Nicola Menaldo Partner

This Update discusses a spate of recent class action lawsuits asserting claims under the Video Protection Privacy Act.

The Office of Science and Technology Policy, a part of the Executive Office of the President, recently published a white paper entitled “The Blueprint for an AI Bill of Rights: Making Automated Systems Work for the American People.”

After more than two years of litigation, Amazon and Microsoft won summary judgment in two class action lawsuits asserting violations of the Illinois Biometric Information Privacy Act (BIPA): Vance v. Amazon.com, Inc., Case No. C20-1084JLR and Vance v. Microsoft Corp., Case No. C20-1082JLR.

After a five-day trial and only an hour of deliberation, the nation’s first trial under the Illinois Biometric Information Privacy Act ended with a bang. The jury found that the defendant recklessly or intentionally violated BIPA 45,600 times resulting in a $228 million judgment.

In recent years, apparel and retail businesses have increasingly sought to provide customers with options to participate with the brand’s merchandise and services in virtual environments.

For many years, the most significant law governing biometric-based products and services has been the Illinois Biometric Information Protection Act. This past month, however, another biometric data privacy law woke from a long, undisturbed slumber.

Security is one of the key applications for biometric technology and is increasingly pervasive. For example, companies have begun using biometric technology to provide secure, touchless financial transactions, limit access to medications and controlled substances, screen airline passengers, screen attendees of large-scale gatherings, such as sporting events and concerts, secure buildings, prevent unauthorized entry, and detect known threats, and monitor face-mask usage.

To most people, the word "wiretap" summons images of detectives with bulky headphones listening in on mobsters' phone calls.

New York City’s ordinance could be the beginning of a trend, or simple an outlier, but one that every business in the city should be aware of.

New York City’s new biometrics ordinance went into effect July 9, 2021. The ordinance regulates the use of “biometric identifier information” in “commercial establishments” such as places of entertainment, retail stores, and food and drink establishments. 

In Facebook, Inc. v. Duguid et al., the U.S. Supreme Court provided some clarity that stakeholders have been awaiting since 2015 by adopting a narrower interpretation of the term “autodialer” for purposes of the Telecommunications Consumer Protection Act (TCPA). The Court reversed an expansive interpretation of “autodialer” adopted by the U.S. Court of Appeals for the Ninth Circuit that the Court noted would have prohibited many commonplace uses of cell phones by consumers. The Court found that for a dialing system to constitute an autodialer, it must have the capacity to either store or produce a telephone number using a random or sequential number generator. This narrower interpretation comes as a relief to a broad range of businesses and nonprofit organizations, among others, that believed the Ninth Circuit’s broad interpretation unfairly ensnared legitimate communications practices that did not harm consumers.

The Federal Trade Commission announced on Jan. 11 that it had reached a settlement with Everalbum Inc., the developer of a now-defunct photo storage app called Ever.

The Federal Trade Commission announced on January 11, 2021, that it had reached a settlement with Everalbum, Inc., the developer of a now-defunct photo storage app called “Ever.” The settlement is the FTC’s first enforcement action focused on facial recognition technology, and likely signals a new era of increased regulatory scrutiny for companies involved in facial recognition.

It’s a new year and it looks like 2021 is going to be another eventful one for privacy. In the past few weeks, we’ve seen several states introduce new privacy legislation, including Washington, New York, and Minnesota.

Companies that do business in Portland, Oregon may need to add one more item to their holiday to-do list: disable face recognition technologies in Portland.

Companies are increasingly developing biometric-enabled solutions, such as contactless entry and automated temperature and mask detection, to help employers safely return personnel to the office amid the COVID-19 pandemic.

As scraping and crawling of websites becomes more ubiquitous, courts continue to struggle with where to draw the lines regarding what is permissible. This can be a highly fact-intensive inquiry, but a recent case before the U.S. District Court for the District of Columbia provides some important takeaways.

Cannabis companies are facing a slew of class action lawsuits under the Telephone Consumer Protection Act (TCPA), which prohibits unwanted automated calls and text messages.

