Photo of Rebecca Yergin

Rebecca Yergin practice focuses on a broad range of privacy, data security, technology, and communications issues. In particular, Ms. Yergin counsels technology companies on federal and state privacy and data security laws and regulations, including in the healthcare space. She also assists clients in negotiating commercial transactions relating to content distribution, and she advises clients on Federal Communications Commission compliance issues. Ms. Yergin's practice furthermore focuses on the regulatory ecosystem for the Internet of Things (“IoT”), including connected and automated vehicles.

In this edition of our regular roundup on legislative initiatives related to artificial intelligence (AI), cybersecurity, the Internet of Things (IoT), and connected and autonomous vehicles (CAVs), we focus on key developments in the European Union (EU).

Continue Reading AI, IoT, and CAV Legislative Update: EU Spotlight (Third Quarter 2020)

Today, the California Senate Judiciary Committee will consider AB 1281, which would extend the California Consumer Privacy Act’s (CCPA) business-to-business and employment exemptions until January 1, 2022, in the event that the pending ballot initiative—which also would extend the exemptions—does not pass this November.

In addition, the Committee will consider two contact tracing measures, AB 660 (Levin) and AB 1782 (Chau).  Both bills could impact private employer and business contact tracing efforts:

  • AB 660 would prohibit use or disclosure of data collected for purposes of contact tracing for any other purposes. It generally would require deletion of such data within 60 days.
  • AB 1782 would require businesses that offer “technology-assisted contact tracing” to satisfy certain requirements, including providing individuals with the opportunity to revoke consent to collection of their personal information and rights to access, correct, and delete personal information. It also requires covered businesses to provide consumers certain disclosures, except where research or other exceptions apply, to delete personal information within 60 days from the time of collection, to maintain security safeguards, and to make available public reporting of the number of individuals whose information has been collected, amongst other content.

Finally, we also are watching SB 980, which passed out of the Senate on June 25, 2020 and is now under consideration by the Assembly.  SB 980 was scheduled for hearing before the Assembly’s Privacy and Consumer Protection Committee on July 28, although that hearing was postponed.  If enacted, the bill would impose certain additional privacy obligations on direct-to-consumer genetic testing companies that go beyond the CCPA, including requiring:
Continue Reading California Legislature Advances Privacy Legislation

On April 2, 2020, the U.S. Department of Health and Human Services (“HHS”) issued a Notification of Enforcement Discretion (the “Notification”) regarding the disclosure of protected health information (“PHI”) to public health authorities and use of PHI to perform analytics for such authorities.  Designed to “facilitate uses and disclosures for public health and health oversight activities during this nationwide public health emergency,” the Notification relaxes HHS’s enforcement of certain provisions of the Privacy Rule issued  under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).  More specifically, the Notification announces that, under certain circumstances, HHS will not impose penalties for violations of such provisions against covered health care providers and their business associates for the use and disclosure of PHI “by business associates for public health and health oversight activities” in connection with the COVID-19 nationwide public health emergency.
Continue Reading HHS Seeks to Facilitate Certain Uses and Disclosures of Health Data to Public Health and Health Oversight Agencies Amidst COVID-19 Nationwide Public Health Emergency

On February 27, 2019, Covington hosted its first webinar in a series on connected and automated vehicles (“CAVs”).  During the webinar, which is available here, Covington’s regulatory and public policy experts covered the current state of play in U.S. law and regulations relating to CAVs.  In particular, Covington’s experts focused on relevant developments in: (1) federal public policy; (2) federal regulatory agencies; (3) state public policy; (4) autonomous aviation; and (5) national security.

Highlights from each of these areas are presented below.


Continue Reading Covington Hosts First Webinar on Connected and Automated Vehicles

One week from today, Covington will host its first webinar in a series on connected and automated vehicles (“CAVs”). The webinar will take place on February 27 from 12 to 1 p.m. Eastern Time. During the webinar, Covington’s regulatory and legislative experts will cover developments in U.S. law and regulations relating to CAVs. Those topics

Last month in  In the Matter of 1-800 Contacts, Inc., the Federal Trade Commission (“FTC”) provided insight into the circumstances under which retail price competition may take place in the 21st century internet economy.  In the Opinion authored by Chairman Joseph J. Simons (“Commission’s Opinion”) the Commission decided that 1-800 Contacts, the country’s largest online retailer of contact lenses, unlawfully entered into anticompetitive agreements with 14 rival online sellers (“Agreements”).  The Agreements, which, in most cases were trademark litigation settlements, required the parties, when bidding as part of search engine advertising auctions, to take measures ensuring their advertisements do not appear in response to searches for the other party’s trademark terms.  According to the Commission’s Opinion, approved 3-1-1, the “decision will affect not only the price that consumers pay for some contact lenses but also the very manner in which substantial parts of price competition will occur throughout consumer markets today and tomorrow.”  This week, 1-800 Contacts filed an application with the FTC for a partial stay pending review by the U.S. Court of Appeals.

The Agreements between 1-800 Contacts and Rival Retailers

By way of background, more than a decade ago, 1-800 Contacts began bringing trademark infringement actions against rival contact retailers, who were selling lenses at lower prices.  The infringement claims were based on the retailers’ online advertisements appearing in response to consumers’ searches for “1-800 Contacts.”  The Agreements, which resulted from the litigation, restricted the parties’ ability to bid on certain “keywords” in search engine auctions.  “Keywords” are words or phrases that trigger the display of a party’s advertisements as “sponsored links” on a search engine when the words or phrases “match” a user’s search.  As relevant here, the Agreements specifically prohibited each party from bidding on keywords that allegedly infringe upon the other party’s trademarks and additionally required the parties to employ “negative” keywords to prevent their advertisements from displaying whenever a search included the other party’s trademarks. 
Continue Reading Sights on Online Search Advertising: FTC Finds Practices by 1-800 Contacts to Unlawfully Harm Competition and Restrict the Availability of Truthful Advertising to Consumers

On June 28, 2017, The Federal Trade Commission and the National Highway Traffic Safety Administration (NHTSA) hosted a workshop  to examine the consumer privacy and security issues that automated and connected motor vehicles pose.  The workshop’s Public Notice, which solicited comments from stakeholders in advance of the event, highlighted the benefits that connected cars

Members of Congress are gearing up for national laws on autonomous vehicles. Last week in the Senate, John Thune (R-S.D.), Gary Peter (D-Mich.), and Bill Nelson (D-Fla.) released a list of principles for bipartisan legislation in advance of a hearing they convened on June 14, 2017, entitled “Paving the Way for Self-Driving Vehicles.” 

The Article 29 Working Party (“WP29”), a group consisting of representatives from each European data protection authority, the European Data Protection Supervisor, and the European Commission, yesterday issued a press release detailing its recommendations for the first Annual Joint Review of the EU-U.S. Privacy Shield (“Privacy Shield”), which will take place in September 2017.  Specifically,