All posts by Cooley

LinkedIn Data Scraping Case Shows 9th Circ. Shift On CFAA

When may a company legally scrape data from another company’s website? Does it matter whether the website is open to the public or only to logged-in users? This is a contested area of law under the Computer Fraud and Abuse Act, 18 U.S.C. Section 1030, the federal statute that imposes […]

IAB Issues Draft CCPA Framework

The Interactive Advertising Bureau (IAB) has released for public comment the IAB California Consumer Privacy Act Compliance (CCPA) Framework for Publishers and Technology Companies. According to the IAB, the draft framework is intended to help publishers, ad agencies and other companies involved in the digital advertising ecosystem comply with the CCPA, […]

Big Game Phishing

On October 2, 2019, the FBI issued a Public Service Announcement to alert US businesses and organizations to plan and prepare for what are being described as high-impact ransomware events. Certain bad actors seem to be no longer simply interested in a quick and easy financial gain from indiscriminately infecting […]

California Privacy Rights and Enforcement Act – CCPA 2.0?

On Sept. 25, 2019, Californians for Consumer Privacy, a nonprofit group led by the real estate magnate who spurred passage of the California Consumer Privacy Act (CCPA) of 2018, filed a new ballot measure called the California Privacy Rights and Enforcement Act (CPRE or now painfully dubbed by many as […]

UPDATE: Brazil’s Data Protection Law Moves Forward

The final version of Brazil’s data protection law, Lei Geral de Proteção de Dados (LGPD), was approved by the Brazilian Federal Senate in May 2019 and sanctioned by President Jair Bolsonaro in July. The LGPD is now scheduled to become effective in August 2020. When the LGPD was first approved […]

New York State Toughens Data Security Laws

On July 25, 2019, New York enacted a pair of data security laws. First, the Stop Hack and Improve Electronic Data Security Act (SHIELD Act) updates New York’s data security requirements. Second, the Identity Theft Prevention and Mitigating Services Act imposes obligations on credit reporting agencies that experience a breach […]

Fashion ID Case: CJEU Rules on Plug-ins and Joint Controllership

On 29 July 2019, the Court of Justice of the European Union handed down its decision in the Fashion ID case, dealing with alleged unlawful data collection through the Facebook Like button and the controllership of said data. In short, the CJEU held that websites containing embedded third-party content can […]

UK ICO Cites Inadequate M&A Data Protection Due Diligence as a Factor in Proposing $125M Breach Fine

On July 9, 2019, the UK Information Commissioner’s Office (ICO) publicly announced its intent to impose a £99M (approximately $123M) GDPR fine on Marriott in connection with the discovery and notification of a data breach at Starwood. Among its justifications for the record fine, the ICO cited inadequate data protection […]

Will BA, Marriott Have to Pay UK ICO’s Huge Breach Fines? We Look at What’s Next.

The UK Information Commissioner’s Office (ICO) has issued Notices of Intent (NOI) to fine British Airways (for £183m) and US hotel group Marriott (for £99m) for breaches of the EU General Data Protection Regulation (GDPR). Assuming that fines are ultimately issued, these will be the first fines to be issued […]

Creating Data-Powered Products and Services in the Age of Privacy

On Friday, June 14, Cooley’s cyber/data/privacy practice will be hosting an event focused on the use of data in the development of products and services in our New York office. The intense focus on privacy in the US and globally has raised pressure on businesses that use personal data to create […]