Privacy & Data Protection

Crowell & Moring has issued its seventh-annual “Litigation Forecast 2019: What Corporate Counsel Need to Know for the Coming Year.” 

The Forecast provides concise, forward-looking perspectives on technological developments that can help corporate counsel identify the many opportunities and challenges ahead as they harness the power of technology. The Forecast further explores the developing legal, regulatory, and technology developments affecting a wide range of companies in twelve areas of law: antitrust, corporate, cybersecurity, e-discovery, environmental, government contracts, health care, intellectual property, international trade, labor and employment, torts, and white collar.

In the article, “AGs: Watching Out For Consumers,” authors examine why state attorneys general are especially focused on consumer protection, bringing increased risk as well as potential opportunities to companies.

Be sure to follow the conversation on social media with #LitigationForecast.

@getty images

On November 12, Crowell & Moring chaired a plenary session during the 2018 ICPHSO International Symposium in Brussels, which was presented as part of the European Commission’s International Product Safety Week. The panel focused on how, as a result of their Big Data strategies, Business-to-Business (“B2B”) companies are affected by consumer-focused legislation such as the General Data Protection Regulation (“GDPR”). Additionally, the EU’s Digital Single Market initiatives and their expected consequences were discussed.

As a brief reminder, the GDPR is a European-wide legislation applicable since the end of May that regulates the use of personal data, which is basically any type of information that can identify an individual. Replacing a name by a number, only referring to the identification number of a vehicle or device or using a nonsensical patient ID number is not sufficient to be out of scope; only truly anonymized data, e.g. aggregate data, is.

Manufacturers of industrial equipment are a good example of companies whose Big Data strategy forced them to focus on GDPR compliance. Indeed, in order to enhance the safety of the users of their equipment, a huge amount of data is collected. As such data relates to these users, such data is considered “personal data” and thus in scope of the GDPR. Therefore, the GDPR challenges and risks are very similar or the same for both B2B and Business-to-Consumer (“B2C”) businesses.

The same applies to the Internet of Things (“IoT”) in general, and connected devices more specifically, as we have moved from people speaking to each other, over people speaking to devices, to devices speaking to each other. Because connected devices operate both in B2B and B2C environments, compliance challenges are very similar or the same in this situation as well.

While compliance with very strict legislation such as the GDPR is not impossible, it cannot be denied that organizations with innovative Big Data-based business models often encounter substantial challenges. In the medical environment, for example, both artificial intelligence and 3D-printing can undoubtedly enhance the accuracy of a diagnosis or the precision of a treatment and, thus, add significant value to the entire healthcare sector. However, as such accuracy and precision increases with the amount of personal data that is processed, the use of huge amounts of data needs to be aligned with GDPR principles such as data minimization and purpose limitation, to only name a few.

Key to this dilemma is trust, combined with true ethical behavior and a clear focus on the rights of individuals. The importance of the latter cannot be underestimated, as the right to the protection of personal data is a fundamental right in the European Union, which means that this right should be respected in a similar way as other fundamental rights, freedoms and principles such as the right to life, prohibition of torture, the right to liberty and security, etc.

The buzz created around innovative technologies such as artificial intelligence and blockchain have put the need for an ethical approach high on the agenda. While, depending on their effective role in the actual processing of personal data, developers of these technologies might entirely be out of scope of the GDPR, the parties who use their technology are not. The latter will therefore have to embrace their responsibility and accountability obligations and make sure that the individuals’ rights and freedoms are optimally respected by means of appropriate technical and organizational measures, in line with the GDPR’s Data Protection by Design requirements. Clear information and even education about the efficiency and effectiveness of these measures is crucial to ensure that the true value of innovation is not thrown away with the bathwater.

Another topic that was discussed is the EU’s strategy for the future. While the “old school” single market approach ensures a level playing field and a free flow of goods, capital, services and labor within the European Union, the goal of the Digital Single Market is to ensure access to online activities for individuals and businesses under conditions of fair competition, consumer and data protection, removing geo-blocking and copyright issues.

