On October 23, 2018, the parties in the Yahoo! Inc. (“Yahoo!”) Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data. These breaches were announced from September 2016 to October 2017 and collectively impacted approximately 3 billion user accounts worldwide. In June 2017, Yahoo! and Verizon Communications Inc. had completed an asset sale transaction, pursuant to which Yahoo! became Altaba Inc. (“Altaba”) and Yahoo!’s previously operating business became Oath Holdings Inc. (“Oath”). Altaba and Oath have each agreed to be responsible for 50 percent of the settlement.

Continue Reading Yahoo! Agrees to Settle Data Breach Class Actions with $50 Million Fund and Credit Monitoring

As reported on the Blockchain Legal Resource, California Governor Jerry Brown recently signed into law Assembly Bill No. 2658 for the purpose of further studying blockchain’s application to Californians. In doing so, California joins a growing list of states officially exploring distributed ledger technology. Continue Reading California Enacts Blockchain Legislation

Vizio, Inc. (“Vizio”), a California-based company best known for its internet-connected televisions, agreed to a $17 million settlement that, if approved, will resolve multiple proposed consumer class actions consolidated in California federal court. The suits’ claims, which are limited to the period between February 1, 2014 and February 6, 2017, involve data-tracking software Vizio installed on its smart TVs. The software allegedly identified content displayed on Vizio TVs and enabled Vizio to determine the date, time, channel of programs and whether a viewer watched live or recorded content. The viewing patterns were connected to viewer’s IP addresses, though never, Vizio emphasized in its press release announcing the proposed settlement, to an individual’s name, address, or similar identifying information. According to Vizio, viewing data allows advertisers and programmers to develop content better aligned with consumers’ preferences and interests.   Continue Reading Vizio Agrees to $17M Settlement to Resolve Smart TV Class Action Suit

On September 28, 2018, California Governor Jerry Brown signed into law two identical bills regulating Internet-connected devices sold in California. S.B. 327 and A.B. 1906 (the “Bills”), aimed at the “Internet of Things,” require that manufacturers of connected devices—devices which are “capable of connecting to the Internet, directly or indirectly,” and are assigned an Internet Protocol or Bluetooth address, such as Nest’s thermostat—outfit the products with “reasonable” security features by January 1, 2020; or, in the bills’ words: “equip [a] device with a reasonable security feature or features that are appropriate to the nature and function of the device, appropriate to the information it may collect, contain, or transmit, and designed to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure[.]” Continue Reading California Enacts New Requirements for Internet of Things Manufacturers

On September 23, 2018, California Governor Jerry Brown signed into law SB-1121 (the “Bill”), which makes limited substantive and technical amendments to the California Consumer Privacy Act of 2018 (“CCPA”). The Bill takes effect immediately,  and delays the California Attorney General’s enforcement of the CCPA until six months after publication of the Attorney General’s implementing regulations, or July 1, 2020, whichever comes first.  Continue Reading CCPA Amendment Bill Signed Into Law

On September 5, 2018, the U.S. District Court for the Central District of California held that a class action arising from a 2016 Uber Technologies Inc. (“Uber”) data breach must proceed to arbitration. The case was initially filed after a 2016 data breach that affected approximately 600,000 Uber drivers and 57 million Uber customers.  Continue Reading Uber Data Breach Class Action Must Proceed to Arbitration

On August 31, 2018, the California State Legislature passed SB-1121, a bill that delays enforcement of the California Consumer Privacy Act of 2018 (“CCPA”) and makes other modest amendments to the law. The bill now goes to the Governor for signing. The provisions of the CCPA will become operative on January 1, 2020. As we have previously reported, the CCPA introduces key privacy requirements for businesses. The Act was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. The CCPA’s hasty passage resulted in a number of drafting errors and inconsistencies in the law, which SB-1121 seeks to remedy. The amendments to the CCPA are primarily technical, with few substantive changes. Continue Reading CCPA Amended: Enforcement Delayed, Few Substantive Changes Made

On August 22, 2018, California Attorney General Xavier Becerra raised significant concerns regarding the recently enacted California Consumer Privacy Act of 2018 (“CCPA”) in a letter addressed to the CCPA’s sponsors, Assemblyman Ed Chau and Senator Robert Hertzberg. Writing to “reemphasize what [he] expressed previously to [them] and [state] legislative leaders and Governor Brown,” Attorney General Becerra highlighted what he described as five primary flaws that, if unresolved, will undermine the intention behind and effective enforcement of the CCPA. Continue Reading California AG Voices Concern About State’s New Privacy Law

As reported in BNA Privacy Law Watch, a California legislative proposal would allocate additional resources to the California Attorney General’s office to facilitate the development of regulations required under the recently enacted California Consumer Privacy Act of 2018 (“CCPA”). CCPA was enacted in June 2018 and takes effect January 1, 2020. CCPA requires the California Attorney General to issue certain regulations prior to the effective date, including, among others, (1) to update the categories of data that constitute “personal information” under CCPA, and (2) certain additional regulations governing compliance (such as how a business may verify a consumer’s request made pursuant to CCPA). The proposal, which was presented in two budget bills, would allocate $700,000 and five staff positions to the California Attorney General’s office to aid in the development of the required regulations. The legislature is expected to pass the relevant funding measure by August 31, 2018. California Attorney General Xavier Becerra has stated that he expects his office will issue its final rules under CCPA in June 2019.

On July 11, 2018, computer manufacturer Lenovo Group Ltd. (“Lenovo”) agreed to a proposed $8.3 million settlement in the hopes of resolving consumer class claims regarding pop-up ad software Lenovo pre-installed on its laptops. Lenovo issued a press release stating that, “while Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years.” Continue Reading Lenovo Reaches Proposed $8.3 Million Settlement Agreement