Wynter Deagle

Wynter Deagle is a partner in the Privacy and Cybersecurity Team in the firm's San Diego (Del Mar) office.

Contact:

Ninth Circuit Upends Internet Personal Jurisdiction Law–Briskin v. Shopify

By Wynter Deagle & Samuel Hyams-Millard on May 5, 2025

Posted in California Privacy, Online Privacy, US Privacy

In a landmark ruling, the Ninth Circuit expanded the application of specific personal jurisdiction principles to the realm of nationwide e-commerce. On April 21, 2025, an en banc panel issued a 10–1 decision ruling that allegations that Shopify embedded cookies that tracked a California consumer’s location data were sufficient to establish specific personal jurisdiction over Shopify in California (reversing the Court’s prior opinion on this exact issue). In the wake of this decision, businesses may face increased legal challenges in various states. To protect against far-flung lawsuits in unwanted jurisdictions, e-commerce businesses should, if practicable, refrain from collecting location data and engaging in other online activities that may be seen as targeting consumers of a particular state.Continue Reading Ninth Circuit Upends Internet Personal Jurisdiction Law–Briskin v. Shopify

FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments

By Liisa Thomas, Wynter Deagle & Dane Brody Chanove on November 29, 2023

Posted in Consumer Privacy, Data Breach, Data Security, FTC, US Privacy

The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use their services create accounts with the company and are required to provide not only usernames and passwords but also Social Security numbers and government ID numbers. The company also collects financial account information as well as names and addresses. The company included in its marketing materials promises about security, including that it was the “cornerstone of what we do.” The company also made promises about its security in RFPs to prisons and jails.Continue Reading FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments

Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping

By Liisa Thomas, Wynter Deagle, Anne-Marie Dao & Dane Brody Chanove on August 29, 2023

Posted in Artificial Intelligence, Consumer Privacy, Online Privacy

X Corp., the company formerly known as Twitter, recently sued Bright Data over its site scraping activities. Bright Data is a data collection company and advertises—among other services—its “website scraping” solutions. Scraping is not new, nor are lawsuits attempting to stop the activity. We may, though, see a rise in these suits with the rise in companies using them in conjunction with generative AI tools.Continue Reading Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping

Iowa Becomes Sixth State with Comprehensive Privacy Law

By Wynter Deagle, Anne-Marie Dao & Dane Brody Chanove on April 11, 2023

Posted in Comprehensive Privacy Laws, Iowa Privacy, US Privacy

With the governor signing SF 262 into law last week, Iowa became the sixth US state with a comprehensive privacy law. The law goes into effect January 1, 2025. It applicability is similar to other states’ laws. It applies to companies that do business in Iowa and either: (1) control or process personal data of at least 100,000 Iowans; or (2) derive over 50% of gross revenue from the sale of personal data and control or process personal data of 25,000 or more Iowans. These thresholds are calculated annually.Continue Reading Iowa Becomes Sixth State with Comprehensive Privacy Law

EU’s Initial Response to US Proposed Data Transfers Framework

By Liisa Thomas, Wynter Deagle & Kathryn Smith on December 22, 2022

Posted in Cross-Border Data Transfers, EU Privacy, US Privacy

The EU released its draft adequacy decision for the EU-US Data Privacy Framework, but all is not smooth sailing. As we wrote in October, the US developed the proposed new framework in response to the declared inadequacy of the EU-US Privacy Shield program. Continue Reading EU’s Initial Response to US Proposed Data Transfers Framework

How To Handle CPRA Regulations Delay

By Wynter Deagle on December 21, 2022

Posted in California Privacy, CCPA, US Privacy

As many are aware, the CPRA regulations are currently in draft status and may continue in that state until April, despite the law’s January 1 effective date. This could result in regulations being in final form after the July 1 date that the California Privacy Protection Agency (CPPPA) has signaled that it will begin enforcement. Last week, during a Dec. 16 CPPA board meeting, the agency’s executive director indicated that the final rules will likely be released at the end of January. Although there will then be a comment period, the director indicated that the agency does not currently anticipate making further revisions to the draft regulations. Continue Reading How To Handle CPRA Regulations Delay

California AG Takes Aim At Customer Loyalty Programs

By Wynter Deagle & Anne-Marie Dao on February 23, 2022

Posted in California Privacy, CCPA, Privacy

Did your business receive a letter from the California Attorney General’s office about your loyalty program? You are not alone. The California AG celebrated Data Privacy Day last month by announcing that his office had conducted an “investigative sweep” of business operating loyalty programs in California. His office then sent out notices of non-compliance to several loyalty program operators.

Continue Reading California AG Takes Aim At Customer Loyalty Programs

Eye On Privacy