Tech & Sourcing @ Morgan Lewis

TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
In November 2020, Massachusetts voters approved Question One, a ballot initiative amending the Commonwealth’s 2012 Right to Repair Law. The amendment provides that motor vehicles sold in Massachusetts “with model year 2022” will be required “to equip any such vehicles that use telematics systems – systems that collect and wirelessly transmit mechanical data to a remote server – with a standardized open access data platform. Owners of motor vehicles with telematics systems would get access to mechanical data through a mobile device application.”
Traders selling goods, services, and/or digital content online to consumers in the United Kingdom and the European Union need to comply with laws requiring the provision of certain information as part of the sales process.
The European Commission (Commission) published draft Article 28 standard contractual clauses (Article 28 Clauses) last month for use between controllers and processors when processing personal data in the European Union. Somewhat confusingly, these clauses share the same name as the new Standard Contractual Clauses for personal data transfers out of the EEA, which were also published in November 2020; however, the two are distinct.
The use of aggregated data by technology service providers is quite common in today’s landscape, and something that even traditionally cautious customers have become amenable to in the right circumstances and subject to proper limitations.
In response to the coronavirus (COVID-19) pandemic, technology companies and public health authorities around the world have been developing contact tracing apps as a way to track and thus slow the spread of the virus. Implementation of those apps, however, can raise privacy and cybersecurity considerations.
The California state attorney general issued a press release on August 14 stating that the Office of Administrative Law (OAL) has approved the California Department of Justice’s regulations regarding the California Consumer Privacy Act (CCPA) and filed them with the California secretary of state, making the regulations effective immediately.
The July 1 enforcement of the California Consumer Privacy Act (CCPA) is one week away. Despite calls by the business community and trade associations to push back the enforcement date to January 2021 due to the coronavirus (COVID-19) pandemic and related disruptions to compliance efforts, the California state attorney general issued a press release on June 2 stating, “Businesses have had since January 1 to comply with the law, and we are committed to enforcing it starting July 1.”
As businesses across America begin to reopen in the wake of the coronavirus (COVID-19) pandemic, many will likely implement new social distancing and sanitization procedures.
Washington may be the next state to enact its own data privacy law after a bill was introduced into the Washington State Senate earlier this month. Known as the Washington Privacy Act, the bill’s sponsor, Sen. Reuven Carlyle, stated at a press conference that lawmakers had reached “95 percent agreement in principle on the core elements of the bill.”

What Is Open Banking?

Open Banking is an initiative mandated by the UK’s Competition and Markets Authority (CMA) in 2017. It is intended to facilitate better competition in the banking sector by mandating protocols that facilitate the secure sharing of customer-related data of the nine largest banks in the United Kingdom (CMA9) with third-party providers (TPPs).