Now more than ever, technology is influencing the way we do business, communicate, move through and around the world, access and manage our homes, receive and administer healthcare, make purchases, secure information, and protect our most valuable property. Morrison Foerster keeps pace with this rapidly evolving landscape across our internationally recognized corporate, finance, intellectual property, and litigation practices. MoFo Tech brings together our insights relating to fields such as blockchain and distributed ledger, cloud and as-a-service technologies, driverless cars, drones, fintech, computer hardware and software, the Internet of Things, semiconductors, and telecommunications. The MoFo Tech blog offers real-time, in-depth analyses of the trends and complex issues shaping the global technology industry.<h2>ABOUT MORRISON FOERSTER</h2>Morrison Foerster is a leading global law firm that transforms complexity into advantage for its clients. Our clients include some of the largest financial institutions, banks, consulting and accounting firms, and Fortune 100, technology, and life sciences companies. Highlighting the firm’s commitment to client service, leadership in market-changing deals and impact litigation, and values-based culture, Morrison Foerster has been repeatedly recognized as one of the top 10 firms on The American Lawyer’s A-List. Year after year, the firm receives significant recognition from Chambers and The Legal 500 across their various guides, including Global, USA, Asia‑Pacific, Europe, UK, Latin America, and FinTech Legal. Our lawyers passionately care about delivering legal excellence while living our values. Morrison Foerster has a long-standing commitment to creating a culture that respects and celebrates differences, while providing an inclusive environment. The firm has achieved Mansfield Certification Plus since 2018 as a result of successfully reaching at least 30 percent women, communities of color, and LGBTQ+ lawyer representation in a notable number of current leadership roles and committees. The firm also has a long history of commitment to the community and society through providing pro bono legal services, including litigating for civil rights and civil liberties, improving public education and fostering the wellbeing of children, advocating for veterans, promoting international human rights, enforcing the right to asylum, and safeguarding the environment.

Social

Search

testimage.jpg

MoFo Tech

Scott Llewellyn’s practice focuses on complex litigation in federal and state courts around the country, with an emphasis on patent and trade secret disputes. Over the past decade, he has worked on some of the most significant, high–profile IP cases involving technology for televisions, smartphones, and self–driving cars, relying on 40 years of experience with computer hardware and software. Scott also has significant experience with business divorce cases before courts and arbitrators, involving a mix of trade secret, patent, tort, and contract claims relating to technology development and implementation.Scott also has successfully tried general commercial arbitration and agency matters, briefed and argued various appeals in federal appellate court, and tried more than 20 cases for the Denver City Attorney’s office, most of them jury trials.Scott also has an active pro bono practice, having worked on a variety of criminal and immigration appeals, and having represented Colorado criminal defense and mental health organizations in high–profile suits against the state of Colorado for violations of the constitutional rights of defendants.At MoFo, Scott serves on the board of the Morrison & Foerster Foundation. In the broader legal community, he serves on the boards of the Colorado Lawyers Committee and Drop in the Bucket (a charity that builds wells and sanitation systems in sub–Saharan Africa).After law school, Scott clerked for the Honorable Clarence A. Brimmer, District of Wyoming, and the Honorable Diarmuid F. O’Scannlain, Ninth Circuit. He was also previously an adjunct professor at the Georgetown University Law Center.

llewellyn_scott_blog_150x150.png

llewellyn_scott_common_640x280.jpg

llewellyn_scott_heroretina_2700x1160.jpg

llewellyn_scott_mobileretina_750x1040.jpg

llewellyn_scott_social_600x600.jpg

Partner

Scott Llewellyn’s practice involves complex litigation before state and federal courts around the country, with an emphasis on patent and trade secret disputes for high-tech companies, to which he brings more than 35 years of experience with computer hardware and software, in particular relating to the processing and transmission of audio, video, voice, and other types of data. Mr. Llewellyn has also tried commercial arbitration and agency matters; briefed and argued various appeals in federal appellate court; and tried more than 20 cases for the Denver city attorney’s office, most of them jury trials.

Scott F. Llewellyn

favicon.ico

favicon-16x16.png

favicon-32x32.png

apple-touch-icon.png

MoFo Favicons

MoFo Tech brings together legal insights and in-depth analyses on trends and complex issues shaping the global technology industry, covering fields such as blockchain and distributed ledger, cloud and SaaS technologies, driverless cars, drones, FinTech, computer hardware and software, the IoT, semiconductors, and telecommunications.

Mofo Tech testimage

Announcements

Welcome to the MoFo Tech Blog

Blog - Blog Disclaimer

Blog - Terms of Use

Blog - Privacy Policy

Blog - Attorney Advertising

morrison-foerster-blog-logo.png

Provides insights and reports on the most current class actions lawsuits and product liability issues that affect consumer-facing companies.

