Insights

San Francisco – December 21, 2020: In a novel constitutional case, Crowell & Moring secured a decisive victory for the University of California (UC) by defeating a motion for preliminary injunction which sought to halt the implementation of an Executive Order requiring that all UC students, employees, and faculty working, studying, or living on campus to get a flu shot by November 1. UC was one of dozens of U.S. colleges and universities that implemented a flu vaccine requirement this year, due to the confluence of the 2020-21 flu season and the unprecedented COVID-19 pandemic.

Washington – January 2, 2020: Crowell & Moring elected eight lawyers to the firm’s partnership, effective January 1, 2020. The firm also promoted seven attorneys to the position of senior counsel, and 26 associates to the position of counsel. The new partners have been promoted from within the ranks of the firm’s Washington, Los Angeles, and San Francisco offices. The new partners have been promoted from across offices and practice groups, including White Collar & Regulatory Enforcement, Health Care, International Trade, Intellectual Property, Privacy & Cybersecurity, Government Contracts, Litigation, and Antitrust.

The rapid and evolving development of artificial intelligence (“AI”) has alarmed various government agencies, especially the Federal Trade Commission (“FTC”).  On November 21, the FTC approved an omnibus resolution simplifying the process for its staff to issue civil investigative demands (“CIDs”) in AI investigations.  This resolution comes on the heels of President Biden’s October executive order establishing new standards for AI safety and security.  Both actions may increase exposure for businesses involved in the use of products and services that use or are produced through AI.  Businesses should be knowledgeable about their use and marketing of AI and ensure their products and conduct do not pose a risk to consumers or competition.

On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user requests to opt out of sale via user-enabled global privacy controls, and cure these violations within the 30-day period currently allowed by the CCPA.

On August 11, 2022, the Federal Trade Commission (“FTC”, the “Commission”) published an Advance Notice of Proposed Rulemaking (“ANPR”, the “Notice”) intended to address what the FTC refers to as “commercial surveillance and lax data security practices,” involving companies’ collection, use and monetization of consumer data in ways that harm consumers and impact competition.  This ANPR marks the beginning of a long process that may or may not result in a final rule. This process begins with a sixty-day period after the ANPR’s publication in the Federal Register during which the Commission will accept public comment. Specifically, the FTC solicits public comment regarding:

Corporate Counsel speaks with San Francisco partner Kristin Madigan, who observes that when in-house counsel hear the phrase ‘AI’ or ‘algorithms,’ it’s a signal that this is a product or tool that requires further scrutiny and that AI tool providers also want to make sure their products are used as they intended.

In the Bloomberg Law article "Biden's Executive Order Links Data Collection to Competition," San Francisco partner Kristin Madigan discusses how privacy rules could be a game-changer for the federal regulator’s ability to enforce consumer data protections.

Imagine a customer walking into a clothing store. She browses the racks, selects a few items, and asks the sales associate for a dressing room. She walks into the dressing room and tries on the clothes. Then she heads to the counter, pays for some of the items, and leaves.

The rise of artificial intelligence has captured public imagination in ways both good and bad, realistic and fantastical. AI is transforming every sector of industry, raising numerous, difficult legal and ethical issues ranging from contracting to liability to intellectual property and more. Over the next two days, our panelists will walk you through the technology and issues you need to understand today. You’ll leave with practical insight into how to confront the thorny problems that AI raises, and you’ll also get a sense of what’s coming next. We’ve designed plenty of opportunities for you to ask questions and talk with our panelists, particularly at the cocktail reception at the end of our first day together.

Crowell & Moring Partner Kristin Madigan, a member of the firm's Privacy & Cybersecurity Group, will be speaking at this year's Annual Internet of Things Virtual National Institute, hosted by ABA's Science and Technology Law Section, will be taking place virtually September 12-13. Her presentation, "Privacy in the Multiverse of Madness: Protecting Data in Real Life and Beyond," will take place on September 13th from 11:30 a.m. - 12:30 p.m. ET (CLE Offered).

The regulation of connected devices is an ongoing process at the federal and state level, and manufacturers have to contend with a variety of stringent regulations. For example, California’s IoT cybersecurity law went into effect at the beginning of 2020 and requires the manufacturer of a connected device include “a reasonable security feature or features that are…[d]esigned to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” A number of other states, including Illinois, Maryland, Massachusetts, New York, and Oregon, have passed, or are considering similar laws. The federal government is also very interested in this area, and multiple U.S. federal agencies have authority over different aspects of IoT devices.

With companies paying out millions of dollars in ransoms and recent statements by government officials making clear that ransomware attacks now take their place alongside supply chain attacks, cyber-theft, and disinformation campaigns as national security threats in the digital age, it’s no surprise that ransomware is all over the news. While there’s no question that these attacks pose a significant risk to global companies, developing a solid plan for preventing and responding to attacks before they happen – and following that plan when they do – isn’t always an easy task. Fortunately, Crowell & Moring is here to help.