In that context, an important initiative is the proposed Cybersecurity Act, which wants to ensure safe access to online activities for individuals and businesses. The EU-wide certification scheme that comes with it is a highly debated topic, as its approach seems to differ from the GDPR’s accountability requirement, where organizations themselves need to assess the risks and, based on such analysis, take appropriate technical and organizational measures accordingly.

A last topic that was part of the discussion was the EU’s proposed New Deal, that is aimed at strengthening consumer rights online, giving consumers the tools to enforce their rights and get compensation, e.g. via class action-like representation, and introducing effective penalties for violations of EU consumer law.

The panel concluded that the challenges posed by new EU consumer legislation cannot be underestimated, and that not only consumer products will be affected by the new regulatory framework. Compliance is certainly not impossible, and a focus on ethical behavior, a clear allocation of responsibilities and a constructive collaboration between the different stakeholders seem the key to success.

ICPHSO’s next event will be its 2019 Annual Meeting & Training Symposium which will be held February 25-28, 2019 in Washington, DC.

Crowell & Moring has issued its Regulatory Forecast 2018: What Corporate Counsel Need to Know for the Coming Year.

With the development of artificial intelligence, blockchain, 3D printing, the Internet of Things, autonomous vehicles, and other advances in technology, the cover story, Digital Transformation: The Sky’s the Limit,” provides a look at how technology is helping companies soar to new heights and how regulation can help companies to succeed. While data is a driver for innovation, the article examines how it also carries new and unintended implications for regulatory enforcement, product liability, cybersecurity, and intellectual property.

The overall theme of the fourth-annual Forecast is how digital technology is driving the future of business across a wide range of industries – and how Washington, as well as state and global regulators, is forging the appropriate balance between fostering innovation and protecting consumers. This report is the companion piece to the firm’s 2018 Litigation Forecast, which was published in January and also focused on the opportunities and challenges general counsel face in navigating the Big Data revolution.

Be sure to follow the conversation on Twitter with #RegulatoryForecast.


Crowell & Moring has issued its Litigation Forecast 2018: What Corporate Counsel Need to Know for the Coming Year.”

With the development of artificial intelligence, chat bots, the Internet of Things, autonomous vehicles, and other advances in technology, the cover story, “Data, Data Everywhere,” takes a deep dive into the opportunities and challenges general counsel face in navigating the Big Data revolution. While data is a driver for innovation, the article examines how it also carries new and unintended implications for regulatory enforcement, product liability, cybersecurity, and intellectual property.

Be sure to follow the conversation on Twitter with #LitigationForecast.


The big takeaways from The Autonomous Vehicle Safety Regulation World Congress centered on the importance of a federal scheme for AV regulation and the reality of the states’ interest in traditional issues such as traffic enforcement, product liability, and insurance coverage. In keeping with those messages, the World Congress kicked off with NHTSA Deputy Administrator and Acting Director, Heidi King, speaking about NHTSA’s goals and interest followed almost immediately with wide participation from the states including California, Michigan, and Pennsylvania, among others.

Deputy Administrator King emphasized NHTSA’s desire to foster an environment of collaboration among all stakeholders, including the states.  Ms. King emphasized that safety remains the top priority at NHTSA.  NHTSA has provided some guidance, and looks forward to hearing from stakeholders about the best way to support and encourage growth in autonomous vehicles.  NHTSA wants to provide a flexible frame work to keep the door open for private sector innovation.  It is necessary to build public trust and confidence in the safety of autonomous vehicles, and that can only accomplished by all stakeholders working together.

