All posts by Cooley

The DAA Announces the Development of New CCPA Tools for Ad Industry

On November 25, 2019, the Digital Advertising Alliance announced it is developing cross-industry tools for publishers, brands, agencies and adtech to provide a mechanism to opt out under the California Consumer Privacy Act, which takes effect on January 1, 2020. These tools align with the DAA’s self-regulatory guidelines and are […]

Standing to be Dismissed – The U.S. D.D.C. Weighs in on “Actual Damage” in Data Breach Litigation

In Attias v. CareFirst, Inc., the U.S. District Court for the District of Columbia (D.D.C.) jumpstarted the debate concerning the harm plaintiffs must allege to move forward with data breach class action litigation.  In recent years, courts across the country have disagreed about what constitutes an “injury-in-fact” when an individual’s […]

At GDPR’s One Year Mark, Continued Compliance Efforts are Key and Can Help with CCPA Compliance

With the EU General Data Protection Regulation (the “GDPR”) now over a year old, companies may feel that their data privacy challenges have settled down and that their GDPR work is complete.  While that may be true for some companies, the reality for most is that their GDPR compliance efforts […]

Significant GDPR enforcement action imminent

The EU General Data Protection Regulation (the “GDPR”) has been in force for just under a year now. Prior to its coming into effect, a key topic of concern for many companies was the ability of Supervisory Authorities (EU Data Protection regulators) to impose potentially enormous fines. In the run […]

App Developers Must Consider Platform Rules in Addition to Legal Requirements

Recently, app store providers have become increasingly active in imposing and enforcing privacy requirements for developers. For example, both Apple and Google have threatened removal of apps from their respective app stores based on the collection of in-app user activity and crash logs for analytics purposes in violation of the […]

Canada’s Privacy Commissioner Recommends Consent for Cross Border Data Transfers

On April 9, 2019, the Office of the Privacy Commissioner of Canada (OPC) issued a new Consultation on transborder dataflows, recommending that organizations be required to obtain individuals’ consent — express or implied — for transfers of personal data outside of Canada. The OPC is accepting comments on the Consultation […]

UK regulator focuses on GDPR challenges faced by the adtech industry

On 6 March 2019, the UK data protection regulator, the Information Commissioner’s Office (ICO) convened an adtech fact-finding forum of industry stakeholders, aimed at developing its understanding of the adtech ecosystem (with a particular focus on programmatic advertising and real-time bidding) and exploring key themes raised by adtech from a […]

Credential Stuffing Attacks and What they Mean for Businesses

Over the past few months, Cooley’s incident response team has seen an increase in “Credential Stuffing” attacks. Credential Stuffing is an account takeover attack in which actors obtain user names and passwords available on the dark web from prior data breaches, and then attempt to login to various online accounts […]

California Privacy Legislation Update

With the promulgation of the California Consumer Privacy Act of 2018 (“CCPA”), California has continued its role in pushing bleeding edge privacy and data security legislation.  From the first data breach notification law back in 2003, to the first IoT data security law in 2018, it seems that California will […]

The Department of Health and Human Services Issues Guidelines on Cybersecurity

On December 28, 2018, the U.S. Department of Health and Human Services (“HHS”) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication (the “Cybersecurity Guidelines”), which provides voluntary cybersecurity practices designed to reduce security risks and improve security for various healthcare organizations. Specifically, the Cybersecurity Guidelines […]