Website AccessibilityEastern District of New York Holds a Website By Itself is Not Place of Public Accommodation

Eastern District of New York Holds a Website By Itself is Not Place of Public Accommodation

Website class actions alleging violations of the Americans with Disabilities Act (“ADA”) continue to dominate the court systems. These lawsuits are indiscriminate involving businesses of all sizes across a myriad of industries. Commonly, these lawsuits involve a plaintiff who suffers from a disability and attempted to access a business’s website, alleging that the website itself should be considered a place of public accommodation, but their disability hindered their enjoyment of the business’s services. Nevertheless, a court in the Eastern District of New York has unequivocally concluded that a website is not a “place of public accommodation” within the meaning of Title III of the ADA.

Winegard v. Newsday LLC

On July 31, 2019, Plaintiff Jay Winegard, a legally deaf individual residing in Queens, New York, filed an action in the Eastern District of New York against the news service provider Newsday. Winegard alleged that Newsday violated the Americans with Disabilities Act, the New York State Human Rights law, and the New York State Civil Rights Law, and the New York City Human Rights Law in failing to provide closed captioning on two of the videos it hosted on its website.

On May 1, 2020, Newsday filed a Motion to Dismiss, arguing, in relevant part, that Newsday is not a place of public accommodation within the meaning of Title III of the ADA.

On August 16, 2021, while initially observing that the Second Circuit has not squarely resolved whether a website itself is a place of public accommodation, the Eastern District of New York concluded that “the ADA excludes, by its plain language, the websites of businesses with no public-facing, physical retail operations from the definition of” places of public accommodation. In reaching its conclusion, the court relied heavily upon the text of the ADA, noting that the ADA’s definition of places of public accommodation were overwhelmingly comprised of physical locations.

Echoing the recent Eleventh Circuit holding in Gil v. Winn-Dixie, the court further called upon Congress to clarify whether the places of public accommodation include websites and further remarked that in the thirty-one years since the passage of the ADA, Congress has failed to add non-physical places to the definition of places of public accommodation.

Finally, the court in Winegard concluded that previous Second Circuit reliance on Pallozzi v. Allstate Life Insurance Co. is misplaced, as that matter dealt with the enjoyment of insurance services which still had to procured at a physical location.

What does this mean going forward?

Whereas the Court’s decision in Winegard may not initially upend all website-based ADA claims in the Second Circuit, it is yet another example of the eroding argument that websites are automatically places of public accommodation. To that end, it is important that companies are proactive and prioritize accessibility to put themselves into a legally defensible position.

At Beckage, we have a team of highly skilled attorneys and technologists who are uniquely situated to help clients navigate website accessibility and work towards national and international standards with other privacy and security laws. Beckage works with clients at all stages of accessibility analysis and is here to help make your company ADA compliant and help ensure your company has the right tools in place to mitigate risk.

Subscribe to our newsletter.

*Attorney Advertising; prior results do not guarantee similar outcomes.  

Online Shopping11th Circuit Holds a Website is Not a Place of Public Accommodation in Gil v. Winn-Dixie Stores

11th Circuit Holds a Website is Not a Place of Public Accommodation in Gil v. Winn-Dixie Stores

Website class actions alleging violations of the Americans with Disabilities Act (“ADA”) have been on the rise in recent years – involving small and large businesses alike.  These lawsuits generally involve a plaintiff who suffers from a disability and attempted to access a business’ website, but their disability hindered their enjoyment of the full range of the website’s services.  Moreover, these website class action lawsuits began their rapid proliferation in June 2017 after a Southern District of Florida court held that Winn-Dixie grocery store chain had violated the ADA because the inaccessibility of its website had denied the plaintiff the full and equal enjoyments of the goods, services, facilities, privileges, advantages, or accommodations that that grocery store offered.  However, now the Eleventh Circuit has unequivocally clarified that a website is not a “place of public accommodation” within the meaning of Title III of the ADA.

