House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) have introduced the American Privacy Rights Act. 

According to the legislator’s press release, this proposal seeks to establish national data privacy rights and protections for Americans, eliminates the existing patchwork of state comprehensive data privacy laws, and establishes robust enforcement mechanisms to hold violators accountable, including a private right of action for individuals.

Furthermore, the release describes other provisions of the proposed legislation: 

• Establishes Foundational Uniform National Data Privacy Rights for Americans

• Gives Americans the Ability to Enforce Their Data Privacy Rights

• Protects Americans’ Civil Rights

• Holds Companies Accountable and Establishes Strong Data Security Obligations

• Focuses on the Business of Data, Not Mainstreet Business

The draft can be seen here.

Lanton Law's experience in privacy and data protection enables these companies to navigate the complex legal and regulatory landscape effectively. By partnering with us, tech and healthcare organizations can develop robust strategies, ensuring compliance, safeguarding personal data, and maintaining trust among your consumers.

Contact us to learn more. 

The U.S. Senate Finance Committee held a February 8, 2024 hearing titled “Artificial Intelligence and Health Care: Promise and Pitfalls.”

The following witnesses testified at the hearing:

• Peter Shen, Head of Digital & Automation for North America, Siemens Healthineers, Washington, DC

• Mark Sendak, MD, MPP, Co-Lead, Health AI Partnership, Durham, NC

• Michelle M. Mello, JD, Ph.D., Professor of Health Policy and of Law, Stanford University, Stanford, CA

• Ziad Obermeyer, MD, Associate Professor and Blue Cross of California Distinguished Professor, University of California – Berkeley, Berkeley, CA

• Katherine Baicker, Ph.D., Provost, University of Chicago, Chicago, IL

Senator Wyden (D-OR) made a few statements on AI. The Senator emphasized the importance of ensuring that AI in healthcare is used to improve patient outcomes and lower costs, rather than being driven by profit.. He also highlighted the need to address concerns regarding privacy, data security, and bias in AI algorithms.

Artificial Intelligence is clearly an emerging innovative field that is both exciting and risky. For tech and healthcare stakeholders, the possibilities can be endless when examining potential legal and regulatory pitfalls.

Lanton Law is a national boutique law and government affairs firm that closely monitors legislative, regulatory and legal developments in the healthcare and technology spaces. Contact us to learn about how either our legal or lobbying services can help you attain your goals.

Technology companies are constantly collecting and using personal data. This data can include everything from names and addresses to browsing history and financial information. As technology companies collect more data, the importance of privacy becomes even more critical.

There are a number of reasons why technology companies need a lawyer to help them with privacy. First, lawyers can help companies understand the laws that apply to them. These laws can vary depending on the country or region where the company operates. 

Second, lawyers can help companies develop and implement relevant policies and procedures. These policies and procedures should be designed to protect the company's users. 

Third, lawyers can help companies respond to privacy inquiries and complaints. If a user has a question or complaint about a company's privacy practices, the company needs to be able to respond promptly and effectively. 

Privacy is a complex issue, and technology companies need to take it seriously. By working with a lawyer, technology companies can ensure that they are compliant with the law and that they are protecting the privacy of their users.

If you are a technology company and you are concerned about how to navigate an evolving regulatory environment, contact Lanton Law today. We stay up-to-date on the latest technology policy and legal trends and can help you implement new business strategies.

Privacy has emerged as a critical issue in the digital age, prompting increased scrutiny and regulation. In New York, a hub for technology and healthcare industries, privacy trends have been shaping the legal and regulatory landscape. This blog post will explore the evolving privacy trends in New York and delve into how Lanton Law can help tech and healthcare companies navigate complex privacy laws and develop effective legal and regulatory strategies.

New York has been proactive in addressing privacy concerns, recognizing the importance of protecting personal information in an increasingly interconnected world. Several key privacy laws and regulations have been enacted, creating a robust privacy framework for businesses operating in the state.

The New York Privacy Act, if passed, would establish comprehensive privacy rights for consumers, similar to the European Union's General Data Protection Regulation (GDPR). It would empower individuals with control over their personal data and impose stringent obligations on businesses regarding data protection and transparency.

Additionally, the Stop Hacks and Improve Electronic Data Security (SHIELD) Act has enhanced data breach notification requirements and expanded the definition of personal information. It mandates businesses to implement reasonable security measures and imposes penalties for non-compliance.

Lanton Law has an emerging privacy and data protection section. Here's how our firm can help: 

a. Compliance Assessment: We can conduct comprehensive privacy assessments to identify areas of non-compliance and help businesses align their practices with applicable state and federal privacy regulations. We can review your policies, procedures, and data handling practices to ensure adherence to legal requirements.

b. Privacy Policy Development: We can assist in drafting and updating privacy policies that meet the specific needs of your industry. These policies often outline data collection practices, disclosure mechanisms, and individual rights, providing transparency and legal compliance.

c. Consent Mechanisms: With the increasing emphasis on consent, Lanton Law can help companies develop effective mechanisms for obtaining and managing consent. This includes ensuring clear and informed consent practices, implementing opt-in and opt-out mechanisms, and maintaining records of consent.

d. Privacy Impact Assessments: Lanton Law can conduct Privacy Impact Assessments (PIAs) to identify privacy risks associated with the implementation of new technologies, data-sharing practices, or changes in business operations. PIAs help companies proactively address privacy concerns and mitigate risks.

e. Dispute Resolution: In case of privacy-related disputes, Lanton Law can provide strategic guidance. 

