News & Insights Search

As part of the firm’s 3rd annual MCLE-a-thon, partner Mauricio Uribe and Kate McMorrow presented on the topic of the Generative AI Revolution, providing management tips for legal teams along...

In the Bloomberg Law article “FTC’s Marriott Data Breach Order Echoes States’ Right to Delete,” partner Mauricio Uribe offered his perspective on Federal and state privacy law compliance, specifically with...

The World Health Organization (WHO) recently released guidelines for the ethics and governance of large multi-modal models (LMMs). In the past year, LMMs like Chat GPT have come to the forefront of the news, and people have begun using them in different fields with varying success. Within the healthcare space, LMMs have the potential to respond to patients’ inquiries, identify research topics, and maintain electronic health records. However, the use of LMMs in healthcare raises many legal and ethical questions, such as how they can be used effectively without jeopardizing patient safety and privacy.

In the article “Backup admins must consider GenAI legal issues – eventually,” partner Mauricio Uribe shared insights on the state of generative artificial intelligence (GenAI) and data backup systems. The...

Medtronic Minimed, Inc. and Minimed Distribution Corp. (“Medtronic”) were sued in a class action complaint in the Central District of California on August 30, 2023, by users of Medtronic’s InPen® system. The lawsuit alleges that Medtronic engaged in “transmission and disclosure of Plaintiff’s and Class Members’ personally identifiable information (‘PII’) and protected health information (‘PHI’) [collectively, ‘Private Information’]… to Google[] and other third parties via tracking and authentication technologies – including Google Analytics (and others).”

Knobbe Martens partner Mauricio Uribe was quoted by Axios in the article “Terms-of-service land grab: Tech firms seek private data to train AI.” The article discusses the challenges tech companies face...

Earlier this week, Zoom Video Communications, Qumu Corporation released updated terms of service on its Web site. (https://explore.zoom.us/en/terms/). While a network service updating terms of service is not particularly unique...

Partner Daniel Hughes and associate Matthew Ruth authored “Open-Source License Enforcement; Risk to Companies” for The Daily Journal. In the article, Hughes and Ruth discuss how open-source software, which is...

Partners Damien Howard and Vlad Teplitskiy and summer associate Luke Holbrook co-authored the article “Medical Device Cybersecurity Developments,” which was published by Thomson Reuters in Westlaw Today. In the article, Howard and Teplitskiy discuss cybersecurity...

Becton, Dickinson and Company (BD) has partnered with Mayo Clinic to gain access to de-identified patient data from Mayo Clinic Platform_Discover, as reported by a press release dated June 13, 2022. The platform includes data sets from 10 million patients.

Part I – Introductory Session Partner Mauricio Uribe kicked off a two-part, comprehensive discussion on data privacy. The presentation served as an introduction to the topic and provided more general information....

Partner Maria Anderson was quoted in “Counsel: AI tools are no ‘panacea’ but can optimise patent data,” an article published by Managing IP. Excerpt: “As artificial intelligence tools continue to develop,...

The European Commission ("EC") has long sought to improve data privacy for Europeans, even when they interact with global or non-European companies. Laws like the General Data Protection Regulation (or “GDPR”) seek to control how even U.S. companies, for example, use data from European citizens. To comply with the GDPR, U.S. companies doing business in Europe are required to use standard contract clauses, or “SCCs” in their agreements governing use of EU citizens’ data.

While the "right to be forgotten" is part of European law, it is at odds with U.S. precedent. See, e.g., Garcia v. Google, Inc., 786 F.3d 733, 745-46 (9th Cir. 2015). A Georgia law allowing the father of a deceased rape victim to sue a television station for publicizing the victim’s name unconstitutionally violated the First Amendment. Cox Broadcasting Corp. v. Cohn, 420 U.S. 469 (1975). And in 2004, the California Supreme Court cleared corporations of any wrongdoing when publishing any information from official public records. Gates v. Discovery Communications, Inc., 34 Cal. 4th 679, 685 (2004). In the United States, the First Amendment wins.

On April 27, 2021, a class action lawsuit was filed against Google, Inc. ("Google") alleging that the Google-Apple Exposure Notification System, ("Gaen") - the company’s COVID-19 contact tracking app – contained a flaw that may allow third parties to access user medical information. Google had promised users of GAEN that their medical information would be held in the utmost privacy. The company explained that “the list of people you’ve been in contact with doesn’t leave your phone unless you choose to share it,” implying the data was safe from unauthorized third-party access. Further, Google promised that data collected was all anonymized such that even if third parties could access the data, the information could not be linked to a particular individual.

Associates Ryan McBride and Silas Alexander authored “Non-Fungible Tokens Force a Copyright Reckoning,” which was published by IPWatchdog. Excerpt: From the advent of the internet, digital commodities and technologies have ceaselessly presented new...

As of 2021, more than twice the number of data breaches are now being reported than 6 years ago and three times the number of data breaches that occurred in 2010. While credit cards and social security numbers are perennial favorites, cybercrime has begun to favor the theft of electronic medical records (EMR) as sources of revenue. With banks and major financial institutions starting to wise up and tighten their electronic security, cybercriminals have begun to target vulnerable healthcare institutions with a particular focus on the records of children, elderly people, and the deceased.

On February 26, 2021, Judge James Donato of the U.S. District Court for the Northern District of California granted final approval of a proposed $650 million settlement in a biometric privacy class action lawsuit brought against Facebook. In re Facebook Biometric Information Privacy Litigation, Case No. 3:15-cv-03747-JD, Dkt. No. 537 (N.D. Cal. Feb. 26, 2021). The long-running litigation began in 2015, when class members alleged that Facebook collected and stored digital scans of their faces without prior notice or consent in violation of Sections 15(a) and 15(b) of the Illinois Biometric Information Privacy Act (“BIPA” or “the Act”), 740 Ill. Comp. Stat. 14/1 et seq. (2008).

Defendants in US civil suits have sought to withhold discoverable material because of privacy concerns based on foreign laws, such as the GDPR. Almost all cases on the issue of US discovery and transnational privacy statutes have found that such concerns do not override parties’ obligation to comply with discovery requests.

Virginia just became the second state to pass a comprehensive privacy law, the Consumer Data Protection Act ("CDPA"). Business and privacy professionals should evaluate the ramifications: what does it require, who does it apply to, and what are the penalties?

It's generally recognized that the General Data Protection Regulation (GDPR) can apply to entities outside the European Union. However, scant court rulings guide non-European controllers and processors on this question. The English High Court’s recent decision in Soriano v. Forensic News LLC and others (2021) helps fill the gap.