The District Court: Gil v. Winn-Dixie Stores

In 2017, Plaintiff Juan Carlos Gil, who is legally blind, sued the grocery retailer Winn-Dixie, alleging the business violated the Americans with Disabilities Act (ADA) because the website was allegedly inaccessible to Gil due to its incompatibility with Gil’s screen reading software.  Gil wanted to order his prescriptions for pickup and to download online coupons onto his rewards card for store use.  The Southern District of Florida concluded that as Winn-Dixie’s website was not accessible to the screen reader users, it had violated the ADA.  Moreover, the court determined that as the website was heavily integrated with Winn-Dixie’s physical stores, acting as a gateway to the physical store, the court did not need to consider whether websites were places of public accommodation under the ADA.  Finally, the Southern District of Florida, issued a detailed injunctive relief order, requiring Winn-Dixie to make its website conform to the Web Content Accessibility Guideline 2.0 Level AA – a privately developed set of criteria for web accessibility that has not been adopted as a legal standard under the ADA for the public accommodation websites.  In response to this finding, Winn-Dixie allocated $250,000 to update their site to make it more accessible to those with significant visual impairment.

 The Circuit Court: Gil v. Winn-Dixie Stores 

Winn-Dixie immediately appealed the Southern District of Florida’s holding, seeking further clarification on three issues:

  1. Whether Gil has standing to bring this case;
  2. Whether websites are places of public accommodation under Title III of the ADA; and
  3. Whether the district court erred in its verdict and judgment in favor of Gil, including the court’s injunction.

In April 2021, the Eleventh Circuit held, in relevant part that:

  1. Winn-Dixie did not violate the ADA because its website is not a place for public accommodation; and
  2. Winn-Dixie’s website did not pose an intangible barrier to his access to goods, services, privileges, or advantages to Winn-Dixie’s physical stores.

In reaching its conclusion, the Eleventh Circuit focused on two important facts:

  1. No goods or services could be purchased on Winn-Dixie’s website; and
  2. All interactions with Winn-Dixie can be, although need to be, initiated on the website must be completed in store: prescription pickups and redemption of coupons.

Therefore, the Winn-Dixie website had limited functionality and purchases could not be made on the Winn-Dixie website.

What does this mean going forward?

After this recent decision, there are now three different theories of liability for website accessibility adopted by the federal courts of appeal. The Eleventh Circuit states that in order to establish a violation of the ADA based on an inaccessible website, a plaintiff must show the inaccessibility of the website prevented him/her from accessing goods, services, privileges, or advantages of a physical place of public accommodation. The Ninth Circuit has held that a plaintiff must show that an inaccessible website has a nexus to a physical place of public accommodation to establish ADA liability. The First Circuit has held that a plaintiff would have a strong argument under current precedent that a website that falls into one of twelve categories of business in ADA’s definition of the term “public accommodation” would be covered under the ADA, even if it has no physical place of public accommodation. The statutory definition of a ‘public accommodation’ is “an expansive list of physical locations,” that does not include websites.

It is unclear what the impact of the Winn Dixie decision will be, although it is anticipated that it will not have a tremendous impact on the number of website accessibility lawsuits filed because plaintiffs can choose to file in a different circuit court where the precedent is more favorable. The likelihood that the Supreme Court will take up this issue has increased due to the new conflict between the Eleventh and Ninth Circuits as to when an inaccessible website belonging to a physical place of public accommodation violates the ADA.

Many lawsuits filed in the past few years involve the threshold issue of whether and to what extent Title III applies to websites, leaving the courts left to decide. Case law is developing rapidly in this area because website accessibility claims have become a big business for the plaintiff’s bar. It is important that companies are proactive and prioritize accessibility to put themselves into a legally defensible position.

At Beckage, we have a team of highly skilled ADA attorneys and technologists who are uniquely situated to help clients navigate website accessibility and work towards national and international standards with other privacy and security laws from both a litigation defense perspective but also with unique technical experience. Beckage works with clients at all stages of the accessibility analysis and is here to help make your company evaluate your ADA compliance posture and implement a legally defensive plan to mitigate risk.

Subscribe to our newsletter.

*Attorney Advertising; prior results do not guarantee similar outcomes.  


Website AccessibilityWhy Companies Should Take A Holistic Approach to Digital Accessibility

Why Companies Should Take A Holistic Approach to Digital Accessibility

Over the past several years, there has been a tremendous increase in the prevalence of digital tools, online businesses, and mobile applications.  This has led to a spike of litigation in both federal court, under Title III of the Americans with Disabilities Act (ADA), and similar state statutes, such as New York Human Rights Law and California’s Unruh Act, as users with a variety of disabilities allege challenges in accessing various components of a company’s online business.  

The Beckage Website Accessibility Team, made up of lawyers who are also web developers and web design business owners, continues to monitor federal and state filings under the ADA, which have more than quadrupled in the past seven years. While no industry is immune, we have noticed a trend of lawsuits targeting the retail and restaurant sector, as more individuals with disabilities are seeking out websites over brick-and-mortar stores, creating higher risk for online businesses with accessibility issues.