Conclusion:

As privacy concerns continue to grow in the digital age, New York has been at the forefront of enacting comprehensive privacy legislation. Tech and healthcare companies in the state must adapt to these evolving trends to protect consumer data and maintain compliance with privacy regulations. 

Lanton Law's experience in privacy and data protection enables these companies to navigate the complex legal and regulatory landscape effectively. By partnering with us, tech and healthcare organizations can develop robust strategies, ensuring compliance, safeguarding personal data, and maintaining trust among your consumers.

Contact us to learn more. 

In late June 2022 H.R. 8152 was introduced which seeks to provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement. 

What are some of the important aspects of the bill?

According to the Congressional Research Service the bill proposes the following:

Covered Entities. It would apply to most entities, including nonprofits and common carriers. Some entities, such as those defined as large data holders that meet certain thresholds or service providers that use data on behalf of other covered entities, would face different or additional requirements.

Covered Data. It would apply to information that “identifies or is linked or reasonably linkable” to an individual.

Duties of Loyalty. It would impose several duties on covered entities, including requirements to abide by data minimization principles and special protections for certain types of data, such as geolocation information, biometric information, and nonconsensual intimate images.

Transparency. It would require covered entities to disclose, among other things, the type of data they collect, what they use it for, how long they retain it, and whether they make the data accessible to the People’s Republic of China, Russia, Iran, or North Korea.

Consumer Control and Consent. It would give consumers various rights over covered data, including the right to access, correct, and delete their data held by a particular covered entity. It would require covered entities to get a consumer’s affirmative, express consent before using their “sensitive covered data” (defined by a list of sixteen different categories of data). It would further require covered entities to give consumers an opportunity to object before the entity transfers their data to a third party or targets advertising toward them.

Youth Protections. It would create additional data protections for individuals under the age of 17, including a prohibition on targeted advertising, and it would establish a Youth Privacy and Marketing Division at the Federal Trade Commission (FTC).

Third-Party Collecting Entities. It would create specific obligations for third-party collecting entities, which are entities whose main source of revenue comes from processing or transferring data that it does not directly collect from consumers (e.g., data brokers). These entities would have to comply with FTC auditing regulations and, if they collect data above the threshold amount of individuals or devices, would have to register with the FTC.

Civil Rights and Algorithms. It would prohibit most covered entities from using covered data in a way that discriminates on the basis of protected characteristics (such as race, gender, or sexual orientation). It would also require large data holders to conduct algorithm impact assessments. These assessments would need to describe the entity’s steps to mitigate potential harms resulting from its algorithms, among other requirements. Large data holders would be required to submit these assessments to the FTC and make them available to Congress on request.

Data Security: It would require covered entities to adopt data security practices and procedures that are reasonable in light of their size and activities. It would authorize the FTC to issue regulations elaborating on these data security requirements.

Small- and Medium-size Businesses: It would also relieve small- and medium-size businesses from complying with several requirements; for instance, these businesses may respond to a consumer’s request to correct their data by deleting the data, rather than correcting it.

Enforcement. It would be enforceable by the FTC, under that agency’s existing enforcement authorities, and by state attorneys general in civil actions.

Private right of action. It would create a delayed private right of action starting four years after the law’s enactment. Injured individuals would be able to sue covered entities in federal court for damages, injunctions, litigation costs, and attorneys’ fees. Individuals would have to notify the FTC or their state attorney general before bringing suit. Before bringing a suit for injunctive relief or a suit against a small- or medium-size business, individuals would be required to give the violator an opportunity to address the violation.

Preemption. It would generally preempt any state laws that are “covered by the provisions” of the ADPPA or its regulations, although it would expressly preserve sixteen different categories of state laws, including consumer protection laws of general applicability and data breach notification laws. It would also preserve several specific state laws, such as Illinois’ Biometric Information Privacy Act and Genetic Information Privacy Act and California’s private right of action for victims of data breaches.

Section by section specifics can be found here. 

We are going to see more privacy proposals on the state and federal level. 

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

In an interview with Pharmacy Times, Ron Lanton III, Esq, partner at Lanton Law, discussed the recent Supreme Court ruling on Dobbs v. Jackson Women’s Health and what this could mean for pharmacists. In the interview, Lanton said the decision leaves many things ambiguous, which will most likely result in litigation around the country in the coming weeks and months.

The interview can be viewed here. We have also provided the text from Aislinn Antrim’s interview at Pharmacy Times below:

In an interview with Pharmacy Times, Ron Lanton III, Esq, partner at Lanton Law, discussed the recent Supreme Court ruling on Dobbs v. Jackson Women’s Health and what this could mean for pharmacists. In the interview, Lanton said the decision leaves many things ambiguous, which will most likely result in litigation around the country in the coming weeks and months.

Aislinn Antrim: Hi, I'm Aislinn Antrim with Pharmacy Times,and I'm here with Ron Lanton, partner at Lanton Law, to discuss the recent Supreme Court decision in Dobbs v. Jackson Women's Health and what this means for pharmacists, contraception access, and all of these other questions. So to get started, can you explain the Supreme Court reasoning in this case?

