On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user

This is Part 2 in a series of blog posts on recent developments in the EU’s data strategy, which aims to establish EU leadership in our data-driven society by creating a single market for data and encouraging data sharing. The series looks in particular at the recently adopted Data Governance Act (DGA) and the proposed

Back in February 2020, the European Commission communicated its European strategy for data, with the aim of establishing EU leadership in our data-driven society by creating a single market for data and encouraging data sharing. To make this strategy concrete, it came up with two legislative proposals: the Data Governance Act (DGA) and the

Please join us for an investigations-focused webinar series where our team of litigators, former prosecutors, and regulatory attorneys will discuss useful strategies for navigating a government probe or ensuring compliance with regulations and corporate policies. Our presenters will provide companies with critical information for navigating commercial risk and enforcement. This webinar series covers broad-reaching investigations

Crowell & Moring has released its Regulatory Forecast 2020: What Corporate Counsel Need to Know for the Coming Year, a report that explores the impact of regulatory changes on the technology industry and other sectors, and provides insight into thehouse counsel can expect to face in the coming year.

For 2020, the Forecast highlights

Crowell & Moring has released Litigation Forecast 2020: What Corporate Counsel Need to Know for the Coming Year. The eighth-annual Forecast provides forward-looking insights from leading Crowell & Moring lawyers to help legal departments anticipate and respond to challenges that might arise in the year ahead.

For 2020, the Forecast focuses on how the

Executive summary

On September 17, 2019, the Belgian Data Protection Authority (DPA) issued a fine of EUR 10,000 for a breach of the General Data Protection Regulation’s (GDPR). The case related to a merchant who required the use of an electronic identity card as the sole means for the issuance of loyalty cards.

The DPA found that this practice did not comply with GDPR’s standards on (a) data minimization, as the electronic identity card contains much more information about the holder than is necessary for the purposes of creating a loyalty card; and (b) consent, because customers were not offered a real choice on whether they should provide access to the data on their electronic identity card in exchange for a loyalty card. As a result, the customers’ consent was not considered as freely given and therefore invalid.

The DPA also found that the merchant had not done enough to inform customer about its data processing activities, and thereby violated its information duties under the GDPR.

The facts Continue Reading Belgian Data Protection Authority Finds Merchant Violated GDPR by Requiring Customers to Provide Electronic ID to Receive Loyalty Card

EDRM and the Bolch Judicial Institute at Duke Law recently released Technology Assisted Review (TAR) Guidelines (Guidelines) with the aim “to objectively define and explain technology-assisted review for members of the judiciary and the legal profession.” Among the topics covered are the validation and reliability measures practitioners can use to defend their TAR processes. This post summarizes this validation and reliability guidance, which has the potential to be a widely-referenced authority on this topic going forward.

According to EDRM, there are no “bright-line rules” governing what constitutes a reasonable review or one standard measurement to validate the results of TAR. Instead, principles of reasonableness and proportionality as set forth in FRCP Rule 26 generally guide the inquiry.
Continue Reading EDRM’s TAR Guidelines: Validity Measures and Considerations for Practitioners

E-discovery does not sit still. To provide high-level service, practitioners necessarily deal with legal technology at the bleeding edge of development. This involves the embrace of nascent artificial intelligence (AI) in combination with other analytic tools and techniques to tackle increasingly challenging discovery projects. As ever-expanding volumes and sources of information strain the capacity of