Archives

Bill in U.K. Parliament Would Facilitate Certain Types of Data Processing by Redefining ‘Personal Data’ Parameters

On March 8, 2023, the Data Protection and Digital Information (No. 2) Bill was introduced to the UK Parliament by the Department for Science, Innovation and Technology. If enacted, the Bill will make changes to the UK General Data Protection Regulation, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations. The Bill would facilitate certain types of data processing by redefining the parameters of what constitutes “personal data,” removing certain requirements and prohibitions, applying exemptions, and creating greater legal certainty regarding the permissibility of certain forms of personal data processing.

Salvatore A. Anania London Author

Illinois Supreme Court Rules Privacy Act Claims Accrue With Each Biometric Scan

On February 17, 2023, the Supreme Court of Illinois held claims under the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) accrue on each and every scan or collection and further allowed so-called per scan damages. The ruling could open employers up to colossal and potentially devastating damages if the legislature does not amend the Privacy Act.

Anne E. Larson Chicago Author

Harry J. Secaras Chicago Author

Zachary V. Zagger New York Author

Minnesota Legislature Takes Up Noncompetition, Paid Family Leave, Cannabis Legalization, and Privacy Bills in 2023 Session

Minnesota’s 2023 legislative session is off to a hot start and turning out to be an important one for Minnesota employers and companies doing business in Minnesota. Currently, there are four noteworthy bills that employers should keep an eye on as they progress through the Minnesota Legislature.

Brent D. Kettelkamp Minneapolis Author

Colin H. Hargreaves Minneapolis Author

Illinois Supreme Court Rules Privacy Act Claims Have Five Year Statute of Limitations

On February 2, 2023, the Supreme Court of the State of Illinois ruled that all claims under Section 15 of the state’s Biometric Information Privacy Act (Privacy Act or BIPA) have a five year statute of limitations. The decision partially overturns an appellate court ruling that had found claims under subsections 15(c) and 15(d) of the Privacy Act were governed by a one-year limitations period under Illinois law for defamation and privacy claims.

Anne E. Larson Chicago Author

Harry J. Secaras Chicago Author

Zachary V. Zagger New York Author

EEOC Hears Testimony Concerning Employment Discrimination in Artificial Intelligence and Automated Systems

On January 31, 2023, the U.S. Equal Employment Opportunity Commission (EEOC) held a public hearing, titled, “Navigating Employment Discrimination in AI and Automated Systems: A New Civil Rights Frontier,” to receive panelist testimony concerning the use of automated systems, including artificial intelligence, by employers in employment decisions.

Jesse R. Dill Milwaukee Author

Simone R.D. Francis St. Thomas
New York Author

New York City Holds Second Public Hearing on Updated Proposed Rules for Automated Employment Decision Tools

On January 23, 2023, the New York City Department of Consumer and Worker Protection held a public hearing on updated proposed rules to implement the city’s automated employment decision tools law (Local Law 144).

Simone R.D. Francis St. Thomas
New York Author

New York City Updates Proposed Rules for Automated Employment Decision Tools: What’s New and What’s Next

On December 23, 2022, the New York City Department of Consumer and Worker Protection (DCWP) published updated proposed rules to implement the city’s automated employment decision tools (AEDT) law (Local Law 144). The law conditions the use of automated employment decision tools to screen candidates for employment or employees for promotion within the city on compliance with certain requirements, including the performance of a bias audit, and the furnishing of notifications to candidates and employees.

Simone R.D. Francis St. Thomas
New York Author

New York City Postpones Enforcement of Automated Employment Decision Tools Law, Will Hold Second Public Hearing

With the January 1, 2023, effective date of New York City’s automated employment decision tools law looming, the city’s Department of Consumer and Worker Protection announced on December 12, 2022, that it intended to convene a second public hearing and postpone enforcement of the law until April 15, 2023.

Simone R.D. Francis St. Thomas
New York Author

DashCam Developer Insulated From BIPA Liability

On November 3, 2022, an Illinois circuit court judge dismissed a Biometric Information Privacy Act (Privacy Act or BIPA) putative class action against Samsara, Inc., a DashCam developer. DashCam is a safety technology for trucking companies such as Samsara’s customer and co-defendant, Beelman Truck Co. The DashCam device points an internet-connected dashboard camera at the driver to detect risky driving behaviors.