Ron Lanton III, Esq: Absolutely. And before I get started, let me just put a disclaimer out there that while I'm not going to be discussing my personal views about the Supreme Court decision, I'm just going to talk like a lot of health care providers are probably talking right now, where they're just trying to figure out what happened, and what does this mean for them. So, with that out of the way, I'll quickly explained Dobb.

So basically, what happened in this case is that Roe v. Wade and Casey v. Planned Parenthood were both actually overturned by the Supreme Court on the basis that abortion at any time was not protected by the constitution. So basically, what they've done is that they didn't really put any standards around what they thought abortion was, or you know, how many weeks there should be at, because they felt that the state should actually control the outcome. So, the facts within Dobbs is that the state of Mississippi banned abortions at 15 weeks, which is pre-viability (viability referring to if the fetus can survive outside of the womb). And what Justice Alito said, writing for the majority opinion, is a quote that I wanted to make sure that everybody has heard in case they have not read the opinion. And the quote talks about this, it says, “The inescapable conclusion is that a right to abortion is not deeply rooted in the nation's history and traditions. On the contrary, an unbroken tradition of prohibiting abortion, on pain of criminal punishment, persisted from the earliest days of the common law until 1973.” So, this is definitely a landmark decision. You know, my entire life has been post-Roe. So, this is going to be very, very different for a lot of people and we'll see what happens.

Aislinn Antrim: Definitely. Where do states stand currently in terms of abortion access? And where do you see this headed in the coming weeks and months?

Ron Lanton III, Esq: I see a lot of litigation coming in the next weeks and months. Right now, it's kind of weird how we say this, because right now, there are 5 states where abortion is either illegal or banned. Those states are Texas, South Dakota, Oklahoma, Louisiana, and Kentucky. Soon there will be 16. And the reason I say that is because of what's called trigger laws. So basically, if Roe was ever overturned, which it was in this case, there were some states that have laws in the books that said, should this happen, then, you know, within 30 days abortions will be banned in that state.There is also another thing called zombie lawsthat are out there, in addition to the trigger laws, and what zombie laws are, is that these are pre-Roe abortion laws that may come back, they were never officially taken off of the books. So, they're just kind of there and a lot of states really don't know what to do with these and businesses that are operating there don't know what to do with these, or if they'll ever come back. So that number, while it may go up to 16 with the trigger laws, it may be more with these zombie laws. So, we really have to do a close scrutiny of what's on the books. And I think that if health care providers are wondering what that might be, I would just suggest that they look and see if their states do in fact have these laws on the books. There have been some states, though, that have taken the stance that they will be arresting medical providers that actually attempt to do these services. So, my prediction is just like I mentioned earlier, is that we're probably going to see a lot of different lawsuits, just for people that are trying to understand their rights and what they can and can't do, especially the health care providers.

Aislinn Antrim: Absolutely. There are many things that are still really unclear. One of the major things that's come into play is access to mail-order abortion pills, and from my understanding, the FDA has permanently allowed these pills to be accessible by mail. But some governors are still looking to ban them. Can you explain this, what this means, and where it stands?

Ron Lanton III, Esq: Yeah, of course. Well, the FDA has been using the pill since 2000, and in December of 2021 what they did was they had some labeling and some evidence-based medicine requirements that they put in and finalized in December of 2021. I can't really speak to specifics about what those are. I know they did them, but if people are interested, I would just go to the FDA and just look. They have that stuff there on their site. The FDA does allow the pill to be prescribed by mail or by telehealth and it's authorized for use during the first 10 weeks of pregnancy. And what was interesting was that when I was looking at this is that more than half of the abortions in the United States are actually medication abortions, which I did not know.

You have mentioned some of the anti-abortion policies that tend to happen with this. So, there have been some anti-abortion states that have laws on the books that stipulate that this pill either has to be given in-person or it has to be prescribed, instead of done through telehealth or by mail. And also, they're saying it's only allowed through the seventh week, whereby the FDA says that it's the tenth week. So that's different. So, what we're seeing here, and what we're also hearing, is that some states may even try to ban the pill. And there's questions legally on whether they can do this. It's really a Tenth Amendment versus Supremacy Clause question. You know, I don't think the FDA, this is just me personally, I think you should check this out. But you know, just for me, I'm not sure you could do that as a state, just legally, with something that the FDA has already approved. It's also going to come down to what the Board of Medicine in your particular state is allowing a physician to do. So, these are just other things that a health care provider would have to check out.

I do think it is interesting to bring up what the Department of Justice has said about this very issue. So, here's a quote I’d like to share with you. So, in what the Department of Justice has said, has stated, “…and we stand ready to work with other arms of the federal government that seek to use their lawful authorities to protect and preserve access to reproductive care. In particular, the FDA has approved the use of medication (Mifeprex). States may not ban this based on disagreement with the FDA’s expert judgment about safety and efficacy.” So, if a state has a policy where it's just challenging the safety of it, that's not going to stand. So, what really remains to be seen is if states are going to continue to do this regardless, we'll have to see.

Aislinn Antrim: Very interesting. And there are also states where legislators are attempting to interpret IUDs as abortion to restrict their access. What is the legal basis for this? And what are the implications if they are successful?

