Last month, the Global Advertising Lawyers Alliance (GALA), in collaboration with the International Advertising Association (IAA), released the first-ever book on how privacy laws affect marketing and advertising around the world. The book, entitled “Privacy Law: A Global Legal Perspective on Data Protection Relating to Advertising & Marketing,” is over 700 pages and covers privacy laws in more than 70 countries – from Argentina to Zimbabwe.

Continue Reading GALA and IAA Release First-Ever Global Guide to Privacy Laws Related to Advertising & Marketing

On April 29, 2020, Google and Apple released the first version of their COVID-19 contact tracing tools to public health organizations. The tools, first announced by the companies on April 10th, aim to help public health agencies build apps to track and contain the virus. This article discusses how the contact tracing tools work, the planned two-phase implementation for the tools, and some of the privacy questions around the tools.

How Do the Tools Work?

“Contact-tracing” is not a new concept. The concept is that a society can limit the spread of a virus by tracing whom a person who has tested positive with a virus has recently come in contact with, and notifying those individuals to further prevent the spread of the virus. For example, if John tests positive for the virus and visits a grocery store, part of the contact tracing process would be to find and notify those individuals who came close to him in the grocery store. As you can imagine, contact tracing has historically been a laborious and inaccurate process that requires a manual review of an infected person’s interactions.

Google and Apple’s partnership aims to dramatically improve the contact tracing process by using Bluetooth technology within an infected person’s cell phone to determine whom the person has interacted with and notifying those other people. The partnership is particularly notable because it involves the creation of shared standards between two tech giants that rarely allow for any interoperability. Below is an example of how the tools work:
Continue Reading Google and Apple Release First Version of Contact Tracing Tools

Over the last several weeks, while Americans have grown accustomed to working from home, home schooling, and life in lockdown during the COVID-19 pandemic, the Zoom videoconferencing service has surged in popularity for every imaginable form of gathering, professional and personal. Zoom has become the service of choice – from team meetings to kids’ story times; from religious services to happy hours; from corporate onboarding to every manner of more “intimate” get-togethers for individuals who are following government-mandated social distancing guidelines.

The media and then, in quick succession, regulators, plaintiffs’ lawyers, and even Congress, began to scrutinize, publicize, and take legal action with respect to what were perceived as privacy or data security flaws from the latest technology darling. The result is a still-evolving case study in the classic reactionary American response to privacy and data security concerns, a phenomenon we have seen again and again in this practice space.

What sins has Zoom actually committed? Are they really so “shocking” from a privacy and data security perspective? In violation of law? Just not best practice? Creepy? And has Zoom’s iterative response served as a wet blanket or fuel for the inferno?

In this post, I explore the who, what, why, when, and how of this, at least as much as we can say as we sit here today. And because I am a hopeless nerd, I have chosen the format required by California’s data breach notification law, California Civil Code § 1798.82(d)(1), as the very best way to tell this story. We are going to use this blog post as a jumping off point for a free live and recorded roundtable discussion webinar (using WebEx [insert winking emoji here]) on April 14, 2020, at 12:30 pm Eastern/9:30 am Pacific. You can register here.
Continue Reading A Big Zooming Mess: A Cautionary Tale

Over the past several weeks, the California Attorney General (“AG”) published revisions to its proposed regulations implementing the CCPA (the “Modified Regulations”), and then further revised the Modified Regulations (“Version 2”).  Despite earlier warnings to the business community that AG’s initial draft of Regulations would not materially change, we’ve now seen it happen twice.  The full redlines of both the Modified Regulations and Version 2 are available here. This article highlights what’s new, what remains the same, what we expect to have the biggest impact on businesses working toward compliance, and the lack of predictability of next moves given the growing global health crisis.  
Continue Reading CCPA Update: Oops, the CA AG Did It Again