Class Dismissed Blog

Class Dismissed

In-depth analysis of developments and trends impacting government contracting.

Government Contract Insights Blog

Government Contract Insights

Government Contracts Insights Blog

Govcon

News and thought leadership from lawyers who are adding value to the legal profession and the communities we call home.

  External-Link

MoFo + Blog

MoFo+ Together

MoFo Tech brings together legal insights and in-depth analyses on trends and complex issues shaping the global technology industry, covering fields such as blockchain and distributed ledger, cloud and SaaS technologies, driverless cars, drones, FinTech, computer hardware and software, the IoT, semiconductors, and telecommunications.

MoFo Tech

  Linkedin

MoFo LinkedIN

MoFo Tech Blog - RSS

Stay Connected

At the Intersection of Technology, Law, and Business

At the Intersection of Technology, Law, and Business

Morrison Foerster - Footer

Blogs -  Home Button

Home

Blog - Topics

Telecommunications

Artificial Intelligence

Asia

Cloud Services + SaaS

European Union

Financings

Fintech

Hardware

Intellectual Property

Internet of Things

Litigation

Mergers + Acquisitions

Privacy + Data Security

Regulatory

Software

Tech Talks

Topics

Blog - Editors

Editors

Blog - About

About

Blog - Subscribe

Subscribe

More

Recentive: Federal Circuit’s Patent-Eligibility Guideposts for Machine-Learning Inventions

Japan’s Approach to AI Regulation in 2025

Federal Circuit Clarifies Requirements for Prior Art Under Pre-AIA 35 U.S.C. § 102(e)

AI Agent as a Service in Medtech - Key Considerations for Commercial Contracts

D.C. Circuit Holds that Works Created Solely by AI are Not Copyrightable

With privacy and data security issues dominating headlines over the past year, the Federal Trade Commission – the Nation’s top privacy watchdog – has had its hands full. The FTC’s recently released 2018 “Privacy and Data Security Update” reflects this flurry of activity. The report provides an overview of the FTC’s significant 2018 privacy and data security enforcement actions as well as the other tools the agency uses to promote consumer privacy and data security. In summarizing its 2018 activity, the FTC provides insight into its 2019 priorities and its overall approach to consumer privacy and data security. In this alert, we discuss the highlights of the report and key takeaways. Read our <a href="https://protect-us.mimecast.com/s/YArUCwpR2xS54vMJh95mfk">client alert</a>.

oneill_julie_blog_150x150.png

oneill_julie_common_640x280.jpg

oneill_julie_heroretina_2700x1160.jpg

oneill_julie_mobileretina_750x1040.jpg

oneill_julie_social_600x600.jpg

Clients seek out Julie because of her practical advice on cutting-edge issues at the intersection of privacy and consumer protection laws. She provides clients with practical solutions to compliance c

Julie O'Neill

Clients seek out Julie because of her practical advice on cutting-edge issues at the intersection of privacy and consumer protection laws. She provides clients with practical solutions to compliance challenges around a wide variety of both online and offline privacy issues, including tracking, interest-based advertising, geo-targeting and other mobile tracking, personalization, and cross-device tracking. Recognized in The Legal 500 US 2014, 2016, 2019, and 2020 and Chambers USA 2021 for her exceptional legal work, her clients praise her saying, “She is really good at giving practical, targeted advice and taking stock of what the risk profile of the client is, so that the advice is holistic.” (Chambers USA 2021).

mofotechblog-litigation-600x295-scales.jpg

FTC Releases 2018 Privacy and Data Security Update Report

California Supreme Court Clarifies Standards for Whistleblower Claims Under California Labor Code Section 1102.5

638601140

With privacy and data security issues dominating headlines over the past year, the Federal Trade Commission – the Nation’s top privacy watchdog – has had its ha