Ron Lanton III, Esq: Yeah, so let's go back to the Supreme Court majority opinion. In this case, they said that other rights, like the rights to contraception and marriage, do not discuss the ending of human life as abortion does. So, they tried to make a distinction in this ruling. Now, with what you just brought up, I started thinking about Plan B and copper IUDs because those stop an already fertilized egg or an embryo from implanting and thus creating the pregnancy. Right? So, the argument Dobbs was they sided with Mississippi in that Mississippi could deny an abortion at pre-viability, which they already ruled that they can. So, therefore, a state could potentially rule with regards to Plan B or the copper IUD, that these are not contraception and that they are a form of abortion. I mean, theoretically it could happen, as they stop an embryo from implanting, thus stopping human life. So especially if the state believes that human life starts at fertilization, and not implantation. So, many health care providers are definitely likely to be concerned about this because it could also affect IVF treatments. Basically, this ruling has allowed states to ban abortion but kind of has left the door open because they were ambiguous on, you know, they didn't say anything about weeks or what abortion was, there was no definition about it. So, this could potentially bleed over into contraception. So honestly, a legal basis for this could be a new law that describes when human life starts, such as fertilization instead of implantation. So, Dobbs opened the door to that and, you know, that's another one of those things we just don't know.

Aislinn Antrim: Definitely. Many people are urging the Biden administration and Congress to codify a right to abortion. Do you have a sense of whether this could happen or where this stands?

Ron Lanton III, Esq: Well, let's just talk about the Senate makeup right now. So, to get anything passed in Congress has been very difficult to do lately because of just the hyper-partisanship stuff that's been going on. And the Senate, it's almost like forget about it. You know, if you don't have those 60 votes to satisfy the threshold, then you're just not getting anything done. So right now, with an issue this divisive—and really, I mean, anything can be hyper-partisan but, you know, this is definitely one of those issues. I don't know if they can get anything passed in the Senate that could codify Roe.

Now, I like to go back to whether it's accurate when we say codify Roe, because Roe v. Wade hasn't been in place since 1992. And the reason I say that is because the Supreme Court had the Casey v. Planned Parenthood case that I referenced earlier, which was also overturned with Roe in the Dobbs decision. Now, in Casey, the court upheld Roe’s decision holding that a woman has the right to choose to terminate a pregnancy up until the point of fetal viability, and that states could restrict abortion after that point, subject to exceptions such as, you know, protecting the life and health of the pregnant woman. But in Casey the court said that Roe too severely limited state regulation prior to fetal viability and held that states can impose restrictions on abortion throughout pregnancy to protect potential life, as well as the maternal health, which, you know, which has been status quo up until just recently. What was also interesting about Casey is that had had the undue burden test, which basically said that states can't make a law that makes it too hard for someone that wants to seek an abortion. So again, that's been status quo until now. And now we're really not sure what's going to happen.

Aislinn Antrim: Definitely. Going back to what you were saying a few minutes ago, there are also discussions of whether a future Supreme Court case could impact contraception access. What could this look like from a policy or legal standpoint?

Ron Lanton III, Esq: I think [policy and legality] these are 2 related issues, but when we're looking at legalities, I mean, you know, we can split hairs all day but those legally are 2 different issues. So, for contraception that prevents fertilization, you know, such as the pill, that would require a state to draft an entirely new law that outlawed contraception. And that would have to be pushed through several states, and then in order to get to the Supreme Court, someone would have to challenge that and make it all the way up through the ladder. So, these cases are coming faster than they used to before, but that's the process that would have to happen. The rights of contraception is a bit different than what we were talking about in Dobbs because the contraception was actually a different case based on Griswold v. Connecticut. And that basically held that married couples have a protected right to privacy, and that this is being violated by states banning contraception. So, Griswold was not overturned or even mentioned in the majority opinion. Now, I think what has people talking is the Justice Thomas concurring opinion, which basically said that we ought to look at cases like Griswold. Well, that's different from the majority opinion. So, the majority opinion is what we base everything off of now. Concurring opinions happen, judges put their opinions in there all the time. Whether someone later may look at that concurring opinion and shape a different policy, legally or whatnot, that remains to be seen. But the majority opinion did not talk about Griswold. I just want to make sure that was very clear.

Aislinn Antrim: Definitely. Thank you. Could this Dobbs ruling potentially impact the legality of scientific research and innovation in the area of women's health and contraception?

Ron Lanton III, Esq: Yes. So, any current or future research that is connected to the use of an already fertilized egg or an embryo may be deemed unlawful by a state, depending on what their abortion laws actually are. So, as we talked about earlier, Dobbs opens the door for states to determine when human life actually begins. And they're now able to put in their own standards about how they feel about abortion. So, I think in order to answer your question, it really depends on how the state is going to regulate the practice of medicine. So, it’s going to come down to where you live and how medicine is regulated.

Aislinn Antrim: With a wide range of restrictions varying state-to-state, do you have any resources or suggestions for pharmacists who may not know exactly how to handle things in their state, what's legal what they can and can't do? Where can they look?

Ron Lanton III, Esq: That's a good question. I think if I were a pharmacist in this environment, I would definitely look at the Board of Pharmacy to see if there's any guidance about that. I think the second thing that you have to do is really understand how Plan B is going to be regulated. And I think if that's the case, you might want to call an attorney—I'd hate to even get to that kind of level, but you want to make sure that you're complying with what is going on. But I think an issue that most people miss is privacy and HIPAA. And, you know, if you have someone that's coming to a pharmacy that is in a state like the Northeast, where it's pretty much status quo with how they're going to rule or regulate this issue, you know, you can't be telling another state what's going on based on that. So, you really should understand your privacy laws and just look at that in your state. And just make sure you have a good understanding of HIPAA, which will help you in your practice going forward. So, I think those are the 3 places that I would look at first, to make sure. So, make sure that you understand your privacy, get a lawyer if you have questions about things, and just make sure that you're familiar with Board of Pharmacy and their policies and procedures.

