On February 24, 2023, the Cyberspace Administration of China (CAC) released the much-awaited Measures for the Standard Contract for Outbound Transfer of Personal Information (China SCC Measures) together with the issuance of finalized version of the standard contract for outbound transfer of personal information (China SCC), which will officially come into effect on June 1, 2023. For outbound transfers of personal information which have already been carried out before that date, the China SCC Measures require that the rectification shall be completed within six months from its effective date, i.e, before December 1, 2023.
As one of the three “legitimate grounds” for outbound personal information transfer of personal information under the Personal Information Protection Law of China (PIPL), the China SCC shares quite a number of similarities with the EU Standard Contractual Clauses (EU SCCs) under the GDPR, such as the protection of the data subject’s third-party beneficiary rights, the establishment of a “long-arm” jurisdiction for the exporting country through the execution of SCC-based contractual and other mandatory security requirements for the exported personal information. However, the China SCC Measures still vary significantly from the concept of SCCs under the GDPR. Rather than the four-module approach (controller – controller, controller – processor, processor – processor and processor – controller) under the EU SCCs, the China SCC adopts a one-size-fits-all approach towards exporting personal information by the personal information processor (PIP, a concept similar to the “data controller” under the GDPR) to the overseas recipient. There is no differentiation according to the role of the overseas recipient as a controller, processor or sub-processor. This article offers some key highlights of the newly released China SCC Measures.
Continue reading “China SCC Measures Officially Release a Path for Outbound Personal Information Transfer”
Our latest briefing dives into the public launch of the NIST’s long-awaited AI Risk Management Framework, the EEOC’s new plan to tackle AI-based discrimination in recruitment and hiring, and the New York Department of Financial Services’ endeavor to better understand the potential benefits and risks of AI and machine learning in the life insurance industry.
Continue reading “Artificial Intelligence Briefing: NIST Releases AI Risk Management Framework and Playbook”
In this edition of Faegre Drinker’s State Attorneys General Update, we discuss:
Arizona AG Enters $85 Million Settlement With Google for Alleged Improper Use of Consumer Location Data
Google agreed to an $85 million settlement for alleged violations of Arizona’s Consumer Fraud Act. Specifically, the Arizona AG alleged that Google violated the Act by building “coercive design tactics used to manipulate users’ behavior,” known as “dark patterns,” into its Android phone software. In this instance, the AG alleged that Google created misleading settings, so even if a consumer turned off location tracking in the “Location History” menu, location data would still be tracked and used to sell advertisements through other settings — specifically, the “Web & App Activity” menu.
Continue reading “State AG Updates: Arizona, Texas, California, North Carolina, Washington, New York and an AG Coalition”
Last week, the first jury trial under the Illinois Biometric Privacy Act (BIPA) resulted in a $228 million verdict in favor of the plaintiff and the class.
The case, Rogers v. BNSF Railway Co., was filed in May 2019 and was pending in the U.S. District Court for the Northern District of Illinois. A class was certified in March 2022. Plaintiff alleged that BNSF unlawfully scanned his and other truck drivers’ fingerprints for identity verification when he and they visited BNSF rail yards. He claimed the company took this scan without written notice or consent as required under BIPA. BNSF argued, among other things, that the third-party vendor it hired to control gate access was the only party to collect drivers’ fingerprints, and that BNSF therefore had not independently violated BIPA.
Pretrial briefing in the case was extensive. Each side filed several motions in limine seeking to bar or include certain evidence in the trial. For example, the Plaintiff found several references to use of “biometrics” or “biometric identities” on BNSF’s website that they alleged were responsive to former document requests. Anticipating objections from BNSF, Plaintiff filed a preemptive motion asking the court to permit them to introduce these exhibits at trial. Plaintiff were able to use this information at the trial and suggest that BNSF was aware of the biometric collection and that BNSF itself was collecting the information.
Continue reading “First Biometric Information Privacy Act Trial Results in $228M Verdict”
In current times where an online presence is just as crucial as a business’s physical assets, it is more important than ever to proactively protect and maintain your organization’s brand and identity. In this episode of the Faegre Drinker on Law and Technology Podcast, host Jason G. Weiss discusses strategies and solutions to protect your brand with intellectual property partner Tore DeBella.
The conversation tackles a number of questions, including:
- How do we protect a company’s brand and how does that affect the organization’s identity?
- What are the primary ways bad actors can attack a company’s brand or identity online?
- How can an organization protect their domain?
- What steps can clients take to protect their brands and identities online?
Continue reading “Protecting Your Internet Brand and Online Identity – Faegre Drinker on Law and Technology Podcast”
Our latest briefing explores the recent FTC commercial surveillance and data security forum (including discussion on widespread use of AI and algorithms in advertising), California’s inquiry into potentially discriminatory health care algorithms, and the recent California Department of Insurance workshop that could shape future rulemaking regarding the industry’s use of artificial intelligence, machine learning and algorithms.
Continue reading “Artificial Intelligence Briefing: FTC Holds Forum on Commercial Surveillance and Data Security”