Privacy & Cybersecurity Law Blog

On November 6, 2024, a Texas state district court jury found that a large e-discovery vendor violated Title 7, Chapter 33 of the Texas Penal Code, which provides that accessing a computer without its owner’s permission is a Class B misdemeanor. This case highlights the importance for e-discovery vendors of considering data privacy and security requirements in the course of discovery proceedings.

On February 28, 2024, the European Data Protection Board (“EDPB”) announced the launch of its latest Coordinated Enforcement Framework action on the right of access. Through the course of 2024, 31 data protection authorities across the European Economic Area, including seven German state-level authorities, will take part in this initiative on the implementation of the right of access. The EDPB selected the right access for its third coordinated enforcement action as it is “at the heart of data protection,” is a right that is very frequently exercised by individuals, and one that is often the basis of complaints to authorities.

On December 7, 2023, the Court of Justice of the European Union (“CJEU”) ruled that credit scoring constitutes automated decision-making, which is prohibited under Article 22 of the EU General Data Protection Regulation (“GDPR”) unless certain conditions are met. In a case stemming from consumer complaints against German credit bureau SCHUFA, the CJEU found that the company’s reliance on fully automated processes to calculate creditworthiness and extend credit constitutes automated decision-making which produces a legal or similarly significant effect within the meaning of Article 22 of the GDPR.

National Labor Relations Board General Counsel Jennifer Abruzzo recently asked the National Labor Relations Board (“Board”) to overrule its decision in Caesars Entertainment d/b/a Rio All-Suites Hotel and Casino, 368 NLRB No. 143 (2019) (“Rio All-Suites”). The Rio All-Suites Board overruled the Board’s prior decision in Purple Communications, Inc., 361 NLRB 1050 (2014) (“Purple Communications”), which in turn overruled the Board’s decision in Register Guard, 351 NLRB 1110 (2007). All three cases deal with whether the National Labor Relations Act (“Act”) gives employees the right to use an employer’s email systems to engage in union and other protected concerted activities.