Aislinn Antrim: Absolutely. Well, we've covered a lot. Is there anything that you wanted to add?

Ron Lanton III, Esq: I wish I could, I wish I had a crystal ball to kind of figure out how all this is going to go. Like I said, I think with this decision it's going to be a lot of litigation. So, this is not going to be over by, you know, any short imagination. This is going to go on for quite a while. And the only thing that could change things again, back to the way things were, is either an act by Congress, which would invalidate a court decision, or this comes back up through the Supreme Court again and they rule a different way. So that's a long way of me saying that we just have to wait and see what happens.

Aislinn Antrim: Absolutely. Well, thank you so much for diving into this with me.

Ron Lanton III, Esq: You’re welcome, thank you for the time.

The California Privacy Protection Agency, the regulator established by the California Privacy Rights Act in November 2020 has posted draft regulations for its upcoming June 8 Board meeting. The draft CPRA regulations can be viewed here. 

The draft regulations do need work to clarify several issues. The draft does address privacy notice requirements, as well as how companies must notify its contractors and vendors to delete personal information as well as how to respond to opt out preference signals. The rules are forecasted to take effect on January 1, 2023. 

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

According to the U.S. House Committee on Energy and Commerce:

“U.S. Representatives Frank Pallone, Jr., D-N.J. and Cathy McMorris Rodgers, R-Wash., Chairman and Ranking Member of the House Committee on Energy and Commerce, and U.S. Senator Roger Wicker, R-Miss., Ranking Member of the Senate Committee on Commerce, Science, and Transportation, today released a discussion draft of a comprehensive national data privacy and data security framework. The draft legislation is the first comprehensive privacy proposal to gain bipartisan, bicameral support.”  

What does the American Data Privacy and Protection Act do?

• Establish a strong national framework to protect consumer data privacy and security;

• Grant broad protections for Americans against the discriminatory use of their data;

• Require covered entities to minimize on the front end, individuals’ data they need to collect, process, and transfer so that the use of consumer data is limited to what is reasonably necessary, proportionate, and limited for specific products and services;

• Require covered entities to comply with loyalty duties with respect to specific practices while ensuring consumers don’t have to pay for privacy;

• Require covered entities to allow consumers to turn off targeted advertisements;

• Provide enhanced data protections for children and minors, including what they might agree to with or without parental approval; 

• Establish regulatory parity across the internet ecosystem; and

• Promote innovation and preserve the opportunity for start-ups and small businesses to grow and compete.

The discussion draft can be found here.

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On Episode 1 Lanton Law speaks with STACK CEO Jonathan Ogurchak about privacy trends, healthcare efficiencies using SAAS and whether healthcare is ready for tech disruption. Click here to listen to the podcast.

Senator Creem and Senator Lesser have introduced S.46 titled “An Act Establishing the Massachusetts Information Privacy Act.” The bill can be found here. The Act applies to Massachusetts businesses that earn $10,000 or more annual revenue through 300 or more transactions or that process or maintain the personal information of 10,000 or more unique individuals during the course of a calendar year. The bill has protections on the collection of biometric or location information and seeks to prevent companies from discriminating based on consumer personal information. The MA Information Privacy Commission would also be created by this proposal to oversee this bill’s regulatory scheme. 

This bill mirrors the efforts unleashed by the landmark General Data Protection Regulation (GDPR) in Europe which has been followed by efforts in California. Massachusetts did have a predecessor to S.46 in 2019 which stalled in the legislature.

The bill is currently in the Advanced Information Technology, the Internet and Cybersecurity Committee.  If you are a technology, healthcare or commerce stakeholder then this is something to keep a watch on.  

Lanton Law is a national healthcare & technology law and government affairs firm. Our technology practice has been monitoring privacy developments nationwide. If you are a commerce, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

Senators Ron Wyden (D-OR) and Rand Paul (R-KY) have introduced the Protecting Data at the Border Act .

According to the press release “The bipartisan bill prevents law enforcement agencies from continuing to take advantage of the so-called border search “exception” in order to conduct warrantless searches of Americans’ phones and laptops.” 

“The Protecting Data at the Border Act would provide statutory clarity by recognizing that the principles from Riley v. California extend to searches of digital devices at the border. In addition, this bill requires that U.S. persons know their rights before they consent to giving up online account information (like social media account names or passwords) or before they consent to give law enforcement access to their devices.”

The bill summary can be found here.  

Lanton Law is a national boutique regulatory law and lobbying firm that focuses on technology and healthcare/life science. Our privacy practice monitors relevant policy and regulatory decision makers and we counsel clients on emerging trends within this rapidly developing field. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

U.S. Senator Gillibrand (D-NY) issued a press release announcing the Data Protection Act of 2021, which would create the DPA, an independent federal agency whose goal is to protect Americans’ data, instill privacy safeguards and work to ensure that there is transparency in data sharing practices. 

There have been some changes to this proposed legislation since last year’s version of the bill. These changes include:

• Supervision of Data Aggregators: Grants the DPA authority to review Big Tech mergers involving a large data aggregator, or any merger that proposes the transfer of personal data of 50,000 or more individuals.