FTC Releases 2018 Privacy and Data Security Update Report

The machines are taking over.  Not always apparent, but Artificial Intelligence (AI) and machine learning (ML) are finding footholds in numerous industries.  One area in which AI is rapidly on the rise relates to employment practices and employee control.  But before embracing the future, employers should be well informed about the risks inherent with ceding control to robots. Black Box Hiring PracticesCompanies are only as good as their employees.  With the current strong job market, employers of all sizes struggle to identify, recruit, and hire talent.  As companies grow, many have turned to novel technologies to assist, guide, and (in some instances) take over the talent recruitment and selection process.  According to a December 2016 Harvard Business Review article, in some cases AI screening software systems used by businesses eliminate more than 70 percent of job applicants without any human interaction.[1]Companies tout the efficiencies offered by AI hiring algorithms.  They can save time and money, and (in theory) help identify the candidates best-suited for open positions.  But, what happens when an apparently-qualified job seeker is summarily rejected because a computer algorithm decided she was not a good fit?  The candidate may ask for more details—specifically what in her resume eliminated her from consideration?  Was it the school the candidate attended?  Maybe the computer rejected her because it thinks she had an unacceptable  gap between jobs based on the summer she spent in the Middle East for what appears (to the computer program) to be a religious pilgrimage.  Perhaps the candidate’s professed interest in baking set off silent alarms in the AI framework because it has seen too many data sets that confirm bakers are almost always poor people managers.  Or maybe the candidate submitted her application very late at night, and the AI has determined candidates emailing after business hours more than likely procrastinators and underperformers. Of course, some of these connections appear absurd.  Whether a company is reviewing 10 resumes for a position or 1,000, challenging decisions—not always cleanly tied to concrete data points—must be made when screening or eliminating potential job applicants. The benefit of AI and ML is they (for better or worse) make connections using data points humans never would consider.  This benefit can have an unsavory side.  Where it may save the company time and money in the hunt to identify top talent, unrefined AI may have hidden biases that create illegal hiring decisions without company personnel even realizing it.  Because “algorithms mimic human decision making,” they can “learn from past successes, which may embed existing bias.”[2]  Take the example of a company dominated by white male leaders that has successfully run for years, consistently posting profits with above-average employee satisfaction.  The AI is likely to be programmed with a goal of maintaining that level of success, and the company may inadvertently input data points that provide a bias towards preferring candidates with profiles that are largely white men.  Even if the company intends to eliminate bias from AI selections, the AI making the initial screening decisions is unlikely to worry about discriminatory outcomes.  Using AI and ML systems with such latent biases risks excluding applicants based on protected classes (like age, race, gender, or disability) and exposing the company to discrimination claims. Although such concerns may encourage employers to limit the use of AI and ML, companies can still benefit from the use of such technology if they implement appropriate data input, human oversight, and reasonable guardrails to minimize biases in these programs.  Companies should regularly observe data sets used by the AI system, with a particular focus on how the AI is incorporating, connecting, and utilizing the data provided.  An example of an appropriate guardrail is adding a coded instruction limiting the weight AI applies to certain factors likely to result in biased decisions (like gender, country of origin, and religious affiliation).[3]  Employers should also consider avoid limiting or prohibiting AI from analyzing names or other data points about an applicant that may expose the AI to learning a candidate’s protected characteristics (e.g., ethnicity).  Continual monitoring of AI and ML systems will also increase the likelihood of them remaining free of unlawful biases.Big DataIn a similar vein, most major companies are using large datasets known as “Big Data” to better manage and track inventory, automatically identify and service equipment failures and security breaches, create safer work environments, and improve employee efficiency.  Big Data can also be replete with hidden liabilities for the unaware.  If a company, for example, is harvesting biometric information for employees, such as fingerprints, handprints, or optical scans, for security access to facilities or for time-tracking systems, the company could face increased litigation risks. For example, Illinois state courts have recently experienced a significant increase in privacy class actions under the Illinois Biometric Information Privacy Act (BIPA), which requires employers to provide written notice and obtain consent from employees and customers prior to collecting or storing biometric data.  Although many states do not currently have the same protections as Illinois, other states like Texas and Washington have proposed laws governing employer use of biometric information. The data some employers are capturing for seemingly legitimate reasons could run afoul of various privacy protections.  For example, a company may desire to improve safety for workers by embedding connected sensors in employee uniforms to detect toxins or chemicals in the workplace or monitor employee vitals when performing physically demanding tasks.  If those same sensors inadvertently monitor employee movement patterns or identify legally protected medical conditions, absent an employer having a legitimate justification for collecting that data and appropriate notice to the employees, it could expose the employer to liability in some jurisdictions.  Likewise, the employer could use data collected on employee movements in the workplace to inadvertently make unlawful employment decision.  For example, if an employee takes frequent breaks during the workday, the company may discipline the employee, believing the employee is violating company policy or failing to meet performance standards.  But, in reality, the employee may be taking increased breaks due to a protected medical condition that causes him to use the restroom frequently.   While using Big Data in the workplace can make good business sense, employers should keep in mind the following considerations when relying on Big Data.<ul><li>Know what data is being collected and why it is being collected.  Indiscriminately collecting any and all data available is not advised.  Companies should be mindful of what types of data they are collecting, and why they are collecting it.  Generally, when deciding what information to collect, document the strong business case for collecting that data to show how its impact on employee privacy interests will be limited.  Excessive data collection is harder to defend.  Working with experienced in-house or external professionals and attorneys to review and audit data collection can help identify potential liabilities and put appropriate safeguards in place to limit exposure. </li><li>Give proper notice to employees.  Even in jurisdictions where notice of data collection is not required, companies should be transparent with their employees regarding data collection that might infringe on employee privacy.  Such transparency can reduce the possibility of litigation and related bad press.</li><li>Be thoughtful about how long the data is stored.  Data storage is continually getting cheaper, but that does not mean companies have free rein to store gargantuan amounts of information on employees.  The longer companies store data, the more potential for legal risk.  If maintaining data for long periods is needed for a legitimate business reason, companies should consider aggregating the data in a manner that removes personalized employee information.</li></ul>[1] “Hiring Algorithms Are Not Neutral,” Harvard Business Review, G. Mann and C. O’Neil, December 9, 2016, available at <a href="https://hbr.org/2016/12/hiring-algorithms-are-not-neutral">https://hbr.org/2016/12/hiring-algorithms-are-not-neutral</a>.[2] Id.[3] Morrison & Foerster’s senior of counsel Lokke Moerel claims that bias does not result because “there is an error in the algorithm, but because the data use to train the algorithm are ‘biased.’”  She further argues that the practice of “blinding” algorithms to certain data points does not promote equality or fairness.  Rather, the solution is to allow the algorithm access to, but actively train the algorithm against overreliance on, those factors.   “Algorithms Can Reduce Discrimination, but Only with Proper Data,” 2018, available at <a href="https://iapp.org/news/a/algorithms-can-reduce-discrimination-but-only-with-proper-data/">https://iapp.org/news/a/algorithms-can-reduce-discrimination-but-only-with-proper-data/</a>

