Photo of Jeff Kuo

Jeff focuses his practice on intellectual property litigation and portfolio management, and counsels clients on privacy and cybersecurity issues. He has developed strategies for successful and cost-effective resolutions in various state and federal jurisdictions including Illinois, California, Delaware and New York.

The number of internet users in China has rapidly increased to over 900 million individuals as of March 2020.  As internet availability continues to rise in China and the country’s digital community grows in virtually all industries and populations, the People’s Republic of China is keying into the fact that foreign and domestic businesses seeking to capitalize on China’s market must adhere to rules regarding processing and transferring personal information across China’s borders.

On October 21, 2020, the National People’s Congress Standing Committee unveiled its draft Personal Information Protection Law (PIPL) to the public for view and comment.  If enacted, PIPL will be China’s comprehensive law on the protection of personal data.  The necessity of PIPL was cited in part by the National People’s Congress Standing Committee due to China’s explosive growth of information integration and the amount of personal data collected.  The Committee asserted that protection of its citizen’s personal information was of utmost importance for economic development and that there needed to be clear requirements in order to strengthen personal information protection.  Interestingly, PIPL provides numerous data protection principles similar to those we have seen enacted under the European Union’s General Data Protection Regulation and the California Consumer Privacy Act.  Specifically, the draft PIPL appears to take on general principles of transparency, fairness, limitations of purpose for data processing, retention limitations, and accountability.  Some of the more notable items within the draft PIPL include:
Continue Reading China’s Personal Information Protection Law (PIPL) – Data Privacy in the Land of Big Data

In a surprising turn of events, the Brazilian Senate has revised executive order MP 959/2020 to remove the delayed effective date of Brazil’s General Personal Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”). As we previously discussed in Taft’s Privacy & Data Security Insights blog, Brazil had originally delayed the implementation of LGPD to have an effective date of January 2021. However, during a remote session on August 26, 2020, the Brazilian Senate rejected the proposed delay
Continue Reading Brazil’s Plot Twist: Data Protection Law Is Here Despite Previous Postponement

The road to hell is paved with good intentions. While the proverb may be a stretch for now, the latest lawsuit by the American Civil Liberties Union of Illinois (ACLU) against Clearview AI certainly shows that good intentions, when acted upon, may have unintended consequences. Technology utilized in the name of public protection—whether from global pandemics or criminal activity—can have disastrous effects when it comes to civil liberties and privacy.

The ACLU filed a lawsuit against Clearview AI based on violations of Illinois residents’ privacy rights. Clearview AI is a technology company that scrapes images from the internet, primarily from various social media platforms, in order to create a searchable database of individual’s face prints. The company claimed that it sold access to its searchable database to hundreds of police departments and federal agencies in order to protect children and aid victims of crimes. However, a recent data breach showed that Clearview AI actually also sold or provided access to its searchable database to retail chains Walmart and Macys, the NBA, Equinox, and many other non-law enforcement entities.Continue Reading Crossing the Line? ACLU challenges Clearview AI’s Facial Recognition Technology

The town of Westport, Connecticut, is the latest administration to face the challenge of balancing privacy concerns while combating the COVID-19 pandemic. By April 17, 2020, there were 183 confirmed cases of COVID-19 in Westport. For the sake of public health, Westport announced its intent to collaborate with the company Draganfly to use drone technology to monitor social distancing. Draganfly’s drones are allegedly able to detect fevers, heart and respiratory rates, and people sneezing and coughing. The drones would aid in the fight against COVID-19 by alerting officials of any locations where crowds were not properly social distancing, using biometric readings to analyze population patterns.

Photo credit:  Draganfly Screenshot as reported in Hartford Courant, April 23, 2020.  Continue Reading Connecticut Town’s Drone Program Grounded: What Businesses Can Learn from Latest Battle Balancing Privacy and the Public Good

As up-to-date readers of Taft’s Privacy & Data Security Insights blog know, the legal landscape continues to quickly evolve due to the economic, legal and privacy impacts of COVID-19. Moreover, we have seen significant flexibility from government agencies on various laws and regulations as a result of COVID-19.

Brazil’s encroaching data privacy law is the latest to suffer a delay as a result of the economic uncertainty caused by COVID-19. Brazil’s General Data Protection Law (aka, the Lei Geral de Proteção de Dados and referred to as the “LGPD” in the Portuguese acronym) appeared ready to go into effect in August 2020. However, Brazil has recently and rapidly become a hot spot for COVID-19. On April 3, 2020, as a result of the healthcare crisis caused by COVID-19, the Brazilian Senate approved Bill No. 1179/2020. This emergency measure postpones the effective date for the LGPD to January 2021, with sanctions and penalties enforceable only after August 2021. The Brazilian Senate validated its emergency measure by asserting that businesses should not be burdened by having to dedicate resources for privacy compliance as they navigate the crisis caused by COVID-19. Bill No. 1179/2020 is now awaiting approval by the Brazilian House of Representatives.Continue Reading Brazil Postpones Enforcement of New Privacy Law in Response to COVID-19

As we have often said here in the US, “so goes California, so goes the country” when it comes to laws of all kinds, not just those addressing privacy. Well, globally, the same can be said of the impact of the European Union’s GDPR. Originally scheduled to go into effect this month (it was later amended to be enforced in August 2020), Brazil will be regulating privacy and security more extensively with the Brazilian General Data Protection Law (aka, the Lei Geral de Proteção de Dados and often referred to as the “LGPD” in the Portuguese acronym) (Law 13.709/2018). Here is a quick summary of the LGPD’s requirements.
Continue Reading So goes the EU, so goes the world….Brazil’s new privacy law is on the horizon.

As the Jan. 1, 2020 operational date for the California Consumer Privacy Act (“CCPA”) approaches, the balance between consumer rights and company responsibility continues to be vigorously debated. As this blog predicted when we discussed the first set of amendments to the CCPA, negotiations and amendments to the CCPA continue. We review the most recent Feb. 22, 2019 consumer friendly amendment now—Senate Bill 561 (“SB 561”).
Continue Reading California: Shore to Please Consumer Privacy Rights Advocates