• Office of Civil Rights: Establishes the DPA Office of Civil Rights to advance data justice and protect individuals from discrimination. 

• Enforcement Powers: Improves DPA enforcement powers to oversee the use of high-risk data practices and to penalize, examine, and propose remedies to the social, ethical, and economic impacts of data collection.

• Penalties and Fines: Prohibits data aggregators from committing any unlawful, unfair, deceptive, abusive, or discriminatory data practices; and allows for penalties and fines to be levied if violated, including triple penalties for violations against children.

• Defines Key Terms for Transparency: Provides Key Definitions for Privacy Harm, Data Aggregators, and High-Risk Data Practice, among other key terms.

According to the release “The DPA would be an executive agency. The director would be appointed by the president and confirmed by the Senate, serves a 5-year term, and must have knowledge of technology, protection of personal data, civil rights, and law. The agency may investigate, subpoena for testimony or documents, and issue civil investigative demands. It may prescribe rules and issue orders and guidance as is necessary to carry out federal privacy laws. The authority of state agencies and state attorneys general are preserved in the Act. The DPA would have three core missions:

1. Give Americans control and protection over their own data by authorizing the DPA to create and enforce data protection rules. 

2. Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace. 

3. Prepare the American government for the digital age.”

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are a banking/finance, technology or healthcare/life science stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

The  Social Media Privacy Protection and Consumer Rights Act of 2021 has been reintroduced and is being led by Senators Kennedy (R-LA), Klobuchar (D-MN), Manchin (D-WV and Burr (R-NC). The proposal seeks to improve the transparency of online platforms, strengthen consumers’ options when a data breach occurs and ensure companies comply with privacy policies that protect consumers.

According to the bill’s press release the proposal seeks the following: 

• Give consumers the right to opt out and keep their information private by disabling data tracking and collection,

• Provide users greater access to and control over their data,

• Require terms of service agreements to be in plain language,

• Ensure users have the ability to see what information about them has already been collected and shared,

• Mandate that users be notified of a breach of their information within 72 hours,

• Offer remedies for users when a breach occurs, and

• Require that online platforms have a privacy program in place.

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

H.B. 969 titled Consumer Data Privacy has failed to become the nation’s third comprehensive consumer privacy law. The legislature adjourned without reaching a legislature agreement between the House and Senate as the Senate voted 29-11 to send the bill back to the House. The main controversy around this bill not being able to advance is centered on whether a consumer should have a private right of action to sue a company for an alleged violation. 

Lanton Law’s technology practice has been monitoring privacy developments nationwide. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

On April 22, 2021, Justice Breyer wrote the majority opinion for AMG CAPITAL MANAGEMENT, LLC, ET AL. v. FEDERAL TRADE COMMISSION, which was a shock to many consumer advocates where the Court ruled unanimously against the Federal Trade Commission (FTC). The ruling could make it less cost effective for the FTC to pursue companies that violate privacy rules.

According to the case, the Federal Trade Commission filed a complaint against Scott Tucker and his companies alleging deceptive payday lending practices in violation of §5(a) of the Federal Trade Commission Act. The District Court granted the Commission’s request pursuant to §13(b) of the Act for a permanent injunction to prevent Tucker from committing future violations of the Act, and relied on the same authority to direct Tucker to pay $1.27 billion in restitution and disgorgement. On appeal, the Ninth Circuit rejected Tucker’s argument that §13(b) does not authorize the award of equitable monetary relief. 

The Court held that “Section 13(b) does not authorize the Commission to seek, or a court to award, equitable monetary relief such as restitution or disgorgement.” Congress is set to address this issue soon as it looks to reaffirm the agency’s power to provide consumer relief. 

FTC Acting Chairwoman Rebecca Kelly Slaughter released a statement about the case where she stated: 

“In AMG Capital, the Supreme Court ruled in favor of scam artists and dishonest corporations, leaving average Americans to pay for illegal behavior,” Acting Chairwoman Rebecca Kelly Slaughter said. “With this ruling, the Court has deprived the FTC of the strongest tool we had to help consumers when they need it most. We urge Congress to act swiftly to restore and strengthen the powers of the agency so we can make wronged consumers whole.”

Over the past four decades, the Commission has relied on Section 13(b) of the Federal Trade Commission Act to secure billions of dollars in relief for consumers in a wide variety of cases, including telemarketing fraud, anticompetitive pharmaceutical practices, data security and privacy, scams that target seniors and veterans, and deceptive business practices, among many others. More recently, in the wake of the pandemic, the FTC has used Section 13(b) to take action against entities operating COVID-related scams. Section 13(b) enforcement cases have resulted in the return of billions of dollars to consumers targeted by a wide variety of illegal scams and anticompetitive practices, including $11.2 billion in refunds to consumers during just the past five years.

Lanton Law is a national boutique law and lobbying firm that focuses on highly regulated industries such as technology, fintech, healthcare and clean energy. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today.

A new bi-partisan privacy bill has been introduced by Senators Wyden (D-OR) and Paul (R-KY) titled “The Fourth Amendment is Not For Sale Act.” The bill proposes to close a legal loophole and prevent law enforcement and intelligence agencies from obtaining subscriber or customer records in exchange for anything of value, and to address communications and records in the possession of intermediary internet service providers. Currently, this information can be exchanged without judicial oversight.  

