Author Archives: Lulu Ju

EU Rules Restricting the International Transfers of Non-Personal Data

by Kristof Van Quathem and Anna Oberschelp de Meneses

Photos of the authors

Kristof Van Quathem and Anna Oberschelp de Meneses (Photos courtesy of Covington & Burling LLP)

While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR.  In other words, these new laws apply to data that does not relate to an identified or identifiable natural person, including anonymized data and data about industrial equipment, significantly expanding the types of data subject to international transfer restrictions.  Some of this legislation has been enacted recently, and other legislation on this topic is making its way through the legislative process but has yet to be adopted.  In this blog post, we outline the current and forthcoming EU legislation on the international transfer of non-personal data.

Continue reading

EU Advocate General Defines “Identity Theft” and Reaffirms GDPR Compensation Threshold

by Kristof Van Quathem and Aleksander Aleksiev 

Photos of the authors

Left to right: Kristof Van Quathem and Aleksander Aleksiev (Photos courtesy of Covington & Burling LLP)

EU advocate general Collins has reiterated that individuals’ right to claim compensation for harm caused by GDPR breaches requires proof of “actual damage suffered” as a result of the breach, and “clear and precise evidence” of such damage – mere hypothetical harms or discomfort are insufficient. The advocate general also found that unauthorised access to data does not amount to “identity theft” as that term is used in the GDPR.

The right for individuals to claim compensation for data breaches has long been a controversial and uncertain aspect of the GDPR – see our previous blogs here, herehere, and here for example.

Continue reading

Utah Publishes Social Media Regulation Act Proposed Rule

by Kirk J. Nahra, Ali A. Jessani, and Samuel Kane

Photos of the authors

From left to right: Kirk J. Nahra, Ali A. Jessani, Samuel Kane.

On October 15, the Utah Department of Commerce’s Consumer Protection Division published a Proposed Rule implementing elements of the Utah Social Media Regulation Act (SMRA), which was signed into law in March 2023.

The SMRA imposes a range of requirements on social media companies related to minors’ use of social media platforms. The law, for example, requires that social media companies verify users’ ages, obtain parental consent authorizing minors to use the companies’ services, limit the functionality of minors’ accounts (e.g., messaging, advertising), and restrict the hours at which minors can access their accounts. The law also includes broad restrictions on these companies’ use of practices, designs, or features that contribute to minors’ addiction to social media. Importantly, the law is enforceable both by the Consumer Protection Division and through a private right of action. The Proposed Rule, in turn, offers additional specifics regarding how social media companies can satisfy the SMRA’s age verification and parental consent requirements. Public comments on the Proposed Rule will be accepted until February 5, 2024.

Continue reading

French Competition Regulator Fines Six Companies €31.2 Million for Bid-Rigging

by Jonathan J. Rusch 

Photo courtesy of the author

Photo courtesy of the author

Despite its clearcut illegality in numerous countries around the world[1], and its inherently corrupt nature[2], bid rigging remains a perennial temptation for some companies that prefer predictability to the rigors of competition.  A recent decision by the French Autorité de la concurrence (French Competition Authority/FCA) shows the extent to which some companies will go in establishing and maintaining bid-rigging schemes.

On September 7, the FCA issued a decision that fined six companies in the engineering, maintenance, decommissioning, and nuclear waste treatment services sector – OTND, Nuvia Process (a subsidiary of the Vinci Group), Endel, Bouygues Construction Expertises Nucléaires (BCEN), SNEF, and SPIE — a total of €31.2 million for engaging in anticompetitive agreements during calls for tender for decommissioning of a nuclear power plant.[3]  This post will address the actions of the fined companies, summarize the FCA’s decision, and offer some observations about its significance.

Continue reading

FTC Alleges “Serial Acquirer” Theory in Challenge to Consummated PE Deals

by Andrew J. Nussbaum, Jonathan M. Moses, Nelson O. Fitts, Adam L. Goodman, and Itai Y. Thaler

Photos of the authors

From left to right: Andrew J. Nussbaum, Jonathan M. Moses,  Nelson O. Fitts, Adam L. Goodman, and Itai Y. Thaler. (Photos courtesy of Wachtell, Lipton, Rosen & Katz)

Last week, the Federal Trade Commission sued U.S. Anesthesia Partners, Inc. (“USAP”) and its private equity investor, Welsh, Carson, Anderson & Stowe, as well as a number of Welsh Carson entities, in federal district court, alleging that USAP and Welsh Carson conspired to monopolize and reduce competition for anesthesia services in Texas.  The FTC’s complaint alleges that, beginning in 2012, Welsh Carson, through its investment in USAP — which varied between 23% and 50.2% over the relevant period — directed a “roll-up scheme” to acquire and consolidate over a dozen Texas anesthesia practices; caused price increases across the state; and coordinated prices and allocated markets with some of the remaining independent anesthesia providers.  The complaint claims violations of the Sherman Act, the Clayton Act, and the FTC Act, and seeks unspecified “structural relief” that could include restitution and divestitures.

Continue reading

CFPB Report Highlights Role of Big Tech Firms in Mobile Payments

by the Consumer Financial Protection Bureau

CFPB Logo

Apple and Google set regulations on “tap-to-pay” which can impact innovation and competition

The Consumer Financial Protection Bureau (CFPB) published a new issue spotlight highlighting the impacts of Big Tech companies’ policies and practices that govern tap-to-pay on mobile devices like smartphones and watches. Apple currently forbids banks and payment apps from accessing the tap-to-pay functionality on Apple iOS devices and imposes fees through Apple Pay. Google’s Android operating system does not currently have such a policy. The issue spotlight explains how regulations imposed by mobile operating systems can have a significant impact on innovation, consumer choice, and the growth of open and decentralized banking and payments in the U.S.

“Regulations imposed by Big Tech firms have a big impact on whether consumers and businesses can make payments using third-party apps,” said CFPB Director Rohit Chopra. “We are carefully evaluating Big Tech’s role in our banking and payments system.”

Continue reading