mofotechblog-cloud-600x295-man-red-tie.jpg

Employment Practices and Future Technologies - Taking the Human Out of Human Resources

Clashing With Second Circuit, Court Orders Google to Turn Over Foreign-Stored Data

mofotechblog-cloud-600x295-man-red-tie

The machines are taking over.  Not always apparent, but Artificial Intelligence (AI) and machine learning (ML) are finding footholds in numerous industries.  On

Employment Practices and Future Technologies - Taking the Human Out of Human Resources

If you thought California’s privacy laws couldn’t get any tougher, think again. The California Legislature has proposed amendments to the California Consumer Privacy Act and additional privacy bills that could expand businesses’ privacy and data security obligations and heighten liability for noncompliance.  These proposals confirm that the dust is far from settled in California with respect to the CCPA specifically and privacy regulation generally.Proposed CCPA Amendments.  On February 25, 2019, Senator Hannah-Beth Jackson <a href="https://oag.ca.gov/news/press-releases/attorney-general-becerra-senator-jackson-introduce-legislation-strengthen">announced</a> proposed amendments to the CCPA (<a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200SB561">SB 561</a>), backed by the California Attorney General, which would dramatically change enforcement of the Act by:<ul><li>Expanding the private right of action to cover any violation of the Act.  The Act limits consumers to suing if their personal information is involved in certain data security incidents.  Cal. Civ. Code § 1798.150(a).  SB 561 would expand the private right of action to cover any violation of the Act, including violations related to compliance with the Act’s individual rights provisions.  This change increases businesses’ litigation risk and exposure arising out of the Act’s broad (and in many ways ambiguous) requirements.</li><li>Eliminating businesses’ ability to cure violations before AG enforcement can occur.  The Act currently requires the AG to notify businesses of alleged noncompliance and give businesses thirty days to cure alleged violations before bringing an enforcement action.  Cal. Civ. Code § 1798.155(b).  SB 561 would eliminate this “right to cure,” allowing the AG to sue without notice.</li><li>Removing the AG’s obligation to provide compliance guidance to businesses.  The amendments would remove businesses’ ability to seek the AG’s guidance on how to comply with the Act, Cal. Civ. Code § 1798.155(a), instead providing that the AG may publish general compliance guidance.</li></ul>In backing SB 561, the AG has renewed requests for changes the Legislature declined to adopt in August 2018, when it approved other amendments to the Act (<a href="https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB1121">SB 1121</a>).  Whether the AG’s proposed amendments will gain traction in the Legislature this session remains to be seen.  The Legislature must also consider SB 561 in connection with other proposed CCPA amendments that would expand exemptions under the Act,<a name="_ftnref1" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[1]</a> clarify required mechanisms to submit consumer requests,<a name="_ftnref2" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[2]</a> and make nonsubstantive changes.<a name="_ftnref3" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[3]</a>  And, it is likely that there will be additional amendments on the table as well.Additional Privacy Bills.  California Assembly Members have recently introduced other privacy bills that would expand the State’s existing privacy laws, including:<ul><li><a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB288">AB 288</a> – Social Media Privacy. This bill would require social media companies to give users the option to have their personally identifiable information permanently removed from company records and excluded from sale when users close their accounts.  AB 288 includes a private right of action permitting consumers to sue for violations.</li><li><a href="https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB950">AB 950</a> – Consumer Privacy Protection. This bill would require businesses that collect California residents’ consumer data to disclose the average monetary value to the business of consumers’ data and any use of such data that is not directly related to providing services to consumers.  The bill would also require businesses that sell California residents’ consumer data to disclose the average price the business receives for consumers’ data and the actual price it received for a consumer’s data in response to a verified request by the consumer.</li><li><a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1035">AB 1035</a> – Personal Information: data breaches.  