On November 8, 2021, New York Governor Kathy Hochul signed into law A.430/S.2628, which requires private employers with a place of business in New York State to provide their employees prior written notice, upon hiring, of any electronic monitoring, as defined in the Act, to which the employees will be subjected by the employer.
Continue Reading New York State Requires Private Employers to Notify Employees of Electronic Monitoring

On November 5, 2021, IAB Europe announced that, in the coming weeks, the Belgian Data Protection Authority plans to share with other data protection authorities a draft ruling on the IAB EU Transparency & Consent Framework.
Continue Reading Belgian DPA Expected to Rule that IAB Europe’s Cookie Consent Framework Violates the GDPR

On November 10, 2021, the UK Supreme Court issued its long-awaited judgment in the Lloyd v Google case. The decision is expected to make it difficult in practice for a future class action lawsuit that is brought on behalf of a class of individuals who have not actively opted in to being represented by the lead claimant to proceed under UK law.
Continue Reading Lloyd Court Says No to Class Action-Style Lawsuits in the UK

On November 8, 2021, law enforcement agencies in both the United States and European Union announced that a series of actions, including a number of arrests, were taken against the Russia-linked ransomware group, “REvil.”
Continue Reading Russia-Linked REvil Hackers and Their Affiliates Hit with Arrests by the U.S. and International Allies

On October 28, 2021, the Federal Trade Commission announced the issuance of a new enforcement policy statement warning companies against using dark patterns that trick consumers into subscribing for services. The policy statement comes in response to rising complaints about deceptive sign-up tactics like unauthorized charges or impossible-to-cancel billing.
Continue Reading New FTC Policy Statement Targets Dark Patterns

On October 6, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth published a white paper on “Organizational Accountability in Data Protection Enforcement – How Regulators Consider Accountability in their Enforcement Decisions.”
Continue Reading CIPL Publishes White Paper on Organizational Accountability in Privacy Enforcement

On September 14, 2021, the Securities and Exchange Commission announced that analytics firm, App Annie Inc., and its co-founder and former CEO, agreed to pay approximately $10 million to settle securities fraud charges for engaging in deceptive practices and making material misrepresentations about “alternative data” sold by the company. Notably, this is the SEC’s first enforcement action charging an alternative data provider with securities fraud.
Continue Reading SEC Settles with Alternative Data Provider for $10 Million

On September 14, 2021, the Federal Trade Commission authorized new compulsory process resolutions in the eight key enforcement areas: (1) Acts or Practices Affecting United States Armed Forces Members and Veterans; (2) Acts of Practices Affecting Children; (3) Bias in Algorithms and Biometrics; (4) Deceptive and Manipulative Conduct on the Internet; (5) Repair Restrictions; (6) Abuse of Intellectual Property; (7) Common Directors and Officers and Common Ownership and (8) Monopolization Offenses.
Continue Reading FTC Authorizes New Compulsory Process Resolutions in Eight Key Enforcement Areas

On September 1, 2021, the FTC banned the operator of a stalkerware app company and its CEO from offering, promoting, selling or advertising any surveillance app, service or business, alleging that the app allowed purchasers to illegally surveil other individuals by monitoring their device activity without their knowledge.
Continue Reading FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information