Photo of Owen Davis

Owen assists employers across industry sectors – from small businesses to Fortune 500 corporations – to identify changing workplace law at a local, state and federal level. He offers legal guidance on employment agreements, restrictive covenants, personnel policies and other human resources issues. Owen also represents employers before state and federal courts as well as administrative agencies on matters related to discrimination, retaliation, harassment, and wage and hour violations.

Keypoint: The Central District of California issued several wiretapping decisions in May while two decisions on the VPPA illustrate how claims fail or succeed at the pleading stage.

Welcome to the fourteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we look at multiple courts who distinguish the Ninth Circuit’s Shopify decision and deny motions to dismiss for lack of personal jurisdiction and how courts reach opposition conclusions regarding whether the “contents” of a communication were transmitted to a third party. We also take a look at two decisions that granted and denied motions to dismiss VPPA claims, and highlight one case where the federal government has again intervened to defend the VPPA’s constitutionality.

If you are a Byte Back+ member, you will also see our coverage on recent lawsuits beyond the wiretapping and VPPA claims, including the recent trend of cases brought under pen registry laws, efforts against plaintiffs who have brought wiretapping claims in private arbitration rather than the public courts, and—new this month—the recent flood of cases brought under New Jersey’s Daniel’s Law. Interested in learning more about Byte Back+? Click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.Continue Reading U.S. Privacy Litigation Update: May 2024

Keypoint: The California legislature is considering several bills that, if passed, would add to the nation’s emerging legal patchwork governing the use of artificial intelligence.

In mid-May, Colorado Governor Jared Polis signed the Colorado Artificial Intelligence Act (CAIA) into law, making Colorado the first state to enact legislation governing the use of high-risk artificial intelligence systems. Earlier this year, Utah enacted SB 149, which creates limited obligations for private sector companies deploying generative artificial intelligence, including disclosing its use.

The California legislature is currently considering seven AI-related bills that, if passed, would add to the growing patchwork of state AI laws. All of these bills have passed their chamber of origin and are currently being considered by the opposite chamber. While many state legislatures have already closed for the year, California’s legislative session does not end until August 31, 2024, meaning that there is still time for California to pass one or more bills.

In the below article, we briefly summarize these bills (as they are currently drafted) and identify their current status. We previously discussed four of these bills in our April 25 AI Legislation Update.Continue Reading California AI Legislation Update: June 5, 2024

Keypoint: If signed into law, Colorado will become the first state to enact legislation regulating the use of high-risk artificial intelligence systems.

On May 8, the Colorado legislature passed the Colorado Artificial Intelligence Act (SB 205). If signed by Governor Jared Polis, Colorado will become the first state to enact legislation that broadly addresses the use of artificial intelligence, in particular the use of artificial intelligence in high-risk activities. The bill is co-sponsored by Senate Majority Leader Robert Rodriguez and House Representatives Manny Rutinel and Brianna Titone.

In the below article, we first provide context and background on the bill. We then provide a summary of the bill’s provisions.Continue Reading Colorado Legislature Passes First-in-Nation Artificial Intelligence Bill

Keypoint: The Central District of California issues a major victory for website owners facing CIPA-arbitration demands, two decisions address whether a plaintiff consented as a defense to wiretapping claims, three courts in different states each dismissed VPPA claims, and another court weighs in on the recent pen registry case theory.

Welcome to the thirteenth installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. A lot happened in April. In this month’s post, we look at two decisions from California that addressed whether language in the privacy policy can establish the plaintiff consented to the recording and sharing of chat communications. We also take a look at three VPPA decisions granting motions to dismiss where plaintiffs failed to allege facts that satisfy the definitional prerequisites of the statute. Additionally, we note a recent development in one pending case where the VPPA is being challenged as unconstitutional.

If you are a Byte Back+ member, you will also see our coverage on recent lawsuits beyond the wiretapping and VPPA claims, including the recent trend of cases brought under pen registry laws, efforts against plaintiffs who have brought wiretapping claims in private arbitration rather than the public courts (including a major victory for website owners), and—new this month—the recent flood of cases brought under New Jersey’s Daniel’s Law. Interested in learning more about Byte Back+? Click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.Continue Reading U.S. Privacy Litigation Update: April 2024

Keypoint: Colorado employers and controllers that collect and process biometric data and identifiers will need to comply with disclosure, consent, and retention requirements beginning on July 1, 2025.

In late April, the Colorado legislature passed HB 1130, which amends the Colorado Privacy Act (CPA) to add protections for an individual’s biometric data and identifiers. Subject to the procedural formalities in the legislature, the bill will move to Colorado Governor Jared Polis for consideration. Assuming the bill becomes law, it will go into effect on July 1, 2025, and create several new obligations for entities that collect biometric data and identifiers. In addition, the bill’s requirements will apply to more entities than are currently covered by the CPA and will apply to employee data.

