Tag:data privacy
How Federal Data Privacy Regulation Could Help Curb the COVID-19 Pandemic
It cannot be denied that the COVID-19 pandemic has led to many novel legal and regulatory issues. One topic of major concern both domestically and abroad is how to manage the massive amounts of consumer data being collected in the attempt to quell the spread of the virus. This issue is especially complicated to address in the United States, where a convoluted patchwork of state and federal laws interact to create a relentlessly fragmented data regulation system. Now, as state and local governments, along with tech giants like Apple and Google, continue to roll out contact tracing applications, the need for comprehensive data privacy regulation is more pressing than ever.
Understanding Circuit Splits Regarding Article III Standing in Data Breach Litigation
Complex litigation in data breach disputes is not surprising due to the reliance on information technology infrastructure. The Identity Theft Resource Center defines a data breach as “an incident in which an individual name plus a Social Security number, driver’s license number, medical record or financial record is potentially put at risk because of exposure.” However, the issue that challenges most plaintiffs’ in a data breach lawsuit is the ability to establish an injury-in-fact sufficient to support Article III standing. Injury-in-fact is harm that is concrete and particularized, and actual or imminent. Currently, the United States Court of Appeals fails to uniformly decide this issue, creating “splits” in the Circuits regarding Article III standing in data breach litigation. The Supreme Court ruled in fact-distinguishable cases concerning standing, but not in the data breach litigation context. Until the Supreme Court renders guidance, Americans face significant judicial patchwork in privacy protection.
Hospitals Across the Country at Serious Risk for Coordinated Ransomware Attacks
The Federal Bureau of Investigation (“FBI”), the Department of Health and Human Services (“HHS”), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (“CISA”) recently announced that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.
Covid-19 Tenant Eviction Long-Term Relief: Designing a more Effective Data Privacy Remedy in Tenant Screening
Covid-19 has not only damaged the health and physical well-being of those stricken by the potentially deadly coronavirus, but it has also ravaged the livelihoods and financial stability of many millions more people around the world. The virus spread across the U.S. with incredible speed as more than 100,000 people had already been infected by early March. In many ways the unexpected and quick arrival of the pandemic caught many households financially unprepared and ill-equipped to survive the economic shutdown unscathed. For those that have experienced rent hardship and have, or will soon, be subject to an eviction for non-payment of rent, they must recover not only from the short-term challenges of finding shelter and putting their lives back together, but also the long-term struggle of finding suitable housing with an often disqualifying and indelible mark on their rental history.
It’s Not Too Early to Start Worrying About Discriminatory Algorithms in Your Code: A Practical Approach to Self-Regulation
There’s no doubt that remote work, brought on by the coronavirus pandemic, will accelerate the digital revolution already underway. Consumers’ growing appetite to conduct their business online, rather than in-person, has fueled the proliferation of digitally accessible products and services. For instance, movie theaters have closed their doors while content streaming services have experienced exponential growth. And while the restaurant industry, as a whole, has suffered, ‘virtual’ kitchens and grocery delivery apps have picked up steam. A critical question that arises from these trends is “what can be done to eliminate biases in the algorithms that drive these digital transactions?”
The Supreme Court Revisits Article III Standing in TransUnion v. Ramirez
In 1993, and on the heels of the landmark Article III standing case of Lujan v. Defenders of Wildlife, John G. Roberts, Jr. wrote a law review article entitled: “Article III Limits on Statutory Standing.” Twenty-eight years later and now the Chief Justice, Roberts again found himself wrestling over the bounds of the Article III Standing requirement as he presided over this issue in the class action context. Years after the Court decided Spokeo v. Robins in 2016 and Clapper v. Amnesty International in 2013, the Court revisited the matter and listened to oral arguments on March 30, 2021, in TransUnion v. Ramirez. The decision may have enormous consequences. While Acting U.S. Solicitor General Elizabeth Prelogar filed a “friend of the court” brief agreeing that standing exists, other briefs supporting TransUnion suggest that meritless class action lawsuits against corporate defendants from class members that aren’t injured will exponentially increase.
Federal Bill May Soon Make Privacy Regulation Patchwork a Thing of the Past
Lydia Bayley Associate Editor Loyola University Chicago School of Law, JD 2022 While the COVID-19 pandemic undeniably pushed many legislative agendas to the backburner, some seem to be heating back up. With the 117th Congress now in session, data privacy is once again moving to the forefront of federal legislative debate. For decades, the United States has …
Read more
A Practical Approach to Post-Schrems II Remediation of Cross-Border Data Transfers to the U.S. and Other “High Risk” Third Countries
On July 16, 2020, the Court of Justice of the European Union (“CJEU”) issued its deafening decision that summarily and immediately invalidated the EU-US Privacy Shield. The regulatory program established between the European Council and the U.S. Dept. of Commerce allowed for the transfer of personal data of EU residents to be sent from the EU to the US without violating the data transfer restrictions of the General Data Protection Regulation (“GDPR”). The decision went on to cast serious doubt on the sufficiency of standard contractual clauses to adequately protect data transferred to any third country, not just the US. Several months later, data exporters in the EU are still sorting through the wreckage of their privacy programs and waiting for practical advice on the way forward.
Kraken Settles with the SEC in a $30 Million Deal
Sophie Shapiro Associate Editor Loyola University Chicago School of Law, JD 2024 Kraken will pay $30 million to settle SEC (Securities and Exchange Commission) allegations that it broke the agency’s rules with its cryptoasset staking products and will discontinue them in the United States as part of the agreement with the regulator. What is Kraken? …
Read more
The Long Road Toward Federal Data Privacy
In June of this year, the U.S. House Committee on Energy and Commerce’s Subcommittee on Consumer protection and Commerce met regarding the American Data Privacy and Protection Act (ADPPA). At this meeting the committee members highlighted that this bill, seeking to establish federal data privacy, is intended to be a compromise on the topic of federal privacy legislation as committee members from both sides agree that a federal privacy act is necessary.