Data Privacy

Subscribe to Data Privacy via RSS

As restaurants and hospitality businesses adopt digital platforms to engage customers, tools like cookies, pixels, and session replay are widely used to improve user experience and marketing. However, this increased reliance on tracking technologies has triggered a sharp rise in lawsuits and regulatory investigations nationwide, even for small businesses and those outside major cities.

Restaurants

On February 8, 2024, the Department of Health & Human Services (HHS) published its final rule updating the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 C.F.R. Part 2 (Part 2), bringing Part 2 requirements closer to the requirements of the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information

A recent ruling from the U.S. District Court for the Northern District of California underscores the limits of state privacy statutes, particularly when plaintiffs reside outside the state and the alleged misconduct lacks a clear connection to California. The decision by Judge Jacqueline Scott Corley dismissed a proposed class action against California-based analytics company Samba

A recent federal class action lawsuit challenging Home Depot Inc.’s use of facial scanning technology at self-checkout kiosks has come to a sudden halt. The plaintiff, Benjamin Jankowski, voluntarily dropped the case, with the U.S. District Court for the Northern District of Illinois granting dismissal without prejudice. Jankowski v. The Home Depot, No. 1:25-cv-09144

A recent federal court decision highlights the power of online terms and conditions, and how “choice-of-law” clauses can dramatically influence privacy litigation. In Crowell v. Audible, a Seattle judge dismissed a proposed class action alleging that Audible unlawfully shared its California customers’ browsing and listening data with Meta, finding that the case must proceed

Mergers and acquisitions (M&A) can be transformative, but hidden compliance risks—especially regarding privacy and data protection—often lurk beneath the surface, especially regarding privacy and data protection. In California, strict laws like the California Consumer Privacy Act (CCPA) and the California Invasion of Privacy Act (CIPA) are being aggressively enforced through litigation. Plaintiffs’ firms are increasingly targeting companies whose websites

California continues to lead the way in digital privacy. Its latest step is AB 566, the California Opt Me Out Act. This new law amends the already robust California Consumer Privacy Act (CCPA) and specifically targets how internet browsers empower users to control their personal information.

AB 566 requires that all consumer web browsers (i.e., Chrome, Firefox, Safari

Lawsuits are rapidly multiplying against website operators over how user information is collected and shared. Plaintiffs are increasingly creative in asserting that website tracking tools, especially those tied to search bars, violate wiretap and related electronic communications laws. One emerging legal theory invokes “trap and trace” provisions, meant for surveillance devices, to challenge the capture