According to the press release, some highlights of the proposal include: 

• Requires the government to get a court order to compel data brokers to disclose data — the same kind of court order needed to compel data from tech and phone companies.

• Stops law enforcement and intelligence agencies buying data on people in the U.S. and about Americans abroad, if the data was obtained from a user’s account or device, or via deception, hacking, violations of a contract, privacy policy, or terms of service. As such, this bill prevents the government buying data from Clearview.AI.

• Extends existing privacy laws to infrastructure firms that own data cables & cell towers.

• Closes loopholes that would permit the intelligence community to buy or otherwise acquire metadata about Americans’ international calls, texts and emails to family and friends abroad, without any FISA Court review.

• Ensures that intelligence agencies acquiring data on Americans do so within the framework of the Foreign Intelligence Surveillance Act and that when acquiring Americans’ location data, web browsing records and search history, intelligence agencies obtain probable cause orders. This language is similar to language that was in the 2020 Wyden-Daines amendment to legislation to reform Section 215.

• Takes away the Attorney General’s authority to grant civil immunity to providers and other third parties for assistance with surveillance not required or permitted by statute. Providers retain immunity for surveillance assistance ordered by a court. 

Lanton Law is a national boutique law and lobbying firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

Lanton Law’s privacy practice has been closely monitoring the various state conversations around data privacy. We previously wrote a blog post titled California’s Consumer Privacy Act Could Be Coming to a State Near You, where we traced how California took the first step to create a consumer privacy law in the wake of Europe’s General Data Protection Regulation.    

So what’s going on with Virginia? Earlier this month the Virginia Senate passed 

 Senate Bill 1392, titled the Consumer Data Protection Act. The Virginia House of Delegates approved a companion (identical) House Bill H.B. 2307 by an 89-9 vote. Each bill likely will be heard in committee next week by the opposite chamber, which provides additional opportunities to make amendments. The state General Assembly will adjourn on March 1, it is expected that Governor Northam will sign the legislation. 

What does the bill do? The proposed legislation seeks the following:

“Establishes a framework for controlling and processing personal data in the Commonwealth. The bill applies to all persons that conduct business in the Commonwealth and either (i) control or process personal data of at least 100,000 consumers or (ii) derive over 50 percent of gross revenue from the sale of personal data and control or process personal data of at least 25,000 consumers. The bill outlines responsibilities and privacy protection standards for data controllers and processors. The bill does not apply to state or local governmental entities and contains exceptions for certain types of data and information governed by federal law. The bill grants consumer rights to access, correct, delete, obtain a copy of personal data, and to opt out of the processing of personal data for the purposes of targeted advertising. The bill provides that the Attorney General has exclusive authority to enforce violations of the law, and the Consumer Privacy Fund is created to support this effort. The bill has a delayed effective date of January 1, 2023.”

As with major policy issues that have yet to have a federal solution, states like California, Virginia and others are creating piecemeal policies, which will create compliance issues for entities that operate in several jurisdictions. New York, Oklahoma, Washington State, Minnesota, and North Dakota are jurisdictions that we continue to monitor with brewing policies on point.  

As we become more reliant on technology which crosses several sectors now, businesses are finding that they have to increase their awareness of state and federal policy in order to remain compliant. We at Lanton Law can help. Our legal and lobbying tools can help offer your organization a clear path forward to navigate what will be changing policies for healthcare, technology and clean energy stakeholders. We are a D.C. based firm with no state boundaries as we are active nationwide. Contact us today to discuss your options. 

Last month as part of the State of the State 2021, Governor Cuomo announced a comprehensive law around personal data and privacy protections for New York state residents.

So what does this proposal outline?

According to the Governor’s proposal “This law will mandate that companies that collect information on large numbers of New Yorkers disclose the purposes of any data collection and collect only data needed for those purposes. Governor Cuomo will also establish a Consumer Data Privacy Bill of Rights guaranteeing every New Yorker the right to access, control, and erase the data collected from them; the right to nondiscrimination from providers for exercising these rights; and the right to equal access to services.”  

“The proposal also expressly protects sensitive categories of information including health, biometric and location data and creates strong enforcement mechanisms to hold covered entities accountable for the illegal use of consumer data. New York State will work with other states to ensure competition and innovation in the digital marketplace by promoting coordination and consistency among their regulatory policies. 

New York’s proposal seems to be following a trend set by California’s Privacy Rights and Enforcement Act. We believe that we are witnessing a slow moving transition towards similar oversight in other states. 

The increasing demands around data security and data privacy has presented new challenges to business operations and compliance efforts. Not to mention there are new rising risks around consumer data privacy expectations. 

Lanton Law is a national boutique law and lobbying firm that focuses on healthcare/life sciences and technology. We are the dedicated business partner that you need behind you to help you confront the changing regulatory landscape around data. 

If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today!

On July 29th four of the biggest tech companies CEOs testified in front of Congress. Jeff Bezos of Amazon, Tim Cook of Apple, Mark Zuckerberg of Facebook, and Sundar Pichai of Google all took questions from the U.S House Judiciary Subcommittee on Antitrust, Commercial, and Administrative Law. The hearing which can be viewed here was titled “Online Platforms and Market power, Part 6: Examining the Dominance of Amazon, Apple, Facebook, and Google.”  

