Privacy & Cybersecurity

Plaintiff’s firms continue to file variations of state law wiretapping lawsuits over “session replay” software and “live chat” or “chatbot” applications in various jurisdictions. These filings typically allege that companies use such software tools to record users’ interactions with a website without first obtaining users’ consent, thereby violating the wiretapping, eavesdropping, or interception provisions of various state laws.
Continue Reading Class Action Lawsuits Continue Targeting Companies For Tracking Users’ Website Activity

On October 18, 2022, the New York State Department of Financial Services announced that EyeMed Vision Care LLC agreed to a $4.5 million settlement for violations of the Cybersecurity Regulation that contributed to the exposure of hundreds of thousands of consumers’ health data in connection with a cybersecurity event in 2020.
Continue Reading NYDFS Fines EyeMed $4.5 Million for Cybersecurity Violations

CARU, the Children’s Advertising Review Unit of BBB National programs, issued a compliance warning last week, reminding industry that the self-regulating body on children’s advertising and privacy intends to enforce its advertising guidelines in the metaverse, just like in the real world.
Continue Reading Children’s Advertising Rules Apply in the Metaverse Too, CARU Says.

On August 23, 2022, the Federal Trade Commission announced it is seeking additional public comment on “how children are affected by digital advertising and marketing messages that may blur the line between ads and entertainment” in conjunction with its “Protecting Kids from Stealth Advertising in Digital Media” event on October 19, 2022. The event will

On August 24, 2022, California Attorney General Rob Bonta announced the Office of the Attorney General’s (“OAG’s”) first settlement of a California Consumer Privacy Act (“CCPA”) enforcement action, against Sephora, Inc.
Continue Reading First CCPA Enforcement Action Settlement Announced by California AG

On August 16, 2021, the U.S. Securities and Exchange Commission announced that Pearson plc, a publicly traded British multinational educational publishing and services company, agreed to pay a $1 million civil penalty in a settlement related to charges that Pearson misled investors about a 2018 data breach resulting in the theft of millions of student records.
Continue Reading SEC Sanctions Public Company for Misleading Disclosures About Data Breach

The Second Circuit just affirmed the dismissal of a data breach class action predicated on an alleged increased risk of identity theft on Article III standing grounds. 
Continue Reading Second Circuit Affirms Dismissal of Data Breach Class Action on Article III Standing Grounds, Citing Unanimity of Circuits on “Increased Risk” Claims

On November 26, 2020, the French Data Protection Authority announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation and Article 82 of the French Data Protection Act governing the use of cookies.
Continue Reading CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations