November 2015

In re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed the consolidated case, finding that “that plaintiffs have not alleged injury-in-fact sufficient to confer Article III standing” and that they had failed to “[plead] sufficient facts to establish a plausible invasion of the rights” under various statutes asserted in the complaints. However, on November 10, 2015, the Third Circuit Court of Appeals issued an order restoring some of the plaintiffs’ claims alleging that Google’s internet tracking practices violate California’s Constitution and state privacy laws.

Members of the U.S. futures market will soon be measured against heightened cybersecurity standards geared towards enhancing incident preparation, prevention, and response among industry participants regulated by the National Futures Association (NFA)—a non-profit enforcement entity tasked with overseeing futures trading in collaboration with the Commodity Futures Trading Commission (CFTC).  Earlier this year, the NFA submitted an August 28, 2015 Proposed Interpretive Notice to the CFTC for review, seeking approval to implement new regulatory guidance ostensibly intended to clarify NFA Compliance Rules imposing an obligation of diligent supervision among NFA members. With the CFTC lending its approval on October 23, 2015, regulated industry participants will be required to design and implement enhanced cybersecurity measures that satisfy the NFA’s newly prescribed “acceptable standards for supervisory procedures,” now officially slated to take effect on March 1, 2016.

A number of jurisdictions around the world follow the lead from Europe in relation to data protection and impose similar restrictions on the export of personal data unless there is an “adequate level” of protection offered in the recipient jurisdiction. The EU Commission’s “US Safe Harbor” decision had permitted the transfer of personal data between Europe and the US by establishing that an adequate level of data protection was ensured by the EU-US Safe Harbor scheme.