Anne E. Larson Chicago Author

Zachary V. Zagger New York Author

New NLRB General Counsel Memorandum Continues Trend of Increasing Oversight of Employer Technology Use

Over the last decade, and arguably accelerated by the pandemic, employers have increasingly relied on new technologies to monitor, manage, and hire employees. Some of these technologies include tracking devices, keyloggers, audio recording software, and automated decision-making tools.

Jennifer G. Betts Pittsburgh Author

Danielle Ochs San Francisco Author

President Biden Issues Executive Order Providing for New EU-U.S. Data Privacy Framework

On October 7, 2022, President Biden signed Executive Order (EO) 14086, “Enhancing Safeguards for United States Signals Intelligence Activities,” which provides a new framework for legal data transfers between the European Union (EU) and the United States.

Salvatore A. Anania London Author

First Jury Verdict Issued in Illinois Biometric Privacy Act Class Action

On October 12, 2022, a federal jury in the U.S. District Court for the Northern District of Illinois concluded that a company violated the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) 45,600 times over six years by collecting truck drivers’ fingerprints to verify identities without the informed, written consent the Privacy Act requires.

Anne E. Larson Chicago Author

Harry J. Secaras Chicago Author

Ontario Employers Now Required to Have Written Electronic Monitoring Policies

Under the Working for Workers’ Act, every covered Ontario employer with twenty-five or more employees is now required to have a written electronic monitoring policy that complies with Part XI.1 of the Employment Standards Act, 2000.

Michael Comartin Toronto Author

Employers, Get Ready: California Privacy Rights Act Compliance Date Is January 1, 2023

The compliance date for the California Privacy Rights Act (CPRA) is January 1, 2023. There are significant changes from the current law, the California Consumer Privacy Act (CCPA).

Sean P. Nalty San Francisco Author

Eyewear Virtual Try-On Tool Not Regulated by Illinois’ Biometric Information Privacy Act

On September 8, 2022, an Illinois federal judge dismissed with prejudice a Biometric Information Privacy Act (Privacy Act or BIPA) class action against an online eyewear retailer over its virtual try-on (VTO) tool, which consumers used to try-on eyewear.

Anne E. Larson Chicago Author

Zachary V. Zagger New York Author

New York City’s Automated Employment Decision Tools Law: Proposed Rules Are Finally Here

On September 23, 2022, the New York City Department of Consumer and Worker Protection published proposed rules to implement the city’s automated employment decision tools (AEDT) law. The law, which will take effect on January 1, 2023, conditions the use of automated employment decision tools by employers and employment agencies on their compliance with certain requirements, including the performance of bias audits and the furnishing of notifications to candidates and employees. The proposed rules define several key terms, identify the requirements for a bias audit, address obligations for publishing the results of a bias audit, and specify the notices to be furnished to employees and candidates for employment.

Simone R.D. Francis St. Thomas
New York Author

New York City to Convene Hearing on Proposed Rules for Automated Decision Tools Legislation

As we previously reported, restrictions concerning the use of automated tools to screen candidates for employment or employees for promotion within New York City are scheduled to take effect on January 1, 2023. The New York City Department of Consumer and Worker Protection will hold a public hearing concerning proposed rules to implement the closely watched law on Monday, October 24, 2022.

Simone R.D. Francis St. Thomas
New York Author

Key Considerations for California Employers When Drafting a Remote Work Agreement

More than two years have passed since the start of the pandemic, and many workers continue to work from home in some capacity. In fact, companies are offering remote positions as a hiring incentive to increase their job candidate pools. Before agreeing to remote work arrangements with new hires or current employees, especially those who are hourly and nonexempt, companies may want to consider certain factors to ensure that the arrangements will be feasible.

Michael J. Nader Sacramento Author

Virtual ‘Try On’ Features: Do They Create Biometric Privacy Concerns for Retailers?

Retailers’ virtual “try-on” features have come under attack lately by lawsuits claiming violations of consumers’ biometric privacy rights. The increasing risk of litigation highlights a new area of compliance concern for retailers as online shopping has become the new normal for many consumers.

Zachary V. Zagger New York Author

Canada’s Federal Government Proposes Changes to Privacy Act

On June 16, 2022, the government of Canada tabled a bill that would make significant changes to privacy laws impacting employers in the federal jurisdiction. The new legislation, the Digital Charter Implementation Act (Bill C-27) would replace Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) and would create three pieces of legislation in its place, the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), and the Artificial Intelligence and Data Act (AIDA).