This bill would require businesses to disclose data breaches involving personal information within 72 hours of discovering the breach.</li><li><a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1202">AB 1202</a> – Privacy: data brokers.  This bill would require data brokers to register with, and provide certain information to, the AG and would require the AG to publicize that information on the AG’s website.  The AG could sue data brokers for noncompliance.</li><li><a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1281">AB 1281</a> – Privacy: facial recognition technology: disclosure.  This bill would require a business in California that use facial recognition technology to disclose that usage in a clear and conspicuous physical sign posted at the entrance of locations where such technology is used.  Violations would constitute “unfair competition” under California’s Unfair Competition Law.</li><li><a href="http://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201920200AB1395">AB 1395</a> – Smart Speaker Privacy Act. This bill would prohibit “smart speaker devices,” and manufacturers of such devices, from saving or storing voice data collected by the devices.</li></ul>This legislative activity suggests that privacy regulation is a priority for the Legislature and remains top of mind for consumer advocates.  It will be important for businesses to be mindful of the full privacy landscape as they plan for and focus on CCPA compliance this year.<a name="_ftn1" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[1]</a> See <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1146">AB 1146</a> (exempts vehicle information shared between a new motor vehicle dealer and specified parties in relation to certain vehicle repairs); <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1355">AB 1355</a> (excludes deidentified or aggregate consumer information from the definition of personal information under the Act); and <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1416">AB 1416</a> (confirms the Act does not restrict businesses’ ability to comply with the law, exercise or defend legal claims, protect against fraud, security incidents, or other illegal activity, or investigate, report, or prosecute those responsible for such activity).<a name="_ftn2" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[2]</a> See <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1564">AB 1564</a> (requires businesses to provide consumers with a toll-free number or email address to submit requests and, if the business maintains a website, a website to submit requests).<a name="_ftn3" href="https://classdismissed.mofo.com/consumer-products/ca-seeks-to-strengthen-tough-privacy-laws/#3998465-v5-CCPA_Amendments_and_CA_Privacy_Bills_Update.docx">[3]</a> See <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1760">AB 1760</a> (nonsubstantive changes to deletion right); <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200AB1758">AB 1758</a> (nonsubstantive changes to provision confirming Act does not require businesses to retain personal information for a single, one‑time transaction if the business does not sell or retain the information); <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200SB752">SB 752</a> (nonsubstantive changes to financial incentive provision); and <a href="http://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201920200SB753">SB 753</a> (nonsubstantive changes to requirement to provide opt-out link on internet homepage).

patel_purvi_blog_150x150.png

patel_purvi_common_640x280.jpg

patel_purvi_heroretina_2700x1160.jpg

patel_purvi_mobileretina_750x1040.jpg

patel_purvi_social_600x600.jpg

Purvi G. Patel is the former managing partner of the Los Angeles Office. She represents retail, e-commerce, and other businesses in significant advertising, unfair competition, consumer fraud, and privacy matters.

Purvi G. Patel is the former managing partner of the Los Angeles Office. She represents retail, e-commerce, and other businesses in significant advertising, unfair competition, consumer fraud, and privacy 

Purvi G. Patel

Purvi G. Patel defends retail, e-commerce, and other businesses in significant advertising, unfair competition, consumer fraud, and privacy matters. She has built a robust practice defending household names in complex and class action litigation in federal and state courts across the country, winning motions to dismiss, defeating class certification, and securing summary disposition in several multi-million dollar lawsuits. Purvi is a strategic and practical thinker who is in tune with her clients’ priorities, which leads to successful outcomes both inside and outside the courthouse.

