Nov. 6, 2024

Seventh Circuit Refuses to Compel BIPA Mass Arbitration Against Samsung: Takeaways and Lessons

Mass arbitration has gained steam as a strategy for plaintiffs who face arbitration clauses that prohibit class actions. The recent decision by the U.S. Court of Appeals for the Seventh Circuit (Court) in Wallrich v. Samsung highlights issues that arise in mass arbitration cases in connection with the payment of fees, threshold for establishing the existence of an arbitration agreement and role of delegation clauses. In this second installment of a two-part article series examining the case, Baker Donelson biometrics team lead David Oberly addresses the key takeaways and practical implications of the decision, provides strategies for strengthening arbitration agreements and discusses the future trajectory of mass arbitration tactics in Illinois Biometric Information Privacy Act class action litigation. Part one distilled the Court’s analysis and discussed relevant procedural background. See our two-part series on private actions under the CPRA: “Key Issues and Defense Strategies” (Oct. 18, 2023), and “Settlement Considerations and Mitigating Risk” (Oct. 25, 2023).

GDPR Enforcement’s New Phase: More Predictability, and New Rules on the Way

Multiple signs suggest that enforcement of the GDPR, now in its sixth year, has entered a new and steadier phase across Europe. Nations’ data protection authorities (DPAs) have long fought over cases involving Big Tech companies, but two weeks ago the Irish regulator announced that no other European regulators objected to its €310‑million fine against LinkedIn Ireland. With insights from attorneys at A&O Shearman, Bird & Bird, Covington, IAPP, McDermott Will & Emery, and Steptoe, this two-part article series captures the latest practicalities that companies should understand about GDPR investigations and enforcement. This first installment examines the latest moves toward harmonization, key findings of the European Commission’s second-ever report about GDPR implementation and pending procedural rules for GDPR enforcement, which E.U. bodies start negotiating this month. Part two will delve into DPAs’ characteristic practices and nagging points of divergence between them. See “Compliance Takeaways From the Latest GDPR Enforcement Statistics” (Feb. 2, 2022).

DOJ’s 2024 Edits to the ECCP: Some History and AI Expectations

The DOJ has updated its Evaluation of Corporate Compliance Programs document (ECCP) – a year after it hired former AB InBev CCO Matt Galvin to take the lead on evaluating compliance programs. Galvin, an evangelist for the use of data analytics and AI to improve compliance programs, clearly influenced the edits, which heavily focus on the use of new technologies and data. This article examines the history of ECCP edits and the new changes related to AI. A future article will explore other ECCP revisions, such as an increased focus on protecting whistleblowers from retaliation, how compliance is viewed within an organization, how companies should be incorporating lessons learned into their programs and the DOJ’s continued focus on data analytics. See “What CCOs Should Know About the DOJ’s Efforts to Curtail Criminal Use of AI” (Oct. 9, 2024).

Norton Rose Fulbright Strengthens Cybersecurity and Privacy Group

Norton Rose Fulbright has welcomed cybersecurity lawyer Jim Arnold and privacy lawyer Phil Hodgkins to its global cybersecurity and privacy group as senior counsel. Arnold, who joins the St. Louis office, arrives from S‑RM. Hodgkins arrives from Kroll and will be based in New York. For insights from Norton Rose Fulbright, see “Cloud Attacks and Six Other Cybersecurity Dangers for 2023 and 2024” (Apr. 26, 2023); and “The Increasing Threat of Supply Chain Cyberattacks: How to Avoid Being a Statistic” (Sep. 28, 2022).

Data Privacy and Technology Attorney Joins Day Pitney

Lauran Land Himelstein has joined Day Pitney as counsel in both the technology, telecommunications and outsourcing and the data privacy, protection and litigation practice groups, based in the New York and Stamford offices. She most recently served as product counsel at Instacart. For insights from Day Pitney, see our two-part series “Designing and Implementing a Three-Step Cybersecurity Framework for Assessing and Vetting Third Parties”: Part One (Apr. 8, 2015), and Part Two (Apr. 22, 2015).