Part of the surge in litigation over the past handful of years is caused from the lack of clarity from the Department of Justice, the federal agency responsible for enforcement of the ADA. In 2017, the DOJ declined to issue clarifying regulations, contributing to continued uncertainty on clarity on what digital accessibility entailed. Hence a waive of litigation ensued and shows no signs of letting up. Thus, absent any legislation or guidance from the DOJ, now is the time for organizations for organizations to take a holistic approach to digital accessibility, taking proactive steps to make their digital platforms accessible for users with a variety of disabilities. But what does that look like in practice and why should your organization make accessibility a priority in 2021?

Current Legal Landscape

As any good business understands, it is crucial to always keep the consumer top-of-mind, and your online presence is certainly no exception. Creating a digital platform that can be used by the greatest number of consumers possible should always be the goal, and that number needs to include the 1 in 5 Americans who have a disability.

However, deciphering what exactly it means for an online business to be considered accessible under Title III of the ADA has been a constant challenge for companies, web designers, and attorneys working in the accessibility space. Despite the DOJ’s lack of clarity on this issue, the Web Content Accessibility Guidelines (WCAG) 2.1, private industry standards promulgated by the World Wide Web Consortium (W3C), are widely accepted by the industry and courts for measuring accessibility.  The WCAG standards are broken down into three “levels” of acceptability: Level A, Level AA, and Level AAA.  Level A and Level AA are where most common barriers for disabled users exist and are thus the accepted standards to achieve website accessibility.  

It is also important to note how Title III of the ADA intersects with privacy regulations. For example, while there is currently no federal data privacy law, the California Consumer Protection Act (CCPA) requires that website Privacy Policies be “reasonably” accessible to individuals using screen-reading software and other tools to access a website. This is an important piece of this comprehensive data privacy legislation and while it doesn’t address the accessibility of the rest of a business’s website, making sure your digital tools, such as web forms for data subject rights, cookie consent banners, and other similar tools on your website, are accessible to the greatest number of users makes wise sense in the spirit of this regulation.  Additionally, with a new administration in the White House, anticipate that we may see federal legislation that clarifies clarify both data privacy and accessibility standards on a national level, which would make working towards compliance and avoiding predatory lawsuits easier for companies with an online presence.

What We’ve Learned About ADA Accessibility Claims

Practically speaking, it remains unclear what having an “accessible” website means. For this reason, a very high number of ADA cases filed against online businesses are quickly settled outside of court to avoid the expense of litigating in such uncertain terrain.   

Website and mobile app accessibility claims against businesses in a variety of sectors have become a familiar occurrence.  Most of these cases have similar allegations; a disabled individual argues that they encountered multiple access barriers that denied him/her full and equal access to the goods and services offered online by a company. In most of these cases, the plaintiff has attempted to leverage screen-reading software to access the website or mobile application and claims the platform is incompatible with the assistive technology they are using. 

Other commonly made claims include improperly labeled links and pages, inconsistent placement of on-page elements, like the shopping cart, and lack of image alt-text, title elements, and other features that help blind users navigate a website. Thus, the plaintiff argues, the business has violated Title III of the ADA and related state statute, entitling the plaintiff, among other things, to injunctive relief and attorneys’ fees.   

Practical Steps for Businesses

The sheer volume of settlement agreements and cases Beckage has worked on has exposed some common themes and provided valuable insights into how online businesses can proactively address website accessibility and minimize legal risk.  We recommend the following four-prong approach:  

  1. Consult with legal tech counsel, like Beckage, to evaluate litigation risk and regulatory compliance;
  2. Have your website or mobile app audited with the protection of attorney-client privilege or with a trusted third party vendor against the WCAG Level A and Level AA standards to determine what remediation is necessary to address any existing barriers and test your website using assistive technology, such as a screen reader, to be sure all barriers have been remedied.
  3. Publish a legally-reviewed Accessibility Statement on the forward-facing website and mobile application, and work to develop internal policies, procedures, and a training program that implement regular audit and assessment of accessibility; and
  4. Operationalize accessibility within your organization, prioritizing a top-down, multi-department approach throughout your organization to building accessibility.

Keeping in mind the end goals of improving usability for individuals with disabilities and avoiding frivolous lawsuits, businesses can arm themselves with a proper plan to address their online platforms’ accessibility. From our experience, a holistic approach to digital accessibility that understands how to bring together various stakeholders and decisions makers from throughout the organization as accessibility champions is the best way to operationalize accessibility.

