DashCam Developer Insulated From BIPA Liability

On November 3, 2022, an Illinois circuit court judge dismissed a Biometric Information Privacy Act (Privacy Act or BIPA) putative class action against Samsara, Inc., a DashCam developer. DashCam is a safety technology for trucking companies such as Samsara’s customer and co-defendant, Beelman Truck Co. The DashCam device points an internet-connected dashboard camera at the driver to detect risky driving behaviors.

First Jury Verdict Issued in Illinois Biometric Privacy Act Class Action

On October 12, 2022, a federal jury in the U.S. District Court for the Northern District of Illinois concluded that a company violated the Illinois Biometric Information Privacy Act (Privacy Act or BIPA) 45,600 times over six years by collecting truck drivers’ fingerprints to verify identities without the informed, written consent the Privacy Act requires.

New York City’s Automated Employment Decision Tools Law: Proposed Rules Are Finally Here

On September 23, 2022, the New York City Department of Consumer and Worker Protection published proposed rules to implement the city’s automated employment decision tools (AEDT) law. The law, which will take effect on January 1, 2023, conditions the use of automated employment decision tools by employers and employment agencies on their compliance with certain requirements, including the performance of bias audits and the furnishing of notifications to candidates and employees. The proposed rules define several key terms, identify the requirements for a bias audit, address obligations for publishing the results of a bias audit, and specify the notices to be furnished to employees and candidates for employment.

New York City to Convene Hearing on Proposed Rules for Automated Decision Tools Legislation

As we previously reported, restrictions concerning the use of automated tools to screen candidates for employment or employees for promotion within New York City are scheduled to take effect on January 1, 2023. The New York City Department of Consumer and Worker Protection will hold a public hearing concerning proposed rules to implement the closely watched law on Monday, October 24, 2022.

Key Considerations for California Employers When Drafting a Remote Work Agreement

More than two years have passed since the start of the pandemic, and many workers continue to work from home in some capacity. In fact, companies are offering remote positions as a hiring incentive to increase their job candidate pools. Before agreeing to remote work arrangements with new hires or current employees, especially those who are hourly and nonexempt, companies may want to consider certain factors to ensure that the arrangements will be feasible.

Canada’s Federal Government Proposes Changes to Privacy Act

On June 16, 2022, the government of Canada tabled a bill that would make significant changes to privacy laws impacting employers in the federal jurisdiction. The new legislation, the Digital Charter Implementation Act (Bill C-27) would replace Part 1 of the Personal Information Protection and Electronic Documents Act (PIPEDA) and would create three pieces of legislation in its place, the Consumer Privacy Protection Act (CPPA), the Personal Information and Data Protection Tribunal Act (PIDPTA), and the Artificial Intelligence and Data Act (AIDA).

California’s Draft Regulations Spotlight Artificial Intelligence Tools’ Potential to Lead to Discrimination Claims

California is considering new regulations on the use of technology or artificial intelligence (AI) to screen job candidates or make other employment decisions. If the regulations become law, California would be the first state to adopt substantive restrictions specifically addressing this emerging, and often misunderstood, technology.

When Retirement Plan Service Providers Use Plan Participant Data for Purposes Unrelated to a Plan: What Employers Need to Know

There is a growing trend of using participant data to cross-sell financial products unrelated to plan recordkeeping by large recordkeepers and asset custodians of employer-sponsored retirement plans. In light of the fact that plan fiduciaries are ultimately legally responsible for the management and mismanagement of a retirement plan, this trend to use participant data may raise issues for employers in their role as plan sponsors and fiduciaries.

The U.S. and EU Announce an “Agreement in Principle” to Replace the EU-U.S. Privacy Shield Framework: What Employers Need to Know

On March 25, 2022, the European Union (EU) announced that the United States and the EU had reached an agreement in principle to replace the EU-U.S Privacy Shield framework, which the European Court of Justice (CJEU) struck down in its July 2020 Schrems II decision. Since the Schrems II decision, U.S. and EU negotiators have been hammering out a workable data transfer mechanism to permit the transfer of EU data to the United States.

Ontario’s Bill 88 Would Establish Electronic Monitoring Policies, Create Rights for Workers on Digital Platforms, and Require Naloxone Kits

On February 28, 2022, the Government of Ontario introduced Bill 88, the Working for Workers Act, 2022. Bill 88 would enact the Digital Platform Workers’ Rights Act, 2022, which would establish rights for workers who offer services through digital platforms. In addition, Bill 88 would amend a number of statutes including the Employment Standards Act, 2000.

No Grand Bargain: Illinois Supreme Court Rejects Exclusive Remedy Preemption in Privacy Act Class Actions

On February 3, 2022, in McDonald v. Symphony Bronzeville Park, LLC, the Illinois Supreme Court held the exclusive remedy provisions of the Illinois Workers’ Compensation Act (“Compensation Act”) do not preempt employee statutory damages claims under the Illinois Biometric Privacy Act (“Privacy Act”).

The California Privacy Rights Act: Employers’ Compliance Obligations and More

Beginning January 1, 2020, certain California employers were required to comply with portions of the California Consumer Privacy Act of 2018 (CCPA) regarding the collection of consumers’ personal information. On November 3, 2020, California voters passed Proposition 24, the California Privacy Rights Act of 2020 (CPRA), which dramatically strengthened and expanded the CCPA. Employers subject to the CPRA must be in compliance by January 1, 2023. The urgency for employers to start those efforts now to meet this compliance deadline is caused by, among other things, the fact that employees have disclosure rights under the CPRA.

New York City to Restrict Use of Automated Employment Decision Tools: What Employers Should Know

Employers and employment agencies in New York City that currently utilize, or expect to utilize, automated tools to make employment decisions may wish to begin planning now for restrictions that will take effect on January 1, 2023, concerning the types of tools that may be utilized and the disclosures concerning such tools that must be provided to candidates for employment or promotions.

Michigan Supreme Court Pushes Back Effective Date for Personal Identifying Information Restrictions on Court Records

In May 2019, the Michigan Supreme Court issued rules that when implemented  generally would prohibit Michigan courts from releasing personal identifying information (PII), such as birthdates, on court records. The rules were set to go into effect on July 1, 2021. Because consumer reporting agencies (CRAs) use PII to confirm the identities of the subjects of records and to comply with verification standards set forth in the Fair Credit Reporting Act (FCRA), CRAs would have been affected by the restrictions on access to court files, potentially impacting the timely and accurate release of background check information in Michigan.

Employees’ Rights to Email Data in Germany Pursuant to Article 15 (3) GDPR

Employees may have a claim against their employers for access to information about all personal data processed by the employers pursuant to Article 15 (3), Sentence 1, of Regulation (EU) 2016/679 (General Data Protection Regulation (GDPR)). Under the GDPR, employees have a right to access, among other things, information about the purposes of personal data processing, the recipients of the data processed, and the storage period relevant to the data.

European Commission Adopts Two New Sets of Standard Contractual Clauses: What Employers Need to Know

On June 4, 2021, the European Commission adopted two new sets of standard contractual clauses (SCCs): one for data transfers from data controllers to data processors and one for data transfers from data exporters to data importers in the United States and other third countries. These new clauses update and replace the SCCs adopted in 2001, 2004, and 2010 that many employers currently use to legally transfer human resources (HR) data for employees based in the European Union (EU).