Stay current on your favorite topics
Table of Contents
The Technology Newsflash contains articles and timely updates on the latest technology, outsourcing and privacy legal issues and trends affecting businesses today. We encourage you to visit the site often as it is updated regularly. We welcome any questions about the topics covered here and those relating to our global capabilities.
SEC Proposes Amendments to Modernize Disclosures; Considers Requiring Human Capital Resources Disclosure
On August 8, 2019, the Securities and Exchange Commission ("SEC") proposed amendments to crucial disclosure requirements under Regulation S-K, including Item 101 (Description of Business), Item 103 (Legal Proceedings) and Item 105 (Risk Factors) as part of its ongoing initiative to update and modernize its disclosure.
Due diligence considerations with respect to licensing data and acquiring data-dependent businesses.
New York recently amended its existing data breach notification law to expand the data breach notification obligations of persons and businesses (and state agencies) and impose specific data security requirements on persons and businesses to protect its residents' personal information. Under SB 5575 or the "Stop Hacks and Improve Electronic Data Security Act" ("SHIELD Act"), New York continues a growing trend of regulators and lawmakers to increase consumer privacy and data security protections.
We are in 2019. Aesthetics matter. Products that look good sell better. Hardware companies are investing increasing amounts of resources into design teams that create sleek and modern products that allow customers to feel like they own the technology of the future. A portfolio of design patents adds both a sword and a shield to a company's arsenal, allowing greater protection for investment into product design than other traditional options, such as copyright and trademark, could afford alone. At the same time, the legal landscape surrounding design patents is in flux since Apple v. Samsung, 137 S. Ct. 429 (2016). The US Supreme Court's decision did not merely push design patents to the forefront of academics' attention—it sparked a legal regime shift, with tangible, significant and developing implications for how companies can and should protect their technologies and designs.
ICLG has published its Guide to Data Protection, which covers 42 jurisdictions, with White & Case providing the contributing editors, and the country chapters for the UK and the U.S.
Germany's Draft Bill on IT Security 2.0 – Extended BSI Authorities, Stricter Penalties and New Obligations on Providers
On March 27, 2019, the German Federal Ministry of the Interior (GMI) proposed a new bill (the "Draft Bill") for a so-called IT Security Act 2.0 (IT-SiG 2.0). In an effort to take a front-runner role in Europe, Germany has enacted a comprehensive IT security law in 2015.
CMA investigation into Amazon/Deliveroo and Paypal/iZettle deals highlights the regulator's increased interest in technology transactions.
Current antitrust focus on technology platforms should take into account recent Supreme Court decisions in Pepper and American Express
Technology products are increasingly characterized by their ability to facilitate interconnectedness. More and more, tech innovators find themselves subject to increasing scrutiny under global competition laws when they succeed.
The renewed interest in taking a fresh look at how antitrust can apply to tech has generated any number of "Hipster Antitrust" theories of harm. With the US Federal Trade Commission announcing a new Tech Task Force this spring, the FTC has signaled it will be actively shaping this issue. Last week, the FTC took another step in this direction with a blog indicating that one area of focus will be on deals resulting in interlocking boards of once-complementary companies.
The basic building block of obtaining a patent starts with the determination of patent eligibility under § 101 of the Patent Act (35 U.S.C. § 101). Section 101 states that "any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof" is patent-eligible. However, courts have long recognized certain "judicial exceptions" to this general rule of patent eligibility. In Alice and Mayo, the Supreme Court established the current test for "judicial exceptions," which states that claims directed to "a law of nature, natural phenomenon, or abstract idea" are not patent-eligible alone. Alice Corp. Pty. Ltd. v. CLS Bank Int'l, 573 U.S. 208 (2014); Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66 (2012). To clarify how patent examiners apply the Alice/Mayo test, the USPTO has issued several sets of guidance, including the "2019 Revised Subject Matter Eligibility Guidance."
As connected cars proliferate, auto, tech and financial companies will form alliances that raise familiar legal issues in new contexts
On May 20, 2019, the Supreme Court held in Mission Products Holdings, Inc. v. Tempnology, LLC that a debtor-licensor's rejection of a trademark license agreement does not "deprive the licensee of its rights to use the trademark." This holding resolves a longstanding circuit split in the Federal Courts of Appeal about the effects of bankruptcy on trademark licenses.
On May 21, 2019, the United States District Court for the Northern District of California found that Qualcomm violated the Federal Trade Commission (FTC) Act, in an antitrust decision significant to licensing standard-essential patents (SEPs) under fair, reasonable and non-discriminatory (FRAND) terms.
Privacy and the development of technology are competing interests that are sometimes in conflict. These considerations often present a challenging balancing exercise for technology companies developing innovative products as well as companies and individuals that elect to use those new products. The market is seeing more political debate, legislation and litigation that focus on these issues. It is no longer a discussion that is only occurring within technology companies.
In July 2015, the Court of Justice of the European Union ("ECJ") issued Huawei v. ZTE, a seminal decision detailing how holders of Standard Essential Patents ("SEPs") must license its SEPs on fair, reasonable, and nondiscriminatory (FRAND) terms.
On March 4, 2019, the Supreme Court issued two unanimous opinions that clarify when copyright owners can sue for infringement and what costs they can recover from infringers. In Fourth Estate v. Wall-Street.com, the Court held that a copyright owner may file an infringement complaint when the U.S. Copyright Office registers a copyright. In Rimini Street v. Oracle USA, the Court held that that courts cannot make unconstrained cost awards to prevailing parties in copyright cases.
Illinois Supreme Court Rules: "Aggrieved" Person Does Not Require Separate, "Actual" Injury for Biometric Information Privacy Act Claim
On January 25, 2019, the Supreme Court of Illinois held in Rosenbach v. Six Flags Entertainment Corp. that an "aggrieved" person entitled to seek damages and injunctive relief under Illinois' Biometric Information Privacy Act ("BIPA"), need not allege actual or separate injury beyond a violation of the individual's rights under BIPA. BIPA, an Illinois state law, is currently the only biometric privacy law that provides the opportunity for a private individual to bring an action in court. This holding overturns a lower appellate court decision, and aligns with recent holdings in the Northern District of California.
Tech companies of U.S. origin tend to have compliance programs focused on U.S. laws, including the Foreign Corrupt Practices Act (the "FCPA") and relevant tax and labor laws.
As the approach of Brexit draws inexorably closer, the continued lack of certainty around what any Brexit withdrawal deal will look like, or indeed whether a deal will be agreed at all, is causing increasing concern among the business community.
On October 18, 2018, the US Securities and Exchange Commission (the "SEC" or the "Commission") announced its launch of a new "strategic hub for innovation and financial technology" the Commission is calling FinHub.
On September 10, 2018, enabling regulations were published on the Federal Official Gazette to regulate the Law Regulating the Financial Technology Institutions ("Fintech Law").
The recently passed California Consumer Privacy Act of 2018 (the "CCPA") is set to create significant compliance burdens for most businesses that collect personal information about California residents ("consumers").
An early challenge to patent eligibility is a useful tool for any alleged infringer. Because of this, most alleged patent infringers, especially in software cases, begin their defense by considering whether the asserted patent satisfies the requirements of 35 U.S.C. § 101, as interpreted by the Supreme Court's decisions in Mayo and Alice. In a three-year period, between 2014 and 2017, District Courts evaluated patent eligibility in more than 400 opinions and, in many cases, determined ineligibility as a matter of law.
The Video Privacy Protection Act of 1988 (18 U.S.C. § 2710) ('VPPA') regulates the disclosure of information about consumers’ consumption of video content, imposing prescriptive requirements to obtain consumers’ consent to such disclosure.
Rapid developments in information technology are changing how people work, consume, play and interact. Government policy will influence the direction of technological developments, and laws and regulations will undoubtedly need to change to address the new reality.
On March 10, 2018, the Law regulating Financial Technology Institutions ("Fintech Law") became effective along with certain reforms to other financial laws.
Businesses need to take a risk-based approach, focusing compliance efforts on their biggest vulnerabilities.
Sign and Submit by February 15, 2018: NYDFS Cybersecurity Certification Due Date Nears as Additional Compliance Requirements Close In
An overview of upcoming certification and compliance requirements under NYDFS Cybersecurity Regulation.
• European Fintech M&A: Key Issues for Strategic Investors
• Vendor Risk Management as Applied to Fintech Contracts
• Fintech: Cybersecurity Risk Management for Financial Institutions and Technology Vendors
• The Role of Regulation in Financial Innovation: Does Fintech Need Regulation to Flourish?
• PSD2 – the EU's Regulatory Response to Innovation in the Payments Sector
• In re Micron Tech –Waiver and Improper Venue Challenges Post-TC Heartland
• Federal Circuit Weighs In On Limiting Effect of Preambles
• Draft Fintech Law bill introduced in Mexico
• Employee monitoring – avoiding pitfalls in a changing landscape
• eSports coming to the fore for policymakers in Europe
• Seeking consent under the General Data Protection Regulation
• Blockchain's Steady March to Legitimacy
• Compliance Deadline Looms on State Cybersecurity Regulation
• Police Body Worn Cameras: What Prosecutors Need to Know
• Germany Permits Automated Vehicles
• Innovation drives dealmaking: Outlook for M&A in Israel
• Car Sharing Act - New Benefits for Car Sharing Offerings in Germany
• Supreme Court's Lexmark Decision Exhausts Patents
• Officer and director checklist: Complying with the global reach of the New York Department of Financial Services Cybersecurity Regulation
• EU regulators welcome stricter rules on cookies and direct marketing
• Swiss-U.S. Privacy Shield: Key Similarities, Key Distinctions with the EU-U.S. Approach
• Privacy Shield: Recent Developments
• The dangers of direct marketing: Seeking consent or asking for trouble?
• Subject Access Requests: "not an obligation to leave no stone unturned"
• Defamation and data protection claims can be brought in parallel
• NYDFS Cybersecurity Regulations Compliance Guide: Applicability, Exemptions and Penalties
• NYS Department of Financial Services Cybersecurity Regulation Goes Live: Now What?
• Privileged information is generally safe from Subject Access Requests
• Data Privacy in a Time of Reaction: "Big Data" versus "The People"
• IP addresses and personal data: Did CJEU ask the right questions?
• New EU Guidelines on Data Protection Officers
• Investigatory Powers Act 2016 cast into doubt by new EU ruling
• Further Challenges to EU-US Privacy Shield and EU Data Exports
• Investigatory Powers Act 2016 becomes law
• New DMCA Exemption Allows Consumers to Hack Their Own Vehicles
• Cybersecurity Guidelines for Vehicles
• Businesses can refuse Subject Access Requests made for the dominant purpose of litigation
• UK to implement GDPR regardless of Brexit
• Disclosing personal data – new protections for regulated sector firms?
• FCC Adopts Privacy Regulations for Broadband Internet Service Providers
• EU-US Privacy Shield challenged
• Court confirms that IP addresses are personal data in some cases
• UK ICO recommends personal liability of directors for breaches of data protection law
• Electronic Frontier Foundation brings suit over anti-circumvention provisions in the DMCA
• New York's New Cybersecurity Rules: What Is Required?
• UK ICO issues largest ever fine for a data breach
• Accelerating the autonomous vehicle revolution
• The European Digital Single Market Strategy and Related Copyright Law Implications: The Status Quo
• New York Regulators Propose Stricter Cybersecurity Rules
• EU: Injunctions against intermediaries available also in the offline world
• EU-US Privacy Shield: How to Certify
• Federal Circuit Expanding Interpretation of Step Two of the Test for Patent Eligibility
• European Court of Justice Strengthens Rights of Authors, Performers and Phonogram Producers
• Unlocking the EU General Data Protection Regulation
• EU-US Privacy Shield approved
• Japan Patent Act Amendment: How to Compensate Inventors Now?
• Federal Circuit Provides Guidance on Patent Eligibility Determination
• US Supreme Court affirms Federal Circuit on IPR Claim Construction Standard and that IPR Institution Decisions are Final and Non-appealable
• Online Traders: New Obligation in EU for Provision of Link to Online Dispute Resolution (ODR) Platform
• New threats to transatlantic data flows as Model Clauses come under fire
• New Players – Old Rules? The Current Debate on the Regulation of OTT Services in the EU and Germany
• Car Wars: The Car of the Future—Legal Aspects in a Connected World
• Strict and far-reaching new EU data protection regime comes into force
• FCC Proposes Formal Privacy Regulations for Broadband ISPs
• IP addresses may be subject to EU data protection laws
• Defend Trade Secrets Act: A New Era in Intellectual Property Protection
• GDPR published – Enforcement begins on 25 May 2018
• Employers vicariously liable for data breaches caused by rogue employees
• English court compels investigators to disclose information on data protection grounds
• UK 'regulatory sandbox' to foster fintech innovation
• Significant concerns from EU Data Protection Authorities may delay the EU-US Privacy Shield
• European Parliament approves new EU data protection law
• TC Heartland Challenges the Status Quo on Patent Venue
• Timeline for new EU-US data transfer mechanism becomes clearer
• NHTSA Reflects Willingness of US Regulatory Authorities to Embrace Autonomous Vehicles
• No consensus on Privacy Shield following debate on adequacy
• France anticipating the GDPR
• FTC Settles with Data Brokers in Sale of Consumer Data Used for Illicit Purposes
• New deal for transferring personal data from the EU to the US moves a step closer
• Bărbulescu v. Romania clarifies an employers' rights to monitor the contents of their employees' private electronic communications
• EU Regulatory Agendas: EDPS Priorities 2016 and Article 29 Working Party Work Programme 2016 – 2018
• New restrictions on disclosures of personal data to non-EU courts will not apply in the UK
• New WP29 Opinion on the application of EU data protection law to non-EU businesses
• Safe Harbor is dead, long live Safe Harbor!
• International Data Privacy: How to Navigate the Challenges
• Texas Takes a Stance Against Patent Trolls
• FTC and Wyndham Settle Suit Regarding Wyndham's Alleged Cybersecurity Failures
• New EU Directive on the Protection of Trade Secrets to Come
• UK and EU Law Enforcement Investigatory and Data Sharing Powers: Developments and International Impact
• Introduction of new EU General Data Protection Regulation: final stages
• EU-wide cybersecurity rules nearing final agreement
• The self-driving car – a new legal frontier?
• ITC Proposed Amendments to Section 337 Rules
• Update 'EU-US Safe Harbor': Statement from the Article 29 Working Party
• European Court of Justice invalidates 'EU- US Safe Harbor' pact
• Trade Secrets Protection Bill Pending Before the Senate and Judiciary Committee
• Transfer of Personal Data Under Japan's Amended Personal Information Protection Act
• Court Invalidates Patent Claims After Refusing to Correct Alleged "Typos"
• New French Act on Intelligence Services: Impacts on Technical Operators
• Telemedicine or just a gadget for fitness addicts? Mobile Health Apps and the law
• Europe's Highest Court Recently Delivered a Judgment Imposing Affirmative Duties on SEP Holders
• Germany rolls out IT Security Act
• Mobile health apps: Are they a regulated medical device?