Stephen Shore Toronto Author

Ryan Martin Montréal Author

California’s Draft Regulations Spotlight Artificial Intelligence Tools’ Potential to Lead to Discrimination Claims

California is considering new regulations on the use of technology or artificial intelligence (AI) to screen job candidates or make other employment decisions. If the regulations become law, California would be the first state to adopt substantive restrictions specifically addressing this emerging, and often misunderstood, technology.

Danielle Ochs San Francisco Author

Jennifer G. Betts Pittsburgh Author

Zachary V. Zagger New York Author

Six Things to Know About New York’s New Employer Notification Requirements for Electronic Monitoring of Employees

Under an amendment to the New York Civil Rights Law that will take effect on May 7, 2022, private-sector employers that monitor their employees’ use of telephones, emails, and the internet must provide notice of such monitoring. The following provides highlights of the new law.

Simone R.D. Francis St. Thomas
New York Author

Ontario Enacts Bill 88, Working for Workers Act, 2022

On April 11, 2022, Bill 88, the Working for Workers Act, 2022, received Royal Assent in Ontario, thus enacting the Digital Platform Workers’ Rights Act, 2022.

Michael Comartin Toronto Author

Gloria Ilunga Toronto Author

When Retirement Plan Service Providers Use Plan Participant Data for Purposes Unrelated to a Plan: What Employers Need to Know

There is a growing trend of using participant data to cross-sell financial products unrelated to plan recordkeeping by large recordkeepers and asset custodians of employer-sponsored retirement plans. In light of the fact that plan fiduciaries are ultimately legally responsible for the management and mismanagement of a retirement plan, this trend to use participant data may raise issues for employers in their role as plan sponsors and fiduciaries.

Matthew Hoffman Indianapolis Author

The U.S. and EU Announce an “Agreement in Principle” to Replace the EU-U.S. Privacy Shield Framework: What Employers Need to Know

On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck down in its July 2020 Schrems II decision. Since the Schrems II decision, U.S. and EU negotiators have been hammering out a workable data transfer mechanism to permit the transfer of EU data to the United States.

Simon J. McMenemy London Author

Salvatore A. Anania London Author

Ontario’s Bill 88 Would Establish Electronic Monitoring Policies, Create Rights for Workers on Digital Platforms, and Require Naloxone Kits

On February 28, 2022, the Government of Ontario introduced Bill 88, the Working for Workers Act, 2022. Bill 88 would enact the Digital Platform Workers’ Rights Act, 2022, which would establish rights for workers who offer services through digital platforms. In addition, Bill 88 would amend a number of statutes including the Employment Standards Act, 2000.

Stephen Shore Toronto Author

Gloria Ilunga Toronto Author

No Grand Bargain: Illinois Supreme Court Rejects Exclusive Remedy Preemption in Privacy Act Class Actions

On February 3, 2022, in McDonald v. Symphony Bronzeville Park, LLC, the Illinois Supreme Court held the exclusive remedy provisions of the Illinois Workers’ Compensation Act (“Compensation Act”) do not preempt employee statutory damages claims under the Illinois Biometric Privacy Act (“Privacy Act”).

Anne E. Larson Chicago Author

UK Data Transfer Mechanisms: Key Takeaways for Employers

On 2 February 2022, the UK Information Commissioner’s Office (ICO) published the final form of its much-anticipated new International Data Transfer Agreement (IDTA) and the International Data Transfer Addendum to the European Commission’s Standard Contractual Clauses.

Salvatore A. Anania London Author

Data Privacy Day Around the World: January 28, 2022

In celebration of Data Privacy Day, we are highlighting some of these laws as well as some global data privacy and protection questions, expectations, and trends that lie ahead in 2022. Without further ado, below are some of the privacy laws from around the world that we anticipate will go into effect in 2022 or that recently went into effect.

Salvatore A. Anania London Author

The California Privacy Rights Act: Employers’ Compliance Obligations and More

Beginning January 1, 2020, certain California employers were required to comply with portions of the California Consumer Privacy Act of 2018 (CCPA) regarding the collection of consumers’ personal information. On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act of 2020 (CPRA), which dramatically strengthened and expanded the CCPA. Employers subject to the CPRA must be in compliance by January 1, 2023. The urgency for employers to start those efforts now to meet this compliance deadline is caused by, among other things, the fact that employees have disclosure rights under the CPRA.

Sean P. Nalty San Francisco Author

Blog