objected on the basis of confidentiality, and the Court struck Defendant’s confidentiality designations. Specifically, the Court rejected Defendant’s claims that the emails sought contained trade secret and proprietary information, and had the potential to cause it competitive harm. The Court ordered Defendant to use the it’s ruling as an example for dealing with similarly designated documents.

Nature of Case: Diversity, Product Liability

Electronic Data Involved: Email

Case Summary

Denson v. Corp. of the President of the Church of Jesus Christ of Latter-Day Saints (D. Utah, 2020)

Key Insight: Plaintiff’s explanation regarding loss of evidence had changed and court ruled that defendant was entitled to have a third party collect and preserve the evidence. Plaintiff offered passwords to accounts, but court was concerned about possible destruction given Plaintiff’s changing explanation regarding social media accounts and recording.

Nature of Case: Sexual Assault

Electronic Data Involved: Electronic Devices and Cloud Based Accounts; Recording of conversation

Keywords: invasion of privacy, loss of evidence

View Case Opinion

Rodriguez-Ruiz v. Microsoft Operations Puerto Rico (District of Puerto Rico, 2020)

Key Insight: Social media posts are generally not protected by privacy concerns, but discovery of social media posts do need to be limited and proportional to the case’s needs

Nature of Case: Wrongful termination

Electronic Data Involved: Social media posts

Keywords: Privacy, Facebook, Microsoft, wrongful termination, ADA, social media

View Case Opinion

Copyright © 2022, K&L Gates LLP. All Rights Reserved.