Companies that deal with biometrics are likely aware of Illinois’ Biometric Information Privacy Act (BIPA), which regulates the collection, storage, and use of biometric data, including, for example, fingerprints, voiceprints, and scans of “face geometry.” 

This update was republished in The Journal of Robotics, Artificial Intelligence & Law (September / October Edition).

States across the country are enacting or proposing legislation to regulate the collection, storage, use and disclosure of biometric data.

Nevada is the latest state to strengthen privacy laws to address the perceived need for more oversight of how companies handle personal data. On May 29, 2019, Nevada’s governor signed into law Senate Bill 220, which amends the state’s online privacy notice statute, Nev. Rev. Stat. Ann. § 603A.300 et. seq. The amendments provide consumers with the right to restrict an entity’s “sale” of covered information while also excluding certain entities from the statute’s application. The amendments become effective October 1, 2019.

Businesses that use chatbots to interact with customers online may be affected by California’s new Autobot Law (SB 1001) that goes into effect July 1, 2019.

Washington state has joined the growing ranks of states considering data privacy legislation in the wake of the European General Data Privacy Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Since the passing of the European General Data Protection Regulation (“GDPR”), several states have introduced or passed privacy and data protection legislation. In addition to the California Consumer Privacy Act of 2018 (“CCPA”), the following state laws should be on your radar in 2019.

Google won summary judgment in Rivera v. Google, a privacy class action alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The case involved “face grouping,” a feature that enables Google Photos to automatically sort and group the photographs in a user’s private account, based on visual similarities between the images of faces in the photos. The court held that any alleged collection of “biometric information” or “biometric identifiers” stemming from this feature did not cause an injury-in-fact sufficient to confer Article III standing. This update summarizes the decision, which may be relevant to clients involved with biometric technology, as well as other clients facing litigation where a no-injury defense may be applicable.

Last Friday, the U.S. Court of Appeals for the District of Columbia Circuit (D.C. Circuit) issued its long-awaited decision in ACA International v. Federal Communications Commission, No. 15-1211 (D.C. Cir. Mar. 16, 2018).

“Worth The Hassel,” by Jim Snell and Nicola Menaldo, was published in Corporate Counsel regarding the case, Hassel v. Bird, in which the court of appeals decided to allow the plaintiff to use a default judgment against one party to obtain an order to compel a completely separate entity— online service provider Yelp — to remove from the Internet speech that the plaintiff did not like, without any notice to Yelp or an opportunity to be heard.

The legal landscape surrounding the legitimacy of web scraping continues to evolve. James Snell and Nicola Menaldo revisit their prior analysis, discussing how two recent cases have found in favor of scrapers in non-competitive situations. Click here to read the full article.

In last Friday’s long-awaited TCPA Omnibus Declaratory Ruling and Order (Order), the Federal Communications Commission (FCC or Commission) may have dramatically altered the landscape for TCPA class action defense.

This webinar explores the legal landscape that governs biometric technologies and the latest biometric solutions to global challenges, such as COVID-19.

Perkins Coie’s CCPA Week
This webinar will address enforcement risks under the CCPA, and how to manage compliance obligations to minimize litigation risk. Our speakers are class action litigators actively consulting clients in CCPA compliance. The topics will include, among other things, a discussion about the various enforcement mechanisms, notice and operational strategies to minimize risk, third party contracts, and exceptions and defenses to CCPA claims.

Perkins Coie’s CCPA Week
Collecting, using, or storing biometric data presents a host of litigation risks. This webinar will provide an overview of the status of biometrics laws in the U.S., the protections that the CCPA provides to California residents and insight into best practices to reduce litigation risk.

For all of its benefits, AI also poses a wide range of legal and ethical risks. Our interdisciplinary team of AI, Machine Learning and Robotics practice attorneys discussed these issues in a series of webinars that will help you understand the business benefits and regulatory risks associated with enterprise AI integration and deployment.