Earlier this month, two courts, one in California and one in Massachusetts under two different scenarios, opined on the enforceability of browsewrap and hybridwrap agreements, providing important warnings for companies relying on such agreements to obtain legally required consent for activities such as telemarketing or to otherwise impose terms and conditions on website users. Many

This has not been a joyful winter for energy industry executives. They have repeatedly awoken to alerts that substations in the Northwest and Southeast have been physically attacked and that a major engineering firm was the subject of a ransomware cyberattack that may have compromised utility data.

Federal regulators are taking notice. On December 7

The European Commission launched the formal process to adopt an adequacy decision for the EU-U.S. Data Privacy Framework on December 13, 2022. The framework will replace the Privacy Shield, which was invalidated by the Court of Justice of the European Union’s (“CJEU”) Schrems II ruling on July 16, 2020 (CJEU C-311/18, discussed in 

On November 10, 2022 the European Parliament adopted a resolution on esports and video games. In this resolution the European Parliament calls on the Commission and the Council to acknowledge the value of the video game ecosystem as a major cultural and creative industry (“CCI”) with strong potential for further growth and innovation. The

In a judgment of August 1, 2022, the Court of Justice of the European Union (CJEU) provided further guidance on two important aspects of the General Data Protection Regulation (GDPR) (CJEU C-184/20). In summary, the CJEU held that, first, for a national law that imposes a legal obligation to process personal data to

The DOJ has long expressed concern about the impact of personal messaging – in particular of encrypted and ephemeral message apps – on its ability to effectively conduct investigations (and rely on the results of company investigations). Close on the heels of the well-publicized SEC enforcement sweeps of financial industry message retention practices, Deputy Attorney

On October 7, 2022, President Biden signed an executive order implementing the EU-U.S. Data Privacy Framework.   Announced in March, this framework replaces the Privacy Shield program that the EU Court of Justice invalidated in July 2020 with its Schrems II decision. That decision stated that the United States did not provide a level of

This is Part 4 in a series of blog posts on recent developments in the EU’s data strategy, which aims to establish EU leadership in our data-driven society by creating a single market for data and encouraging data sharing. The series looks in particular at the recently adopted Data Governance Act (DGA) and the proposed

Yesterday, the Office of Management and Budget (OMB) released Memorandum M-22-18, implementing software supply chain security requirements that will have a significant impact on software companies and vendors in accordance with Executive Order 14028, Improving the Nation’s Cybersecurity.  The Memorandum requires all federal agencies and their software suppliers to comply with the NIST