Author: Julia E. Palermo

Colorado Is the Latest State to Enact a Data Privacy Law: Here’s What You Need to Know

Colorado has become the third state to enact a comprehensive data privacy statute imposing compliance obligations on legal entities that collect or process the personal data of its residents. The Colorado Privacy Act (CPA) is based on and enforces many of the same key concepts as do other data privacy statutes and regulations. As such, companies that are implementing or updating compliance programs for the European Union’s General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and Virginia Consumer Data Protection Act (CDPA) will be familiar with the main provisions of the CPA and likely will have an easier time achieving compliance. There are, however, some important distinctions that companies must consider as part of any ongoing compliance efforts in anticipation of the CPA’s effective date of July 1, 2023. As a threshold matter, the CPA applies to legal entities that (i) conduct business in Colorado or produce or deliver commercial products or services that are “intentionally targeted to residents of Colorado,” and (ii) either (a) control or process personal data of more than 100,000 consumers per year or (b) earn revenue (or receive a discount on goods or services) from the sale of personal data and control or process personal data of more than 25,000 consumers. Notably, the CPA...

Fourth Time’s a Charm: The Third Circuit Reverses Dismissal of Trade Secrets Complaint and Clarifies Pleading Standard

The Third Circuit issued a precedential decision in Oakwood Laboratories LLC v. Bagavathikanun Thanoo et al. that clarified the pleading requirements for trade secrets misappropriation claims under the Defend Trade Secrets Act, 18 U.S.C. § 1836(b) (DTSA). In that decision, the Third Circuit held that the Third Amended Complaint was “so factually detailed that, on appeal, we conclude it easily meets the pleading requirements of the Federal Rules of Civil Procedure and pertinent substantive law.” Earlier, the District Court for the District of New Jersey had dismissed four of Oakwood Laboratories LLC’s (“Oakwood”) complaints on the grounds that each complaint was not specific enough to support a claim. The District Court dismissed Oakwood’s Third Amended Complaint (its most recent attempt), because it did not show precisely how defendants misappropriated Oakwood’s trade secrets, but noted that Oakwood did plead facts sufficient to identify its trade secrets and support the information’s protected status. Oakwood appealed, and the Third Circuit reversed. Oakwood alleged that defendants Aurobindo Pharma U.S.A. and its subsidiaries misappropriated Oakwood’s trade secrets regarding microsphere technology when Aurobindo hired an Oakwood employee who specializes in this technology, Dr. Bagavathikanun Thanoo, and relied on a memorandum provided for the limited purpose of exploring a business opportunity to develop Aurobindo’s own microsphere technology. In reversing the District Court’s...

FCC Reverses Course and Finds That Government Contractors Are “Persons” Under the TCPA

Last month, the Federal Communications Commission (FCC) issued an Order on Reconsideration, overturning Commission precedent by clarifying that federal, state, and local government contractors are “persons” under the Telephone Consumer Protection Act (TCPA) and therefore must, under 47 U.S.C. § 227(b)(1)(A)-(D), obtain prior written consent to make certain calls using an automatic telephone dialing system or artificial or prerecorded voice; to initiate a call to any residential telephone line using an artificial or prerecorded voice; to use a fax machine or other device to send an unsolicited advertisement; or to use an automatic telephone dialing system in such a way that two or more telephone lines of a multi-line business are engaged simultaneously. This ruling is the latest in the Commission’s efforts to protect consumers from unwanted robocalls. The TCPA prohibits certain unsolicited calls made by any “person,” which includes an “individual, partnership, association, joint-stock company, trust, or corporation,” without the prior written consent of the consumer. In 2016, the FCC issued a declaratory ruling stating that the federal government and federal government contractors were not “persons” under the TCPA, and therefore, the limitations on calling enumerated in Section 227(b)(1)(A)-(D) did not apply to them. The FCC reasoned that there is a longstanding presumption that the word “person” does not include the sovereign and that,...

Section 230: What Is It and Why Is Everyone Talking About It?

Section 230 of the Communications Decency Act of 1996 (“Section 230”), 47 U.S.C. § 230(c), has garnered significant attention in the media in recent months. But what is Section 230 and why are both President Trump and President-Elect Biden talking about its repeal? Section 230 is commonly referred to as the 26 words that created the internet. It ensures that an online platform can host and transmit third-party content without the liability that attaches to a publisher or speaker under defamation law, and encourages self-regulation by allowing online platforms to remove offensive content in good faith from their platforms. 47 U.S.C. §§ 230(c)(1)-(2). Yelp, Facebook, Twitter, and Wikipedia have flourished in part because of the simultaneous protection from liability for defamatory statements posted by third-party users and from the removal of harmful or discriminatory content. Some believe that repealing Section 230 is long overdue, because what started out as a law meant to reward online platforms that remove harmful content in good faith has transformed into a broad liability shield. In one circumstance, that protection extended even to an online platform that recommended terrorist content to a user based on that user’s preferences. See Force v. Facebook, Inc., 934 F.3d 53 (2d Cir. 2019). Others argue that the repeal of Section 230 would have many...