Sadly, there was a lot of political posturing on both sides of the political aisle and not a lot of policy. The main takeaway is that there is still no clear bipartisan antitrust agenda. 

Democrats presented evidence regarding antitrust concerns. It seemed they had pointed questions regarding certain deals such as Amazon's purchase of Ring to control that sector of the market and Facebook's alleged threats against Instagram before its purchase of the company.  

Republicans focused on perceived anti-conservative bias in tech instead of addressing company size and market power. Their questions focused on whether the tech companies will participate in "electioneering" for Joe Biden and grilled Facebook about Twitter's shutdown of Trump Jr.'s account. 

This has been a year-long investigation by this Subcommittee with this testimony capping the investigation. Subcommittee members are still in the process of sending follow-up questions to the CEOs and finalizing their conclusions over the next few weeks. Once they are done the Subcommittee will file a report of its findings. 

This process has been highly politicized, and many tech stakeholders are wondering whether any significant policymaking will get done by the end of the year. While there is reason to be skeptical, there is a highly charged election about to take place, meaning it wouldn’t surprise us if a small step towards technology regulation was accomplished. The bigger question is what happens to tech policy at the start of 2021? 

We continue to see an increase in federal and state policymaking when it comes to technology companies. The threat of looming technology legislation will undoubtedly lead to increased regulation. It’s better to be prepared now by knowing the landscape and preparing your strategic options in order to navigate the increased scrutiny. 

Lanton Law is a national boutique law and government affairs firm that focuses on technology and healthcare. If you are an industry stakeholder with questions about the current landscape or if you would like to discuss how your organization’s strategic initiatives might be impacted by either Congress, regulatory agencies or legal decisions, contact us today. 

Apple and Google have announced their partnership to enable Bluetooth technology to help interested stakeholders such as healthcare agencies and governments to fight COVID-19. The announcement describes the tech companies’ intent of “releasing draft documentation for an Exposure Notification system in service of privacy-preserving contact tracing.” The most important thing to note is that the companies will not be building contact tracing apps but will be providing tools around a unified programming interface that will allow these aforementioned stakeholders to create their own contact tracing applications. And while this partnership and others like it are a much needed resource during our fight against COVID-19, privacy concerns with how these companies are using our information loom in the background. 

So what is contact tracing? It can come in two forms. The first form is human to human tracing, which is described in the Centers for Disease Control and Prevention’s (CDC) list of core principles. 

• Contact tracing is part of the process of supporting patients with suspected or confirmed infection.

• In contact tracing, public health staff work with a patient to help them recall everyone with whom they have had close contact during the timeframe while they may have been infectious.

• Public health staff then warn these exposed individuals (contacts) of their potential exposure as rapidly and sensitively as possible.

• To protect patient privacy, contacts are only informed that they may have been exposed to a patient with the infection. They are not told the identity of the patient who may have exposed them.

• Contacts are provided with education, information, and support to understand their risk, what they should do to separate themselves from others who are not exposed, monitor themselves for illness, and the possibility that they could spread the infection to others even if they themselves do not feel ill.

• Contacts are encouraged to stay home and maintain social distance from others (at least 6 feet) until 14 days after their last exposure, in case they also become ill. 

As you can see this is a very specialized skill that needs to be timely executed to prevent further spread of disease. 

According to the CDC digital tracing on the other hand is another set of tools that can be used to “expand the reach and efficacy of contact tracers.” This is what we are seeing from the Apple-Google partnership, as well as other applications (apps) that we see flooding the market in an effort to provide additional tools to combat COVID-19. 

Digital contact tracing can theoretically be more efficient because it doesn’t rely on memory, but requires user cooperation where people would have to download the relevant apps on their phones. In order for something like this to have an almost “real time” effect, a large number of people would have to adapt to this technology. Are we as a society ready for this? While emergencies like this would seem like the answer would be a common sense “yes” there are a lot of other issues at play such as are positive alerts to a user accurate and will a user’s information be protected? A great example of user worry could come in the form of potential genetic discrimination of which we wrote a prior blog post.  

To date the skepticism of technology companies being able to use healthcare data has been rampant. For example, several industry stakeholders were surprised by the Wall Street Journal’s (WSJ) article  that Google has been working since 2018 on a "secret" project involving patient data with Ascension, the St. Louis-based nationwide health system. 

Project Nightingale would involve having Google be provided with millions of health records of U.S. citizens, which has prompted a recent follow up letter by three U.S. Senators to gain additional insight into the project’s specifics. Facebook has a new tool called Preventive Health that seeks to “connect people to health resources and checkup recommendations from leading health organizations.” And while Microsoft launched Microsoft Cloud for Healthcare; whose program applies “flexible capabilities to power individualized experiences, improve team collaboration, and unify data to unlock real-time insights,” demonstrates that while technology and healthcare are merging, the need for addressing privacy concerns remains at the forefront. 

We need all the tools we can get our hands on during this difficult struggle against COVID-19, especially when it comes to digital contact tracing. There is no doubt that we need the efficiencies that technology has to offer. The potential is there, but there has to be buy in from a majority of people in order for this to work. Not only do we have to continue to work to ensure that everyone has access to smartphone technology, but we have to put some additional “safety checks” in place to ensure that ‘anonymized’ aggregated data isn’t sold, that sensitive protected health information (PHI) is guarded and the proper laws/regulations are put in place so that we can learn from the painful lessons that COVID-19 has taught thus far.