Consumers who sued Amazon must now arbitrate claims that the company’s Alexa device, a digital assistant, illegally recorded their voices and stored their voiceprints in violation of the Illinois Biometric Information Privacy Act (BIPA). In its Feb. 5opinion, the court ruled on the parties’ dueling motions. It denied the plaintiffs’ request for remand to state court after agreeing with Amazon that the plaintiffs had Article III standing. As to two of the three named plaintiffs, the court granted Amazon’s motion to compel arbitration.
Read moreSingapore’s mandatory breach notification regime is now in force
From 1 February 2021, most of the recent amendments to the Personal Data Protection (Amendment) Act 2020 (No. 40 of 2020) are now in force. The amendments update Singapore's regulatory framework and seek to balance economic needs with the protection of consumers' data rights.
The amendments have four primary aims:
Strengthening consumer trust through organisational accountability;
Ensuring the effectiveness of enforcement;
Enhancing consumer autonomy; and
Supporting data use for innovation.
Some key sections, including those covering data portability and the increase in the amounts of fines, are not yet in force but we expect that they will be implemented this year.
Read morePrivacy Litigation 2020 Year in Review: Data Breach Litigation
Add a 270% increase in data breaches to the long list of unprecedented challenges in 2020. Cybersecurity is on the short list of major risks facing companies. And when a security incident happens, class actions often follow. Although data breach class actions are not new, we continue to see increases in the number of cases filed, evolving theories from plaintiffs’ counsel, and the development of settlement templates in these cases.
Read moreArbitration Agreements in Privacy Disputes: The Wyze Decision and the CCPA
Earlier this year, a number of individuals brought a lawsuit in the United States District Court for the Western District of Washington against Washington-based company Wyze Labs, Inc (Wyze), which manufactures “smart” home cameras and security equipment. See In re: Wyze Data Incident Litigation, Case No. C20-0282-JCC (W.D. Wa. 2020). The lawsuit – which centered around a 2019 data breach incident – alleged that Wyze failed to comply with Federal Trade Commission requirements for safeguarding users’ personal information.
Read moreThe Role of Arbitral Institutions in Cybersecurity and Data Protection in International Arbitration
Cybersecurity and data protection have been dominating conversations in the international arbitration community in recent years. From an analysis of how the stakeholders may be best equipped to address cybersecurity risks, to considerations on maintaining confidentiality in international commercial arbitration, as well as calls to address the impact of the General Data Protection Regulation (“GDPR”) on virtual arbitration proceedings, much scrutiny has been afforded to these issues. Discussions on this topic have been further enhanced following the release of the IBA Cybersecurity Guidelines (the “IBA Guidelines”), the ICC-NYC Bar-CPR Protocol on Cybersecurity in International Arbitration, the latest being the 2020 Edition (the “Cybersecurity Protocol”), as well as the public consultation draft of the ICCA-IBA Roadmap to Data Protection in International Arbitration. The author opines that cybersecurity and data protection go hand in hand as both involve the receipt, usage, processing, transmission, and preservation of data in any given setting. The ongoing COVID-19 pandemic has further heightened the importance of these issues since more proceedings with high value and business-sensitive information are being conducted wholly online, are frequently held in different jurisdictions, and often involve unencrypted digital exchanges.
Read more