On July 2, 2023, the new German Whistleblower Protection Act (Hinweisgeberschutzgesetz – HinSchG) took effect. The law contains comprehensive provisions for the protection of whistleblowers. At the same time, it obliges all companies with at least 50 employees to establish internal reporting channels. This article summarizes the key provisions of the new law.
An Illinois federal court recently rejected an online eyewear retailer’s request for attorneys’ fees as the prevailing party in a Biometric Information Privacy Act (BIPA or Privacy Act) class action over its virtual try-on (VTO) tools. The district judge had previously dismissed the case with prejudice under the Privacy Act’s health care exemption.
Under a recently introduced bill, employers across New York State could face new restrictions on the electronic surveillance of workers and the growing use of automated decision-making and artificial intelligence (AI) technology to make employment decisions. Senate Bill (S) 07623 seeks to address privacy concerns with electronic surveillance, or so-called “bossware,” and concerns that automated decision-making tools result in discrimination against individuals with disabilities or against other members of protected groups.
On July 26, 2023, the U.S. Securities and Exchange Commission (SEC) finalized new rules that mandate public companies to disclose material cybersecurity incidents and provide annual updates on their cybersecurity risk management, strategy, and governance. The rules, which also contain similar requirements for foreign private issuers, represent an additional operational burden with a short fuse for businesses juggling potentially overlapping state and federal law notifications in response to a cybersecurity incident.
On July 14, 2023, the California attorney general (AG) announced a surprising “investigative sweep” into employer compliance with the California Consumer Privacy Act of 2018 (CCPA) and its implementing regulations, sending a stark message that the focus of CCPA compliance is not limited to tech companies.
On July 18, 2023, the Supreme Court of Illinois declined to reconsider its February 2023 holding that claims under the state’s Biometric Information Privacy Act (Privacy Act or BIPA) accrue on each and every scan or transmission. The denial drew a dissent from three justices, who argued that a per-scan interpretation “subvert[s] the intent of the Illinois General Assembly, threatens the survival of businesses in Illinois and consequently raises significant constitutional due process concerns.”
A federal judge in the Northern District of Illinois vacated a $228 million damages award issued following the first-ever jury verdict in an Illinois Biometric Information Privacy Act (Privacy Act or BIPA) class action and ordered a new trial on the issue of damages. However, in doing so, the judge refused to overturn the jury’s finding that the company’s Privacy Act violations were intentional or reckless.
In an unexpected turn of events, a California court postponed enforcement of the new California Consumer Privacy Act (CCPA) regulations until March 29, 2024. The court’s final decision came at the eleventh hour on June 30, 2023, just one day prior to the scheduled enforcement start date of July 1, 2023.
On June 29, 2023, the New York City Department of Consumer and Worker Protection (DCWP) issued new guidance on the enforcement of the city’s law regulating the use of automated employment decision tools (AEDTs) ahead of the July 5, 2023, effective date for final rules implementing the law.
The increasing prevalence of artificial intelligence (AI) tools and, in particular, generative AI is creating more reason for employers to adopt workplace policies that communicate to employees whether the use of these applications is appropriate and any commensurate limitations.
The world’s first artificial intelligence (AI) regulatory framework is “a step closer” to becoming law, the European Parliament recently announced.
On May 18, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) issued the latest federal guidance on employer use of artificial intelligence (AI) and automated decision-making tools. The new guidance reinforces the EEOC’s ongoing focus on the use of AI in the workplace and serves as an important reminder to employers of potential legal compliance issues associated with the use of such tools.
The U.S. Equal Employment Opportunity Commission (EEOC) is examining potential discriminatory implications of the use of automated systems and artificial intelligence (AI) to make employment decisions beyond the Americans with Disabilities Act (ADA), an EEOC chief counsel office said.
On April 25, 2023, the U.S. Equal Employment Opportunity Commission (EEOC), Department of Justice (DOJ) Civil Rights Division, Consumer Financial Protection Bureau (CFPB), and the Federal Trade Commission (FTC) issued a joint statement pledging to enforce federal laws to “promote responsible innovation” in the context of automated decision-making and artificial intelligence (AI) systems that are increasingly being used by public and private organizations, including to make employment-related decisions.
The launch of ChatGPT on November 30, 2022, ushered in an explosion of interest by businesses seeking to incorporate large language model artificial intelligence applications into the workplace. To capitalize on efficiencies that this technology presents, many employers have implemented or are considering the use of chatbots to serve human resource functions.