In the below article, we first provide a brief overview of the CPA’s existing treatment of biometric data. We then discuss the new obligations created by HB 1130.Continue Reading Colorado Legislature Passes Biometric Privacy Bill

Keypoint: Since our last update, the Connecticut Senate passed an algorithmic discrimination bill, an algorithmic discrimination bill was introduced in Colorado and passed the Colorado Senate Judiciary Committee, and an algorithmic discrimination bill passed out of a California committee.

Below is our fourth update on the status of pending US artificial intelligence (AI) legislation that would affect the private sector.Continue Reading AI Legislation Update: April 25, 2024

Keypoint: Multiple decisions from the same judicial district come down differently on wiretapping claims while three courts in different states each reject VPPA-defendants’ arguments that the plaintiffs lacked Article III standing.

Welcome to the twelfth installment in our monthly data privacy litigation report. Not only does this month’s post mean we have been doing this for over a year now (and actually a little longer as there was at least one post that combined two months of updates into one post because, well, holidays), but more importantly we are releasing this post on the eve of heading to Washington, D.C. to attend the IAPP Summit. If you will be there, make sure to come and meet us!

We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we look at three decisions from the Southern District of California, each of which addressed nearly identical factual allegations and legal arguments but reached different conclusions. We also take a look at three VPPA decisions denying motions to dismiss regarding claims premised on the Meta Pixel that highlight how district courts are addressing Article III standing objections and the required specificity of a plaintiff’s allegations at the pleading stage.

If you are a Byte Back+ member, you will also see our coverage on recent lawsuits beyond the wiretapping and VPPA claims, including the recent trend of cases brought under pen registry laws and efforts against plaintiffs who have brought wiretapping claims in private arbitration rather than the public courts. Interested in learning more about Byte Back+? Click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.Continue Reading U.S. Privacy Litigation Update: March 2024

Keypoint: Since our last update on US artificial intelligence (AI) legislation impacting the private sector, Utah enacted the first AI private sector bill of 2024, Oklahoma moved closer to passing an AI Bill of Rights, Connecticut’s bill advanced through a committee, and California lawmakers introduced two bills that would establish transparency requirements around generative AI and personal information used to train AI models.

Below is our third update on the status of pending US artificial intelligence (AI) legislation that would affect the private sector.Continue Reading AI Legislation Update: March 26, 2024

Keypoint: While not as far-reaching as bills under consideration in other states, the Utah bill creates some obligations for private sector companies deploying generative artificial intelligence, including disclosing its use.

In early March, the Utah legislature unanimously passed SB 149. The bill is now with Utah Governor Spencer Cox for signature. In general, the bill: (1) specifies that Utah’s consumer protection laws apply equally to an entity’s use of generative artificial intelligence as they do to the entity’s other activities, (2) requires private sector entities to take steps to disclose and/or respond to inquiries about their use of generative artificial intelligence, and (3) creates the Office of Artificial Intelligence Policy which is charged with, among other things, administering an artificial intelligence learning laboratory program. Once signed by the Governor, the law will go into effect on May 1, 2024.

In the below article, we provide a brief analysis of the bill’s provisions.Continue Reading Utah Legislature Passes Private Sector AI Bill

Keypoint: Courts continue to issue conflicting decisions in wiretapping cases while one court has expanded who may be considered a “video tape service provider” under the VPPA.

Welcome to the eleventh installment in our monthly data privacy litigation report. We prepare these reports to provide updates on how courts in the United States have handled emerging data privacy trends. In this month’s post, we look at wiretapping decisions from courts that have come out differently on whether plaintiffs have plead facts to sufficiently allege “interception” of chat communications, two decisions that rejected defendant’s arguments concerning plaintiffs’ consent to being recorded, and a failed attempt to compel arbitration. We also look at three session reply technology decisions, all of which grappled with whether the plaintiff had plead the third-party had the capability to use the alleged communications for the third-party’s own benefit. We also take a look at three VPPA decisions that continue to show the balancing act courts have struck when assessing VPPA claims at the pleading stage, including a decision that expands what type of company may be considered a “video tape service provider.”

If you are a ByteBack+ member, you will also see our coverage on recent lawsuits beyond the wiretapping and VPPA claims, including the recent trend of cases brought under pen registry laws and efforts against plaintiffs who have brought wiretapping claims in private arbitration rather than the public courts. Interested in learning more about ByteBack+? Click here.

There are many courts currently handling data privacy cases across the nation. Although illustrative, this update is not intended to be exhaustive. If there is another area of data privacy litigation about which you would like to know more, please reach out. The contents provided below are time-sensitive and subject to change. If you are not already subscribed to our blog, consider doing so to stay updated. If you are interested in tracking developments between blog posts, consider following us on LinkedIn.Continue Reading U.S. Privacy Litigation Update: February 2024