Photo of Liisa Thomas

Liisa Thomas, a partner based in the Chicago and London offices, is Leader of the firm's Privacy and Cybersecurity Practice Group.

On July 16, 2020, in the case colloquially known as “Schrems II,” the Court of Justice of the European Union (CJEU) struck down the EU-US Privacy Shield, finding it an invalid mechanism for transferring data from the EU to the US. The CJEU concluded that the Standard Contractual Clauses (SCCs) are valid for the transfer of personal data outside the EU (which would include transfers to the US), with certain conditions.
Continue Reading CJEU Invalidates Privacy Shield, But Upholds SCCs with Conditions

HyperBeard, the makers of several children’s mobile apps (including KleptoCats), recently settled with the FTC over failure to obtain verifiable parental consent before collecting children’s personal information online, in violation of COPPA. In its complaint, the FTC argued that the HyperBeard apps were clearly directed to children. The apps contained brightly-colored animated characters, kid-friendly language, games that were easy to play, and were promoted on kids’ websites and publications.
Continue Reading KleptoCats Maker Settles with FTC Over Failure to Get Parental Consent

On June 1, 2020, the California AG submitted the final text of the proposed CCPA regulations to the Office of Administrative Law (OAL). There were no changes to the final text from the last version released in March, which we previously summarized here.
Continue Reading Final Draft CCPA Regulations Submitted, Effective Date Unclear

The FTC recently issued comments on how companies can use artificial intelligence tools without engaging in deceptive or unfair trade practices or running afoul of the Fair Credit Reporting Act. The FTC pointed to enforcement it has brought in this area, and recommended that companies keep in mind four key principles when using AI tools. While much of their advice draws on requirements for those that are subject to the Fair Credit Reporting Act (FCRA), there are lessons that may be useful for many.
Continue Reading FTC Provides Direction on AI Technology

As we move into the second quarter of 2020, governments around the country are analyzing how to best open up their economies. Part of this will include people returning to work, restaurants, retail establishments, and other places of public accommodation. Landlords, business owners, and others want to know how to take steps to reopen safely while government mitigation efforts are being developed to help slow the spread of COVID-19 until a vaccine is developed. And where authorities don’t have specific mitigation efforts, instituting protocols will fall squarely on landlords, business owners, and those who operate places of public accommodation.
Continue Reading Taking Temperatures During COVID-19: A Practical Toolkit

Following its 20th plenary session on April 7, the European Data Protection Board (EDPB) selected geolocation and health data to focus on in its upcoming COVID-19 guidance. This follows in response to the EDPB’s earlier broad statement on the processing of personal data in the context of COVID-19.
Continue Reading EDPB Announces Scope of COVID-19 Guidance

The FCC recently issued a declaratory ruling explaining what calls and text message alerts it viewed as “emergency” for purposes of the Telephone Consumer Protection Act. Under TCPA, requirements to obtain consent to make certain calls and texts to cell phone numbers do not apply when a message is an “emergency.” Under the FCC’s new ruling, certain calls and texts from government officials and healthcare providers about the COVID-19 pandemic will be viewed as emergency messages.
Continue Reading FCC Ruling Helps Clarify What COVID-19 Texts and Calls Are “Emergency” Under TCPA

Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.”  This changes a prior -and longstanding- prohibition on push notices that contain such content. Customers must affirmatively opt in to get promotional push notices, though (“through consent language displayed in your app’s UI”). They must also be able to opt out through an in-app mechanism.  Although promotional push notices were previously prohibited, many apps sent them. These modifications may be a step by Apple to acknowledge this use and put requirements in place around it.
Continue Reading Apple Eases Push Notification and Other Privacy Restrictions

On March 11, 2020, the second set of modifications (or the third version) of the CCPA draft regulations were released. While the number of substantive changes dwindled in this version, there are a number of drafting corrections and a few modifications of note. Namely:
Continue Reading Can you Zigzag? California AG Releases Latest Draft of CCPA Regulations