• Disparaging Trademarks and the Constitutionality of Refusing Registration Under the Lanham Act
• Rejection of Oracle's claims for copyright infringement against one of its users and condemnation of the practice of aggressive audits
• After Sales-Service: Don't Be Misled! — European Court of Justice Rules: Erroneous Information Provided by an Undertaking to a Consumer in the Context of After-Sales Service Is a Misleading Commercial Practice
• A significant milestone in the path towards the adoption of the General Data Protection Regulation
• House Committee Advances Patent Reforms Aimed to Curb Patent Litigation Abuses
• Good-Faith Belief of Invalidity No Longer a Shield for Induced Infringement Claims
• Free Wi-Fi: German Court Seeks Clarification in Luxembourg
• Copyright levies on memory cards for mobile phones: another landmark decision from the CJEU (Case C-463/12)
• House Passes Cyber Sharing Bills and Congress is Focusing on Data Protection
• Council of Europe: Recommendation on the Processing of Personal Data in the Context of Employment
• IBM sentenced to pay 6.5 million as contractual damages
• Update: Germany's Draft Bill on IT Security
• White House Re-Introduces Consumer Privacy Bill of Rights Act
• The Supreme Court's New Standard of Appellate Review for Claim Construction
• The case law of the German courts of lower instance for patent law and utility model law since the year 2013
• President Obama Issues Executive Order on Cybersecurity Information Sharing
• UPDATE: German Government Proposes New Law Entitling Consumer Protection Organizations to Enforce Data Protection Law
• Developments in Privacy and Cybersecurity Legislation
• EU Data Protection – Proposal on Co-Operation Procedure to Harmonize Common Opinions on Contractual Clauses
• SDNY Clarifies Scope of Contractual Exclusions of Consequential Damages Under New York Law
• The Use of First and Last Names as Meta Tags is not Subject to the French Data Protection Act
• Are Dynamic IP Addresses "Personal Data"? German Federal Court of Justice seeks advice from the European Court of Justice
• California Passes New Data Protection Laws, Effective January 1, 2015
• AIPPI's resolution on "IP Licensing and Insolvency": Will this re-ignite legislative initiatives in Germany?
• Align by Design: Global Privacy Authorities Weigh in on the Internet of Things
• California Passes Student Data Privacy Law
• Federal Court Rules Business Method Patent Invalid Post-Alice
• Recent Amendments to the Procedure of Personal Data Processing in Russia
• Adoption of a new European legal framework applicable to cross-border electronic identification and e-signatures
• Massive Online Security Breach – Are You Reactive or Proactive?
• The revised PSI Directive – European Commission publishes guidelines on re-use of public sector information
• Germany's Draft Bill on IT Security
• UPDATE: Germany to Tighten Data Protection Laws: Consumer Protection Associations and Trade Associations shall be Granted Right to take Businesses to Court
• Supreme Court Rules Abstract Ideas Implemented on Computer Not Patent-Eligible
• New York AG Reports that Data Breaches Cost New York Businesses over $1B Last Year
• European Commission's Actions to Better Protect and Enforce Intellectual Property Rights
• Supreme Court Issues Ruling on Aereo and the Public Performance Right
• German Federal Court of Justice Decides on Deletion of Unused Domains and Typosquatting
• Fees for Recording IP Security Agreements with the USPTO and USCO
• How does French case law deal with bundled software?
• California AG Provides Important Guidance on Do-Not-Track Legislation and Disclosures
• Copyright Holders Cannot Prevent Links to Freely-Available Content from Being Posted Online
• Second Circuit Adopts Plaintiff-Friendly "Discovery Rule" for Copyright Infringement Claims
• EU Data Protection – Draft Ad hoc contractual clauses "EU data processor to non-EU sub-processor"
• New Bill Would Create a Private Right of Action for Targets of Trade Secret Misappropriation under Federal Law
• FCC Warns ISPs May be Regulated as Utilities
• Biotronik A.G. v. Conor Medsystems: Be Sure to Expressly Exclude Lost Profits in Drafting New York Law Contracts
• Supreme Court Issues Two "High-Octane" Decisions to Address Abusive Patent Litigation Practices
• 3D Printing—implications on Intellectual Property Rights ("IP rights")
• In for a Penny, in for a Pound
• Germany's Draft Bill on Combating Late Payment in Commercial Transactions: Potential Consequences for Businesses on Both the Legal and Operational Level
• EU High Court Strikes Down Data Retention Law
• Cloud Services and Export Control: What You Don't Know Can Hurt You
• Anti-Patent Troll Legislation: What is Proposed and What it Could Mean
• CNIL Expanded Investigative Powers
• Intent-to-Use Trademark Applications and Security Agreements
• The Garcia v. Google Controversy and What It Means for Content Owners and Users
• Germany to Tighten Data Protection Laws: Consumer Protection Associations shall be Granted Right to take Businesses to Court
• Intellectual Property Infringement on the Internet: What Court to Call?
