Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Cybersecurity Law & StrategyFeaturesCybersecurityPrivacyRegulationTechnology Media and Telecom

More Regulation, Stronger Investigations and Home Tech Devices Concerns to Come in 2020, New Gibson Dunn Report Warns

By Steve Salkin
February 01, 2020

On Data Privacy Day last month, Gibson Dunn released the eighth edition of its United States Cybersecurity and Data Privacy Outlook and Review. The report details trends that the privacy industry saw in 2019 from a legislative, regulatory and judicial perspective.

One of the biggest trends from 2019 was the increased significance and complexity of privacy-related regulatory investigations, according to the report's co-author Alexander Southwell, former cybercrime prosecutor and chair of Gibson Dunn's U.S. Privacy, Cybersecurity and Consumer Protection Practice Group. "The scope and breadth of investigations and the magnitude of resolutions, both in the U.S. and the EU, signals how important privacy issues have become to regulators and how significant those regulatory investigations can become to companies," he says. For example, in March of 2019, the Federal Trade Commission (FTC) issued orders to seven U.S. Internet broadband providers and related entities seeking information about how they collect, retain, use, and disclose information about consumers and their devices. And early this year, the FTC announced that it has strengthened its data security orders, making them more specific, increasing third-party assessor accountability, and elevate data security considerations to the C-suite and Board level.

The report also cites several specific enforcement actions the FTC took in 2019 related to data privacy and security, including a settlement in December with the former CEO of Cambridge Analytica.

One trend that started in 2019 that will carry over into 2020, Southwell says, is the attention paid to passive listening devices — smart speakers, Internet-connected home video surveillance products and other connected in-home "Internet of Things" devices. "As those technologies become more wide-spread in usage, the privacy and cybersecurity issues will become more significant," he says.

AI and facial recognition will also be a focus this year, according to Southwell, "both in terms of their use and the risks related to privacy and cybersecurity, which will in turn likely generate more interest and attention by legislators and regulators."

On the judicial front, the report cites several important privacy and security litigation from 2019, but Southwell notes that we're still feeling the effect of is the U.S. Supreme Court's 2016 ruling in Spokeo, Inc. v. Robins, 136 S.Ct. 1540, in which the Court found that a plaintiff suing in federal court must allege an injury that is "particularized" and "concrete," rather than speculative. That case, Southwell says, "continues to have a dramatic effect on privacy cases with a deepening circuit split."

Biometrics and Cellphone Data

The report mentions that several court decisions have addressed the issue of accessing personal data stored on cellphones and how "courts have reached divergent conclusions regarding the Government's authority to demand that an individual provide biometric input (such as pressing their fingerprint) to unlock digital devices." For example, in one case, In the Matter of the Search of a Residence in Oakland, 354 F. Supp. 3d, 1010, 1013 (N.D. Cal. 2019), an application for a warrant to search electronic devices included the authority for a person present during the search to provide biometric data to unlock the devices. The court denied the application, saying that forcing the person to provide the biometric data is like forcing a witness to testify and thus a violation of the Fifth Amendment. However, in In the Matter of the Search Warrant Application for the Cellular Telephone in United States v. Anthony Barrera, No. 19 CR 439, 2019 WL 6253812 (N.D. Ill. Nov. 22, 2019), the court compared providing biometric data to providing blood or handwriting samples, which courts have routinely held to be non-testimonial.

State Privacy Legislation

The report points out several state privacy laws either in effect (the California Consumer Privacy Act (CCPA)) in process (Nevada, Maine, NY) or coming soon (Washington, Florida, Texas, Massachusetts, New Jersey, Virginia, and New Hampshire). All of these state laws share the fundamental concept that "privacy protections is a significant area of focus for state legislatures, particularly in light of the absence of comprehensive federal legislation," Southwell says. "Each law is focused on addressing privacy issues in different ways and they are not simply CCPA copycats."

And so what about the possibility of a federal privacy regulation in 2020? "At this point, I don't believe there's a reasonable prospect of a federal privacy statute," Southwell says, "in part because of the difficulty in passing any legislation in today's political environment and in part due to the complex nature of privacy legislation, with many different interests at play and an absence of clear political priorities."

*****

Steven Salkin, Esq., is the Managing Editor of Cybersecurity Law & Strategy. He can be reached at [email protected] and on Twitter @ljn_online.

 

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Overview of Regulatory Guidance Governing the Use of AI Systems In the Workplace Image

Businesses have long embraced the use of computer technology in the workplace as a means of improving efficiency and productivity of their operations. In recent years, businesses have incorporated artificial intelligence and other automated and algorithmic technologies into their computer systems. This article provides an overview of the federal regulatory guidance and the state and local rules in place so far and suggests ways in which employers may wish to address these developments with policies and practices to reduce legal risk.

Is Google Search Dead? How AI Is Reshaping Search and SEO Image

This two-part article dives into the massive shifts AI is bringing to Google Search and SEO and why traditional searches are no longer part of the solution for marketers. It’s not theoretical, it’s happening, and firms that adapt will come out ahead.

While Federal Legislation Flounders, State Privacy Laws for Children and Teens Gain Momentum Image

For decades, the Children’s Online Privacy Protection Act has been the only law to expressly address privacy for minors’ information other than student data. In the absence of more robust federal requirements, states are stepping in to regulate not only the processing of all minors’ data, but also online platforms used by teens and children.

Revolutionizing Workplace Design: A Perspective from Gray Reed Image

In an era where the workplace is constantly evolving, law firms face unique challenges and opportunities in facilities management, real estate, and design. Across the industry, firms are reevaluating their office spaces to adapt to hybrid work models, prioritize collaboration, and enhance employee experience. Trends such as flexible seating, technology-driven planning, and the creation of multifunctional spaces are shaping the future of law firm offices.

From DeepSeek to Distillation: Protecting IP In An AI World Image

Protection against unauthorized model distillation is an emerging issue within the longstanding theme of safeguarding intellectual property. This article examines the legal protections available under the current legal framework and explore why patents may serve as a crucial safeguard against unauthorized distillation.