On January 10, 2019, Advocate General Szpunar of the Court of Justice of the European Union issued an Opinion in the case of Google v. CNIL, which is currently pending before the CJEU. In its Opinion, the Advocate General provided his views concerning the territorial scope of the right to be forgotten under the EU Data Protection Directive.
Continue Reading

On October 23, 2018, the parties in the Yahoo! Inc. Customer Data Security Breach Litigation pending in the Northern District of California and the parties in the related litigation pending in California state court filed a motion seeking preliminary approval of a settlement related to breaches of the company’s data.
Continue Reading

Recently, the U.S. Department of Health and Human Services’ Office for Civil Rights entered into a resolution agreement and record settlement of $16 million with Anthem, Inc. following Anthem’s 2015 data breach, the largest breach of protected health information in history that affected approximately 79 million individuals.
Continue Reading

On September 27, 2018, the Federal Trade Commission announced a settlement agreement with four companies – IDmission, LLC, mResource LLC, SmartStart Employment Screening, Inc., and VenPath, Inc. – over allegations that each company had falsely claimed to have valid certifications under the EU-U.S. Privacy Shield framework.
Continue Reading

On September 26, 2018, Uber Technologies Inc. agreed to a settlement with all 50 U.S. state attorneys general in connection with a 2016 data breach affecting the personal information (including driver’s license numbers) of approximately 607,000 Uber drivers nationwide, as well as approximately 57 million consumers’ email addresses and phone numbers.
Continue Reading