The California Privacy Rights Act (CPRA) and Virginia Consumer Data Protection Act (VCDPA) took effect on January 1, 2023, establishing some of the most comprehensive consumer privacy rights within the United States. In this post we highlight these changes in law and provide a checklist to help companies comply with these new legal challenges.
Tech & Sourcing @ Morgan Lewis
TECHNOLOGY TRANSACTIONS, OUTSOURCING, AND COMMERCIAL CONTRACTS NEWS FOR LAWYERS AND SOURCING PROFESSIONALS
Whether an organization is adding a new piece of technology to its platform or acquiring a new product to supplement its offerings, the customer (recipient) and vendor (transferor) will need to work together to ensure the successful integration of such technology or product into the recipient’s systems. More often than not, one party cannot do its part without the other party’s assistance, thereby creating a dependency. In this Part 1, we discuss what a dependency is and how to address it in a contract. Check back for Part 2, where we will review remedies available to the parties in case of a breach of any dependency obligations
In our June 2021 blog post, Study Analyzes Costs of a Data Breach, we discussed the Ponemon Institute’s report setting forth a vast dataset that analyzed data breaches at hundreds of organizations to spot trends and developments in security risks and best practices. With the calendar turning to 2023, this blog looks at the increased costs of data breaches in 2022 to anticipate how negotiations for liability caps of such breaches may evolve in the new year.
As we reach the end of the year 2022, we have once again compiled all the links to our Contract Corner blog posts, a regular feature of Tech & Sourcing @ Morgan Lewis. In these posts, members of our global technology, outsourcing, and commercial transactions practice highlight particular contract provisions, review the issues, and propose negotiating and drafting tips.
At the end of November, OpenAI released an artificial intelligence (AI) chatbot tool called ChatGPT, which has been called an “iPhone moment in AI” due to its potential to disrupt the technology industry. Although chatbots are a relatively common tool in today’s world, ChatGPT differentiates itself through its ability to instantaneously explain complex concepts in simple terms and to generate creative content from scratch, among other things.
Please join us on Wednesday, January 11, 2023, at 12:00 pm–1:00 pm ET, as Morgan Lewis partners Barbara Murphy Melby and Mike Pierides discuss outlook and major trends for the outsourcing and technology industries in 2023 and the economic and geopolitical challenges the new year brings for industry players.
Following up on our April 27, 2022 post, Data Scraping Deemed Legal in Certain Circumstances, the most significant data scraping lawsuit has finally come to an end. After six years of litigation, LinkedIn Corp. and hiQ Labs, Inc. reached a confidential settlement agreement and filed a stipulation and proposed consent judgment (stipulation) with the California district court on December 6, 2022. The stipulation includes, among other things, a $500,000 judgment entered against hiQ, establishment of hiQ’s liability under California common law torts of trespass to chattels and misappropriation, and various forms of injunctive relief effectively prohibiting hiQ’s future ability to data scrape LinkedIn.
The UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) on December 20, 2022, announced fines totaling £48.65 million ($59 million) on TSB Bank plc (TSB) for operational resiliency failures, after an IT upgrade led to customers being unable to access core banking services.
The Digital, Culture, Media and Sport Committee (DCMS) of the UK Parliament published a call for evidence on the operation, risks, and benefits of non-fungible tokens (NFTs) and blockchain. The DCMS noted that digital assets such as NFTs provide for flexible ownership, making them attractive for wide adoption. But with limited NFT regulation in the United Kingdom, the DCMS is considering how investors may be exposed.
The European Union (EU) Commission released its Draft Adequacy Decision for the EU-US Data Privacy Framework on December 13, which, in conjunction with President Biden’s executive order issued on October 7, will further facilitate trans-Atlantic data flows. The Draft Adequacy Decision mirrors the executive order, which established safeguards relating to the handling of personal information in the course of signals intelligence activities. If and when adopted, the adequacy decision will impact contractual requirements and processes by restoring data flows through a new Trans-Atlantic Data Privacy Framework.