privacy

Court Orders Production of a Data Breach Forensic Report, Rejecting Arguments That Attorney-Client Privilege and Work Product Protection Apply

By Beth George, Allison Bender & Megan Kayo on January 19, 2021

On January 12, 2021, the District Court of the District of Columbia was the latest court to grant a motion to compel production of a forensic report prepared by an external security-consulting firm in data breach litigation.¹ This case involved a cyberattack on a law firm that led to the public dissemination of the confidential information of the plaintiff, who was a former client of the firm. The plaintiff moved to compel his former law firm to produce “all reports of its forensic investigation into the cyberattack.”² The defendant asserted that it had produced all relevant materials, including materials related to a second-track investigation conducted by its usual cybersecurity vendor, eSentire, for business continuity purposes. However, the plaintiff also sought a report prepared by Duff & Phelps, who was retained by the defendant’s outside litigation counsel. The defendant argued the Duff & Phelps report was protected by the work-product and attorney-client privileges. The court rejected the defendant’s arguments and ordered production of the Duff & Phelps report and associated materials.
Continue Reading Court Orders Production of a Data Breach Forensic Report, Rejecting Arguments That Attorney-Client Privilege and Work Product Protection Apply

U.S. Supreme Court May End Key FTC Consumer Protection Enforcement Practice

By Christopher Olsen, Lydia Parnes & Stephen Schultze on January 14, 2021

Posted in Privacy

Justices Considered Whether Certain Court-Imposed Monetary Remedies Are Legal

On Wednesday, January 13, 2021, the U.S. Supreme Court heard arguments in the much-anticipated case of AMG v. FTC, which challenges the Federal Trade Commission’s (FTC’s) authority to obtain monetary relief in court under Section 13(b) of the FTC Act. The Court’s decision is likely to have a significant impact on the relief the FTC is able to obtain in federal court proceedings.
Continue Reading U.S. Supreme Court May End Key FTC Consumer Protection Enforcement Practice

European Commission Proposes New Rules for Digital Platforms

By Cédric Burton, Jan Dhont, Gorka Navea, Nikolaos Theodorakis, Roberto Yunquera Sehwani, Deirdre Carroll, Carol Evrard, Thomas Martin Pflock & Maximin Orsero on January 13, 2021

Posted in Cybersecurity, European Union, Privacy, Regulatory

On December 15, 2020, the European Commission (EC) unveiled a set of proposals to regulate digital platforms. The draft laws include antitrust-related requirements, addressed by the Digital Markets Act (DMA) and more general regulatory requirements, addressed in the Digital Services Act (DSA). The DMA/DSA package will apply to all digital services, including social media, online marketplaces, and other online platforms, meaning tech companies active in Europe will have a new set of rules to follow.
Continue Reading European Commission Proposes New Rules for Digital Platforms

The Privacy Impact of the New Brexit Deal

By Jan Dhont, Christopher Olsen, Christopher Foo & Lore Leitner on December 30, 2020

Posted in European Union, Privacy, Regulatory

On December 24, 2020, the European Commission (EC) and UK government announced the long-awaited EU-UK Trade and Cooperation Agreement (the Brexit Agreement), which sets out the future relations between the EU and the UK. If approved, the Brexit Agreement will become effective on January 1, 2021, and will have the following repercussions:
Continue Reading The Privacy Impact of the New Brexit Deal

CNIL Issues Updated Cookie Guidance

By Cédric Burton, Jan Dhont, Lore Leitner & Alexandre Lépine on October 7, 2020

Posted in European Union, Privacy, Regulatory

On October 1, 2020, the French data protection authority (the CNIL) issued the final version of its guidelines on the use of cookies and other trackers (the Guidelines), replacing a first draft published on July 4, 2019. While the main principles remain unchanged, this version provides further practical guidance for website and mobile application publishers using cookies and trackers. The CNIL indicated that the deadline for compliance with the new rules should not exceed six months, which means that companies have until March 2021 to ensure compliance.
Continue Reading CNIL Issues Updated Cookie Guidance

U.S. Government Publishes White Paper on International Data Transfers Following Schrems 2.0 Judgment

By Jan Dhont, Nikolaos Theodorakis & Roberto Yunquera Sehwani on October 7, 2020

Posted in Privacy, Regulatory

On September 28, 2020, the U.S. Department of Commerce (DoC) published a white paper co-authored by the U.S. Department of Justice (DoJ) and the Office of the Director of National Intelligence (white paper)^[1] which provides information on the safeguards under U.S. law to limit the collection of data from private companies by U.S. intelligence services. The white paper addresses concerns raised by the EU Court of Justice (ECJ) when it invalidated the EU-U.S. Privacy Shield framework (Privacy Shield) and imposed certain conditions on the use of Standard Contractual Clauses (SCCs).
Continue Reading U.S. Government Publishes White Paper on International Data Transfers Following Schrems 2.0 Judgment

The Data Advisor