On April 6, 2023, the New York City Department of Consumer and Worker Protection (DCWP) adopted highly anticipated final rules implementing the city’s law regulating the use of automated employment decision tools (AEDT) tools in hiring that will take effect on July 5, 2023. The AEDT law, which took effect on January 1, 2023, restricts the use of automated employment decision tools and artificial intelligence (AI) by employers and employment agencies by requiring that such tools be subjected to bias audits and requiring employers and employment agencies to notify employees and job candidates that such tools are being used to evaluate them.
A federal judge in Illinois recently ruled that online shoppers cannot sustain claims that a virtual try-on (VTO) tool that allegedly scans facial geometry to preview the look of sunglasses on their face violates the Biometric Information Privacy Act (BIPA or Privacy Act) because it falls into an exemption for “information captured from a patient in a health care setting.”
On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology. If enacted, the Bill will make changes to the UK General Data Protection Regulation, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations. The Bill would facilitate certain types of data processing by redefining the parameters of what constitutes “personal data,” removing certain requirements and prohibitions, applying exemptions, and creating greater legal certainty regarding the permissibility of certain forms of personal data processing.
On February 17, 2023, the Supreme Court of Illinois held claims under the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) accrue on each and every scan or collection and further allowed so-called per scan damages. The ruling could open employers up to colossal and potentially devastating damages if the legislature does not amend the Privacy Act.
Minnesota’s 2023 legislative session is off to a hot start and turning out to be an important one for Minnesota employers and companies doing business in Minnesota. Currently, there are four noteworthy bills that employers should keep an eye on as they progress through the Minnesota Legislature.
On February 2, 2023, the Supreme Court of the State of Illinois ruled that all claims under Section 15 of the state’s Biometric Information Privacy Act (Privacy Act or BIPA) have a five year statute of limitations. The decision partially overturns an appellate court ruling that had found claims under subsections 15(c) and 15(d) of the Privacy Act were governed by a one-year limitations period under Illinois law for defamation and privacy claims.
On January 31, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) held a public hearing, titled, “Navigating Employment Discrimination in AI and Automated Systems: A New Civil Rights Frontier,” to receive panelist testimony concerning the use of automated systems, including artificial intelligence, by employers in employment decisions.
On January 23, 2023, the New York City Department of Consumer and Worker Protection held a public hearing on updated proposed rules to implement the city’s automated employment decision tools law (Local Law 144).
On December 23, 2022, the New York City Department of Consumer and Worker Protection (DCWP) published updated proposed rules to implement the city’s automated employment decision tools (AEDT) law (Local Law 144). The law conditions the use of automated employment decision tools to screen candidates for employment or employees for promotion within the city on compliance with certain requirements, including the performance of a bias audit, and the furnishing of notifications to candidates and employees.
With the January 1, 2023, effective date of New York City’s automated employment decision tools law looming, the city’s Department of Consumer and Worker Protection announced on December 12, 2022, that it intended to convene a second public hearing and postpone enforcement of the law until April 15, 2023.
On November 3, 2022, an Illinois circuit court judge dismissed a Biometric Information Privacy Act (Privacy Act or BIPA) putative class action against Samsara, Inc., a DashCam developer. DashCam is a safety technology for trucking companies such as Samsara’s customer and co-defendant, Beelman Truck Co. The DashCam device points an internet-connected dashboard camera at the driver to detect risky driving behaviors.
Over the last decade, and arguably accelerated by the pandemic, employers have increasingly relied on new technologies to monitor, manage, and hire employees. Some of these technologies include tracking devices, keyloggers, audio recording software, and automated decision-making tools.
On October 7, 2022, President Biden signed Executive Order (EO) 14086, “Enhancing Safeguards for United States Signals Intelligence Activities,” which provides a new framework for legal data transfers between the European Union (EU) and the United States.
On October 12, 2022, a federal jury in the U.S. District Court for the Northern District of Illinois concluded that a company violated the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) 45,600 times over six years by collecting truck drivers’ fingerprints to verify identities without the informed, written consent the Privacy Act requires.
Under the Working for Workers’ Act, every covered Ontario employer with twenty-five or more employees is now required to have a written electronic monitoring policy that complies with Part XI.1 of the Employment Standards Act, 2000.