Purvi Patel

mofotechblog-litigation-600x295-gavel.jpg

California Seeks to Strengthen Tough Privacy Laws

The Madden Saga Continues: On Remand, Madden Survives Summary Judgment and District Court Certifies Class

637294178

If you thought California’s privacy laws couldn’t get any tougher, think again. The California Legislature has proposed amendments to the California Consumer Pr

California Seeks to Strengthen Tough Privacy Laws

The cost for violating the Children’s Online Privacy Protection Act (COPPA), intended to ensure parents are informed about, and can control, the online collection of personal information (PI) from their children under age thirteen, has been steadily rising, and companies subject to the law should take heed.  Last week, the Federal Trade Commission (FTC) announced a record-setting $5.7 million settlement with the Shanghai-based mobile app company Musical.ly (now operating as “TikTok”)  for a myriad of COPPA violations, including failure to obtain parental consent and failure to properly delete children’s PI upon a parent’s request.

mofotechblog-iot-600x295-hive.jpg

Thank You, Next Enforcement: Music Video App Violates COPPA, Will Pay $5.7 Million

NTIA Announces New Multistakeholder Process for IOT Security Issues

mofotechblog-iot-600x295-hive

The cost for violating the Children’s Online Privacy Protection Act (COPPA), intended to ensure parents are informed about, and can control, the online collecti

Thank You, Next Enforcement: Music Video App Violates COPPA, Will Pay $5.7 Million

One of the next big items in Europe will be the expansion of “ePrivacy,” (which, among other things, regulates the use of cookies on websites). While the ePrivacy reform is still being worked on by EU lawmakers, one of the items the ePrivacy Regulation is expected to update is the use of “cookie walls.” Recently, the Austrian and UK data protection authorities (DPAs) issued enforcement actions involving the use of cookie walls, albeit with different findings and conclusions.Read our <a href="https://protect-us.mimecast.com/s/HrQECL950GH0kl13hPNqYk">client alert</a>.

van-der-wolk_alex_blog_150x150.png

van-der-wolk_alex_common_640x280.jpg

van-der-wolk_alex_heroretina_2700x1160.jpg

van-der-wolk_alex_mobileretina_750x1040.jpg

van-der-wolk_alex_social_600x600.jpg

Managing Partner, Amsterdam and Brussels

Alex van der Wolk, co-chair of Morrison Foerster’s preeminent Global Privacy & Data Security practice and managing partner of the firm’s Amsterdam and Brussels offices, employs his nearly 20 years of experience to advise global companies on their most complex data strategies and compliance programs governing all aspects of information management. 

With more than a decade of experience, Mr. van der Wolk helps clients develop privacy strategies for digital transformations, industrial IoT, telematics, Big Data, commercial and marketing programs, a

Alex van der Wolk

Alex van der Wolk, co-chair of Morrison Foerster’s preeminent Global Privacy & Data Security practice and managing partner of the firm’s Brussels office, employs his nearly 20 years of experience to advise global companies on their most complex data strategies and compliance programs governing all aspects of information management.

samavi_mercedes_blog_150x150.png

samavi_mercedes_common_640x280.jpg

samavi_mercedes_heroretina_2700x1160.jpg

samavi_mercedes_mobileretina_750x1040.jpg

samavi_mercedes_social_600x600.jpg

Of Counsel

Mercedes Samavi is an associate based in the London office of Morrison & Foerster and a member of both the Technology Transactions Group and the Global Privacy Group.
Mercedes advises domestic and int

Mercedes Samavi

mofotechblog-software-600x295-code-2.jpg

The Cookie Wall Must Go Up. Or Not?

Court Allows Microsoft to Challenge Secrecy of User Data Requests

629285904

One of the next big items in Europe will be the expansion of “ePrivacy,” (which, among other things, regulates the use of cookies on websites). While the ePriva

The Cookie Wall Must Go Up. Or Not?