• California's Shine the Light Law: A Heightened Pleading Requirement
• NIST Issues Cybersecurity Framework
• How to Secure Information Systems: The Growing Complexity of the Legal Landscape
• Do Not Forget to Lock the Backdoor: Adopting a Holistic Approach to Cybersecurity
• Study of the European Parliament on the Protection of Creator's Rights in a Changing Environment
• Old Law, New Fit: Evergreen Notice Requirements for IP Service Agreements
• Know Your Subcontractors: Recent FTC Settlement Highlights the Importance of Validating Subcontractor Data Protection Practices
• US Supreme Court to Review Indefiniteness Standard under Section 112 of the Patent Act
• FTC Settles U.S.-E.U. Safe Harbor Complaints Against Twelve Companies
• EU Copyright Rules – Changes on the horizon?
• Trademark Infringement by Use of AdWords? Legal Risks by Using AdWords Despite European Court of Justice (ECJ) Rulings
• Distributing Earnings Call Information to the Public Is Fair Use
• The Proposed Directive on Trade Secrets in the EU
• The Case Law of the German Courts of Instance (Instanzgerichte) for Patent Law and Utility Patent Law Since the Year 2011
• Addition of "No-Charge" Limitation During Prosecution Costs Inventor His Patent
• French Courts Ordered to Block and Delist 16 Streaming Websites
• Federal Judge Rules NSA Data Collection Program Is Likely Unconstitutional
• Major Changes to Defamation Law in the UK to Take Effect 1 January 2014
• "Perfecting" Security Interests in United States Patents, Trademarks and Copyrights
• Hacking Back: For Now, Be Vigilant Rather Than a Vigilante
• Prospects on Germany's Digital Landscape in the Next Four Years: What Does the Coalition Agreement Say on Technology?
• Big Data: The Big Picture
• Changes in Consumer Law for Distance Contracts in the EU
• E-Commerce: Consider the Enhanced Consumer Protection Clauses
• Software License Audits – How to prepare, how to react
• FTC Denies Application for Proposed Social Network-Based COPPA Consent Verification
• In Sourcing and Licensing Agreements Governed by New York Law, Think Twice About a Gross Negligence Carve-out to a Limitation on Liability
• The Landgericht Düsseldorf’s (Düsseldorf District Court) decision to refer "LTE standard"
• Securing Patent Value for Israeli Medical Technology Companies
• CLS Bank v. Alice Corp. Further Muddies §101 Patent Eligibility
• Federal Legislation Introduced Regarding Mobile Application Privacy
• State court ruling creates new uncertainty for DMCA safe harbors
• ECJ dismisses Spanish and Italian challenge to EU-wide unitary patent system, but obstacles remain
• The Trademark Clearinghouse: What You Need to Know
• Federal Circuit Announces Review of Appellate Standard for Claim Construction
• Supreme Court Interprets Copyright "First Sale" Doctrine
• Congress Takes Action to Allow Unlocking of Mobile Phones
• FTC Announces Settlement with Social Networking App and Issues Staff Report Regarding Mobile Device Privacy Disclosures
• President Obama Issues New Executive Order on Improving Cybersecurity
• New HIPAA Rule Imposes Data Security and Privacy Obligations Directly Upon Vendors and Contractors of Covered Entities
• U.S. Department of Health and Human Services Announces First HIPAA Breach Settlement Involving Fewer than 500 Patients
• Amendments to the Economic Espionage Act Broaden Trade Secret Protection
• FTC Amends COPPA Rule and Previews Future Enforcement Policies
This publication is provided for your convenience and does not constitute legal advice. This publication is protected by copyright.
© 2019 White & Case LLP