Legislative Developments

Businesses often include mandatory arbitration clauses in their pre-dispute dealings with customers to prevent costly consumer class actions in favor of streamlined (often individual) arbitration.  The Federal Arbitration Act (“FAA”) makes such arbitration agreements “valid, irrevocable, and enforceable, save upon such grounds as exist at law or in equity for the revocation of any contract.”  

The draft National E-Commerce Policy (“Draft Policy”) released by the Government of India on February 23, 2019 for stakeholder comments, has left the e-commerce sector in jitters. For global market players, the protectionist construct of the Draft Policy seems to suggest a shift of India’s focus from ‘Ease of Doing Business in India’ to ‘Make in India’. If the Draft Policy is implemented in its present form, it may have a serious impact demanding drastic change in internal strategies, policies and cost allocations for foreign companies having e-commercial presence in India. The Draft Policy is open for stakeholder comments up to March 9, 2019.

The Draft Policy focuses on: (i) restriction on cross-border flow of data; (ii) local presence and taxability of foreign entities having significant economic presence in India; (iii) creating a robust digital infrastructure for e-commerce, from online custom clearance to online resolution of consumer complaints; (iv) promoting exports from India with a boost to start-ups and small firms; and (v) regulatory changes to augment economic growth in e-commerce.

The key highlights of the Draft Policy are as follows: 
Continue Reading

With the Illinois Supreme Court’s recent decision in Rosenbach v. Six Flags Entertainment Corp., the floodgates have opened for class actions in Illinois against businesses that collect biometric information from employees or customers.  In Rosenbach, the Illinois Supreme Court decided that alleged procedural violations of Illinois’s Biometric Information Privacy Act (“BIPA”) are enough,

Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again.

This November 6th, California voters will decide on the California Consumer Privacy Act (“Act”), a statewide ballot proposition intended to give California consumers more “rights” with respect to personal information (“PII”) collected from or about them.  Much like CalOPPA, California’s Do-Not-Track and Shine the Light laws, the Act will have broader consequences for companies operating nationwide.

The Act provides certain consumer “rights” and requires companies to disclose the categories of PII collected, and identify with whom the PII is shared or sold. It also includes a right to prevent the sale of PII to third parties, and imposes requirements on businesses to safeguard PII.  If passed, the Act would take effect on November 7, 2018, but would apply to PII collected or sold by a business on or after nine (9) months from the effective date – i.e., on August 7, 2019.

Who is Covered?

The Act is intended to cover businesses that earn $50 million a year in revenue, or businesses that “sell” PII either by (1) selling 100,000 consumer’s records each year, or (2) deriving 50% of their annual revenue by selling PII. These categories of businesses must comply if they collect or sell Californians’ PII, regardless of whether they are located in California, a different state, or even a different country.
Continue Reading

The Senate yesterday confirmed all five nominees to the Federal Trade Commission by voice vote, which means the five-person body will soon be restored to full capacity after over a year with only two Commissioners.  Current Chair Ohlhausen released a statement congratulating incoming Chair Joseph Simons and soon-to-be new Commissioners Noah Phillips, Becca Slaughter, Rohit

Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and

Seven years ago, we posted about a new law in California governing automatic renewals. The law generally requires that companies: (1) clearly disclose the material offer terms before a consumers subscribes; (2) obtain affirmative consent to the terms before the consumer is charged; (3) provide a confirmation to the consumer that includes the terms, a

Last week, the Senate voted 51 to 50 (with Vice President Pence casting the tiebreaking vote) to override the Consumer Financial Protection Bureau’s Arbitration Rule, which was finalized earlier this year in July.  As previously discussed here and here, the Arbitration Rule would have prohibited providers of covered consumer financial products and services from

On October 1, 2017, a new law will take effect in New Jersey, the Personal Information and Privacy Protection Act (“PIPPA”), which will severely restrict retailers’ ability to “scan” any customer’s “identification card”–a term defined to mean “a driver’s license,” “probationary license,” “non-driver photo identification card,” or any similar card “issued…for purposes of identification.” Merely

Late last year, the Consumer Fairness Review Act became law, placing new restrictions on what companies can include in form contracts that impede consumers’ ability to communicate honest reviews of products, services, and companies in any forum. Quietly last month, the Federal Trade Commission released non-binding business guidance on how organizations can comply with the