By all accounts 2019 will bring significant expansion in the use and development of artificial intelligence (AI) by the U.S. federal government.  Notwithstanding some <a href="https://www.axios.com/power-shift-artificial-intelligence-funding-government-51f9a28a-0da5-4787-b84f-a69c9b9c92da.html">well-publicized rejections by industry</a> of the use of their AI technologies for offensive military and surveillance applications, the federal government remains a major supporter of and customer for AI technologies.  Below we outline some of the current federal government players in the AI space and their plans for the coming year.DARPAThe Defense Advanced Research Projects Agency (DARPA) is the research arm of the Department of Defense (DoD), initially developed to compete with the Soviet Union’s technological developments in the Cold War era.  Through a combination of innovative contracting methods and cooperative efforts, DARPA aims to include non-traditional defense contractors in the development of technologies with potential military applications. DARPA’s involvement in AI began in the 1960s, with a focus on rule-based systems performing narrowly defined tasks.  In the 1990s, AI expanded to include machine learning, which enabled analysis of large amounts of data, leading to important commercial and government applications. In fact, some of the first successes in AI were funded by DARPA, including the development of expert systems and search capabilities and advances in machine learning algorithms.In July 2018, DARPA announced the establishment of its <a href="https://www.darpa.mil/news-events/2018-07-20a">Artificial Intelligence Exploration (AIE) program</a>, which will utilize unique funding opportunities and streamlined contracting procedures to explore the feasibility of new AI concepts within 18 months with a goal of spurring major AI breakthroughs.  AIE awards of up to $1 million will be described in the issued AIE opportunities to be published on the FedBizOpps website under Program Announcement DARPA-PA-18-02.DARPA also announced a multi-year investment in its new “AI Next” campaign, which will set aside more than $2 billion to address AI needs.  Among the goals of AI Next are automation of critical DoD business processes including security clearance vetting and software accreditation, enhancing machine learning security and reliability, and developing the next generation “third wave” of AI.  With AI Next, DARPA has announced its intention to move beyond “first wave” (rule-based) and “second wave” (statistical learning-based) AI to a new “third wave” of AI theory and applications that involve contextual adaptation utilizing models to explain and drive decision-making.  This third wave of AI will address some of the limitations of the prior wave technologies and enable AI to adapt to changing situations.In March 2019, DARPA will host an <a href="https://www.darpa.mil/news-events/artificial-intelligence-colloquium">AI Colloquium</a> that will bring together leaders in DoD and across industry to explore how AI technologies can apply to military missions.IARPAThe Intelligence Advanced Research Projects Activity (IARPA) is planning two upcoming AI-related programs. The first, called Secure, Assured, Intelligent Learning Systems (SAILS), is designed to explore ways to prevent attackers from revealing personally identifiable information contained in training data and statistical information used to train AI systems.  With SAILS, IARPA seeks ways to protect personal privacy by making machine learning algorithms less vulnerable to reverse engineering that reveals underlying data.  A second IARPA project, called TrojAI, aims to combat “Trojan horse” attacks, in which an attacker attempts to confuse or disrupt an intelligent system by injecting false data into a training data set.  For example, if an attacker injects fraudulent or distorted images of stop signs into the algorithms that teach self-driving vehicles to recognize stop signs using images containing the signs, the algorithm may fail to recognize certain stop signs in the real world, potentially putting lives at risk. TrojAI aims to develop software that can scan the output of an algorithm to determine whether the algorithm has been attacked in this manner.National Science FoundationThe National Science Foundation (NSF), a federal agency that supports fundamental research and education in all the non-medical fields of science and engineering, has a long history of supporting AI research.  The NSF is uniquely positioned to bring together various disciplines, including mathematics, computer science, engineering, cognitive science, psychology and linguistics to coordinate in the enhancement of AI capabilities.  The NSF has a number of funding opportunities to support AI research.  For example, the NSF is currently supporting EArly-concept Grants for Exploratory Research (EAGERs) to examine and understand the social challenges arising from AI technology and ways to overcome those challenges.  NSF recognizes that AI is only useful to the extent that the public embraces and accepts the technology.The White HouseIn late 2016, the Obama administration published the first <a href="https://www.nitrd.gov/PUBS/national_ai_rd_strategic_plan.pdf">U.S. strategic plan for AI research and development</a>, which outlined funding priorities for the federal government.  Following this lead, the Trump administration has taken additional steps to develop an AI strategy.  The White House hosted a May 2018 conference of government officials, industry leaders and academia at which the attendees discussed “the promise of AI” and identified the policies needed to encourage AI innovation in the United States.  Industry sectors represented at the summit included food and agriculture, energy and manufacturing, financial services, healthcare, and transportation and logistics.  President Trump’s FY2019 Budget Request was the first to designate artificial intelligence and autonomous and unmanned systems as Administration R&D priorities. In mid-February 2019, President Trump issued a new Executive Order on maintaining U.S. leadership in the field of AI.  The Order recognizes the essential role of the federal government in advancing AI research and development, promoting the trust of the American people in AI, training the U.S. workforce in AI, and protecting U.S. companies’ AI technology from competitors and nation states seeking to access technology by improper means.  To accomplish these goals, the Order announced the plan for a coordinated federal government strategy, the American AI Initiative.  The Initiative is to be coordinated by the National Science and Technology Council Select Committee on Artificial Intelligence, and implemented by those federal agencies (like DARPA, IARPA, and the NSF) that conduct foundational AI R&D, develop and deploy applications of AI technologies, provide educational grants, and regulate and provide guidance for applications of AI technologies.In sum, the foundational principles are in place to encourage a major expansion in federal AI-related R&D and adoption of AI technologies.  It remains to be seen precisely how readily a shift to AI will take place.  In the near term, companies seeking to further develop AI technologies should consider partnering with the federal government to take advantage of the availability of federal funding and the current buzz around all things AI.

reynolds_tina_blog_150x150.png

reynolds_tina_common_640x280.jpg

reynolds_tina_heroretina_2700x1160.jpg

reynolds_tina_mobileretina_750x1040.jpg

reynolds_tina_social_600x600.jpg

Tina is a partner in Morrison & Foerster’s Government Contracts practice. She represents a wide variety of government contractors including information technology, defense, biotechnology, and pharmace

Tina Reynolds

Tina is co-chair of Morrison Foerster’s Government Contracts & Public Procurement practice. She counsels a wide variety of government contractors on compliance with federal acquisition and ethics regulations. She drafts and negotiates contracts on their behalf and has been involved with numerous internal investigations and compliance reviews, and with bid protest, contract claims, and False Claims Act litigation. She also advises on M&A transactions involving government contractors.