Continue Reading Report on the Autonomous Vehicle Safety Regulation World Congress 2017

Photo Credit: Jason Trim (Flickr)

Vizio Reaches $2.2 Million Settlement With FTC, New Jersey, For Failing to Obtain Viewer Consent to Track and Sell Viewing Habits to Third Parties

Traditionally, advertisers purchase ad inventory during television programs based on basic demographic information regarding viewer attributes. Thus, while ads may reach viewers of a particular gender and age range, those ads may not necessarily reach the consumers that are most interested in their products or services.  Thus, advertisers are increasingly interested in more finely targeting their advertising and sending a specific television commercial to a specific household based on the viewing activities in that household.  In order to pinpoint their targets, marketers rely on data extending beyond demographic information that includes information on consumer viewing and internet habits.  While targeting commercials to specific households can be highly beneficial to marketers (allowing them to send their ads to the consumers most interested in seeing them) and consumers (showing them the ads they most want to see), marketers must remember that the basic requirements of advertising law still apply.  Thus, in collecting data, marketers must ensure that they clearly disclose their data collection practices up front, obtain consent from consumers before collecting and sharing highly specific information regarding their viewing practices, and make it easy for consumers to opt out.

Continue Reading Failure to Obtain Viewer Consent Leads to $2.2 Million Settlement for Vizio

In Spokeo, Inc. v. Robins, the U.S. Supreme Court has issued yet another narrow decision—apparently designed to avoid a 4-4 deadlock—in another hard-fought, potentially divisive case on its docket this term. On May 16, 2016, the Court held 6-2 that the Ninth Circuit had erred in not asking whether plaintiff Robins had alleged that he suffered a “concrete” harm—actual, rather than hypothetical, damage—as a result of statutory violations by defendant Spokeo.

In reaching this decision, the Court reaffirmed that plaintiffs bringing class actions in federal court must do more than allege a “mere technical violation” of a statute or regulation. In order to demonstrate that they have a real stake in the case—or “standing”—as required in federal court by Article III of the Constitution, they must also explain how the violation in question caused them real harm. At the same time, however, the majority was careful to point out that, “in some circumstances,” plaintiffs could base standing on procedural or technical violations if coupled with a “real risk of harm.” And the Court remanded the specific question of whether Robins himself had alleged that he suffered real harm as a result of Spokeo’s technical violations.

In sending the case back to the Ninth Circuit, then, the Court left the deeper issues in the case unresolved—inviting further litigation over what its holding means in specific cases.

Continue Reading Keeping It “Real”: Supreme Court Holds That Consumers Must Allege Real Harm


On February 12, 2016, the Federal Bar Association will host a day-long Fashion Law Conference at Parsons School of Design (Starr Foundation Hall in the New School’s stunning new University Center) on the last day of New York Fashion Week!

Speakers include in-house counsel from The Estee Lauder Companies, Inc., Tiffany & Co., New York & Company, and Global Brands Group.

Topics include cover anti-counterfeiting, FTC and trademark considerations, ethical sourcing and labor issues, the regulatory framework of labeling and disclosure, mergers/acquisitions and antitrust considerations, and the current legal issues in e-commerce and mobile apps.

We are privileged to have the Honorable Claire R. Kelly from the U.S. Court of International Trade provide opening remarks, and Professor Susan Scafidi, Academic Director of the Fashion Law Institute—and one of the foremost leaders in the field of fashion law—as our luncheon keynote speaker.

Please join Crowell & Moring’s, Cheryl Falvey, Chahira Solh, Frances Hadfield and a host of other speakers and experts for our cutting-edge fashion law panels (and of course plenty of networking opportunities). We look forward to seeing you there!

Photo credit: Federal Bar Association

Kate Smartphone Keyboard

Just in time for the holiday shopping rush, “Hello Barbie” has hit the shelves.  This Barbie actually talks back to its playmates and is the latest high-tech version of the iconic doll. The secret to this innovation? The Internet. Toymaker Mattel partnered with software firm ToyTalk to equip the doll with a microphone, voice-recognition, and cloud-based intelligence to give Barbie “call-and-respond” functionality. (Think Siri talking through Barbie.) Hello Barbie is yet another example Continue Reading Hello Barbie (and Lawsuit)

The Third Circuit’s Monday decision in FTC v. Wyndham Worldwide confirmed the Federal Trade Commission’s (FTC) statutory authority to pursue enforcement actions for allegedly “unfair” data security practices under Section 5 of the FTC Act. Many believe that the decision will embolden the FTC to continue aggressively regulating what it considers to be unreasonable data security practices. Click for a complete analysis of the decision and its implications.