In Anderson v. TikTok, Inc., the Third Circuit held that the liability of an Internet Service Provider such as TikTok depended on whether TikTok was sharing content via the platform’s algorithm or engaged in something more. The question of whether TikTok’s recommendation algorithm transformed content into TikTok’s own expressive activity was not immunized by Section 230 and has disrupted the protection previously enjoyed by Internet platforms like TikTok.
The proliferation of data breaches and increased sophistication of criminal attack vectors has led more states to enact their own reasonable security provisions as part of the patchwork quilt of privacy laws. Nineteen of the U.S. states which have enacted comprehensive privacy laws along with Florida’s Digital Bill of Rights (which took effect summer 2024) have provisions requiring controllers and businesses to establish, implement and maintain reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of personal data.
The DOJ has proposed a rule that would regulate certain transactions involving bulk sensitive personal data. The rule would implement a complex regulatory framework, with civil and criminal enforcement, that is similar to sanctions and export licensing regimes. It also implicates federal cybersecurity requirements, government contracting and CFIUS actions.
The Second Circuit’s decision is notable in that it signals a reversal of the recent trend of dismissals of VPPA claims in courts across the country and could trigger a significant increase in VPPA lawsuits. Although organizations have grappled with VPPA claims for several years, this decision is another red flag to organizations to take immediate steps and ensure compliance with privacy laws to mitigate the risks of VPPA claims.
With cyberattacks on the rise and class actions arising from cyberattacks being filed at an increased rate, executives and board members increasingly face the risk of being individually targeted in lawsuits brought by class action plaintiffs and governmental bodies alleging individual liability for data security failures.
On November 1, significant revisions to the regulations enforced by the New York Department of Financial Services (DFS) — the state’s financial services regulator — went into effect. The DFS revisions create a long-arm provision in that the changes affect not only New York State companies, but also their affiliates, and therefore the revisions could have an impact far beyond New York State borders.
Global privacy control lets computer users set privacy preferences in their browsers, automatically sharing those choices whenever users go to a site. It’s supposed to give individuals more control over their personal data, allowing them to opt in or out of cookie usage, data sharing, data selling and targeted advertising.But they only work if companies honor them. And in most instances, they don’t.
Social media took another hit Nov. 15 after a federal judge allowed most of the public nuisance claims brought by school districts in the addiction cases to move forward.
The 2024 LTN Law Firm Tech Survey spoke with 30 technologists at top U.S. law firms to get a sense of what technology issues they faced over the past year, how their technology posture, policies and investments are changing, and their thoughts on technology’s impact on the future of the legal industry.
As cyber threats (and their price tags) evolve, so must the strategies companies use to navigate breach recovery. The future of breach recovery lies in smarter, faster solutions — particularly AI-driven approaches that streamline data mining and ensure breach notification compliance without compromising security or inflating costs.