Tina D. Reynolds

mofotechblog-ip-600x295-lightbulb.jpg

Federal Government Expansion and Application of Artificial Intelligence Technologies

Supreme Court Restricts the Extraterritorial Reach of U.S. Patent Law for Exported Goods

121901743

By all accounts 2019 will bring significant expansion in the use and development of artificial intelligence (AI) by the U.S. federal government.  Notwithstandin

Federal Government Expansion and Application of Artificial Intelligence Technologies

A recent decision indicates that failure to comply with the Illinois biometric privacy law may expose businesses to significant liability, even where there has been no actual harm to the plaintiffs. Can a user of a cloud-based photo-sharing and storage service sue the provider of that service for extracting and retaining, without consent, the user's facial scans from uploaded photos—even without any subsequent breach or sale of that data? How about an individual who is required to scan a fingerprint in order to use a season pass at an amusement park, also without any subsequent disclosure? In recent weeks, courts have given conflicting answers to these and similar questions under the Illinois Biometric Information Privacy Act (BIPA)—the United States' toughest biometric privacy law.Read our <a href="https://protect-us.mimecast.com/s/N4kvCYElrZFWrvynh9SB9u">client alert</a>.

mofotechblog-regulatory-600x295-gavel.jpg

A Complete About-Face: Courts Disagree on Harm Requirement Under Biometric Privacy Law

811079234

A recent decision indicates that failure to comply with the Illinois biometric privacy law may expose businesses to significant liability, even where there has 

A Complete About-Face: Courts Disagree on Harm Requirement Under Biometric Privacy Law

Dario de Martino discusses the real possibilities and opportunities around security tokens, from a business standpoint, the legal perspective, and from a retail investor point of view. Topics include:<ul><li>What are the advantages of tokenizing securities?</li><li>How do Securities laws work generally in the U.S.?</li><li>What are the main SEC regulations that are related to blockchain projects and tokenizing securities?</li><li>What happens if a company offers a security token to people around the world (except the U.S.) and then it’s sold back to someone in the United States?</li><li>What kind of securities do you think will be tokenized in the future and are there any you’re excited about?</li></ul><div>Listen to the Blockchain Podcast Network's episode to learn more. </div>

mofotechblog-financings-600x295-bar-chart.jpg

Tokenization + the SEC – Part 1

UK Regulations: Urgent Action Required from Loan-Based Crowdfunding Platforms

673266772

Dario de Martino discusses the real possibilities and opportunities around security tokens, from a business standpoint, the legal perspective, and from a retail

Tokenization + the SEC – Part 1

The EU regulators’ recent report on the second annual review of the EU-US Privacy Shield provides some valuable compliance reminders for organizations that have certified or intend to certify to the Privacy Shield program. The report, which mainly focuses on the EU regulators’ ongoing concerns about the US government’s access to personal data and their desire to see more substantive certification reviews by the US government, details oversight efforts currently being undertaken by the Department of Commerce (Commerce) and the Federal Trade Commission (FTC). As the report makes clear, both Commerce and the FTC have significantly increased their oversight and enforcement of the Privacy Shield program. The report provides a useful roadmap for organizations to avoid getting caught in the US government’s enforcement crosshairs. Read our <a href="https://protect-us.mimecast.com/s/oQEACNk5XGUq3nA2UjfMMn">client alert</a>.

rich_cynthia_blog_150x150.png

rich_cynthia_common_640x280.jpg

rich_cynthia_heroretina_2700x1160.jpg

rich_cynthia_mobileretina_750x1040.jpg

rich_cynthia_social_600x600.jpg

Senior Privacy Advisor

Cynthia Rich is a senior advisor in the Washington office of Morrison & Foerster LLP. As a member of the firm's international Privacy and Data Security Practice since 2001, Ms. Rich works with clients

Cynthia J. Rich

Cynthia Rich

Privacy Shield-Certified Organizations: Key Takeaways from the Privacy Shield Annual Review

The EU regulators’ recent report on the second annual review of the EU-US Privacy Shield provides some valuable compliance reminders for organizations that have

Privacy Shield-Certified Organizations: Key Takeaways from the Privacy Shield Annual Review