Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
More Regulation, Stronger Investigations and Home Tech Devices Concerns to Come in 2020, New Gibson Dunn Report Warns
On Data Privacy Day last month, Gibson Dunn released the eighth edition of its United States Cybersecurity and Data Privacy Outlook and Review. The report details trends that the privacy industry saw in 2019 from a legislative, regulatory and judicial perspective.
One of the biggest trends from 2019 was the increased significance and complexity of privacy-related regulatory investigations, according to the report's co-author Alexander Southwell, former cybercrime prosecutor and chair of Gibson Dunn's U.S. Privacy, Cybersecurity and Consumer Protection Practice Group. "The scope and breadth of investigations and the magnitude of resolutions, both in the U.S. and the EU, signals how important privacy issues have become to regulators and how significant those regulatory investigations can become to companies," he says. For example, in March of 2019, the Federal Trade Commission (FTC) issued orders to seven U.S. Internet broadband providers and related entities seeking information about how they collect, retain, use, and disclose information about consumers and their devices. And early this year, the FTC announced that it has strengthened its data security orders, making them more specific, increasing third-party assessor accountability, and elevate data security considerations to the C-suite and Board level.
The report also cites several specific enforcement actions the FTC took in 2019 related to data privacy and security, including a settlement in December with the former CEO of Cambridge Analytica.
One trend that started in 2019 that will carry over into 2020, Southwell says, is the attention paid to passive listening devices — smart speakers, Internet-connected home video surveillance products and other connected in-home "Internet of Things" devices. "As those technologies become more wide-spread in usage, the privacy and cybersecurity issues will become more significant," he says.
AI and facial recognition will also be a focus this year, according to Southwell, "both in terms of their use and the risks related to privacy and cybersecurity, which will in turn likely generate more interest and attention by legislators and regulators."
On the judicial front, the report cites several important privacy and security litigation from 2019, but Southwell notes that we're still feeling the effect of is the U.S. Supreme Court's 2016 ruling in Spokeo, Inc. v. Robins, 136 S.Ct. 1540, in which the Court found that a plaintiff suing in federal court must allege an injury that is "particularized" and "concrete," rather than speculative. That case, Southwell says, "continues to have a dramatic effect on privacy cases with a deepening circuit split."
|Biometrics and Cellphone Data
The report mentions that several court decisions have addressed the issue of accessing personal data stored on cellphones and how "courts have reached divergent conclusions regarding the Government's authority to demand that an individual provide biometric input (such as pressing their fingerprint) to unlock digital devices." For example, in one case, In the Matter of the Search of a Residence in Oakland, 354 F. Supp. 3d, 1010, 1013 (N.D. Cal. 2019), an application for a warrant to search electronic devices included the authority for a person present during the search to provide biometric data to unlock the devices. The court denied the application, saying that forcing the person to provide the biometric data is like forcing a witness to testify and thus a violation of the Fifth Amendment. However, in In the Matter of the Search Warrant Application for the Cellular Telephone in United States v. Anthony Barrera, No. 19 CR 439, 2019 WL 6253812 (N.D. Ill. Nov. 22, 2019), the court compared providing biometric data to providing blood or handwriting samples, which courts have routinely held to be non-testimonial.
|State Privacy Legislation
The report points out several state privacy laws either in effect (the California Consumer Privacy Act (CCPA)) in process (Nevada, Maine, NY) or coming soon (Washington, Florida, Texas, Massachusetts, New Jersey, Virginia, and New Hampshire). All of these state laws share the fundamental concept that "privacy protections is a significant area of focus for state legislatures, particularly in light of the absence of comprehensive federal legislation," Southwell says. "Each law is focused on addressing privacy issues in different ways and they are not simply CCPA copycats."
And so what about the possibility of a federal privacy regulation in 2020? "At this point, I don't believe there's a reasonable prospect of a federal privacy statute," Southwell says, "in part because of the difficulty in passing any legislation in today's political environment and in part due to the complex nature of privacy legislation, with many different interests at play and an absence of clear political priorities."
*****
Steven Salkin, Esq., is the Managing Editor of Cybersecurity Law & Strategy. He can be reached at [email protected] and on Twitter @ljn_online.
|This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
How Secure Is the AI System Your Law Firm Is Using?
In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.
COVID-19 and Lease Negotiations: Early Termination Provisions
During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.
Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support
The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.
The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.
Authentic Communications Today Increase Success for Value-Driven Clients
As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.