With former web developers and technologists on staff, Beckage is well-suited to help businesses from all sectors and industries navigate the uncertain legal landscape surrounding website accessibility. Through collaborating with in-house technologists, outside vendors, members of the disability community, and internal assistive technologies, Beckage attorneys work under privilege to conduct internal and remedial audits of client websites and mobile applications, evaluate platform compatibility, and oversee implementation of recommended remedial or accessibility-enhancement measures.  Our team can help you develop and implement a sustainable accessibility program that contemplates compliance with the WCAG guidelines and other current and future website accessibility standards and best practices.

Subscribe to our newsletter.

*Attorney Advertising. Prior results do not guarantee similar outcomes.

Data Privacy DayBeckage Attorneys Make 2021 Data Security & Privacy Predictions in Observance of Data Privacy Day

Beckage Attorneys Make 2021 Data Security & Privacy Predictions in Observance of Data Privacy Day

Today is Data Privacy Day – an international event held annually on January 28th with the purpose of promoting privacy and data protection best practices for consumers and businesses. At Beckage, every day is Data Privacy Day – our team of lawyers and technologists works daily with clients on data security and privacy measures, from developing policies and procedures to comply with international and domestic privacy regimes to responding to headline-making data incidents and defending clients in data security and privacy class actions.

The legal landscape surrounding data security and privacy is constantly evolving to adapt to technological advancements and global privacy trends. In observance of this holiday, we asked some of our experienced team members what they expect to see in this space in 2021.


Litigation – Myriah V. Jaworski, Esq. CIPP/US, CIPP/E

My data privacy prediction for 2021 is also related to biometrics. This year we will see the continued rise of regulation over and litigation concerning the use of biometric information.

A few years after the Illinois State Legislature passed BIPA, the Biometric Information Privacy Act, we started to see a slew of class action lawsuits filed against businesses alleged to have violated BIPA’s written release requirement. BIPA class actions have ranged from headline-making cases against major tech companies, such has Facebook, to small and medium-sized businesses across numerous industries.

While biometric lawsuits were once viewed as a risk associated only with doing business in Illinois, other states, like Washington and Texas, have followed suit by passing their own laws mimicking BIPA and others are eyeing their own biometric privacy bills. Of note, a bill nearly identical to BIPA is pending in the New York State legislature, which, if passed, could have a much larger impact on businesses given that New York is one of the largest economies in the United States.

At the federal level, we have recently seen the Federal Trade Commission (FTC) enter the biometric conversation with its consent agreement with EverAlbum, Inc. This consent order may have set a nation-wide standard for businesses’ use and collection of biometric information, regardless of whether those businesses operate in states that have enacted or pending biometric privacy laws.

In short, in 2021 the risks and penalties associated with collecting and using biometric information are steep. Any business, regardless of location, that is engaging in biometric information collection should conduct a privacy audit, look at its written policies, and ensure that it has the requisite consents in mind. As a litigator, I always say “demonstrable compliance is the strongest legal defense,” and that is certainly true in the biometric privacy space.

Watch Myriah’s video prediction here.


Incident Response – Daniel P. Greene, Esq., CIPP/US, CIPP/E

At the heart of what we do as incident response privacy practitioners is data breach prevention.  My 2021 prediction for the privacy landscape is an expansion in the use of multi-factor authentication. This is great news for incident response because, often, multi-factor authentication is an important step in helping to avoid a data incident and protect the privacy of data.

Multi-factor authentication is when a user identifies themself through biometrics, like a facial or fingerprint scan, or though entering a code on a device to confirm access to sensitive spaces, like a bank account or work network. It helps in avoiding unauthorized access and we expect to see this technology used in new spaces in 2021, such as when using an ATM or checking out at a grocery store.

We also anticipate an expansion in the use of biometrics over device authentication. There have been numerous documented incidents where device authentication has backfired. A famous example occurred in 2019 when attackers were able to gain access to Twitter CEO Jeff Dorsey’s account using a SIM card swap scheme. Because biometric identifiers are much more difficult to change or duplicate, using a facial scan or fingerprint is a much more secure method of confirming a user’s identity. And while this brings up a host of other issues about safeguarding biometric information, I think we can expect to see it used a lot more soon.

Watch Dan’s video prediction here.


Government Investigations – Michael L. McCabe, Esq., CCEP

In 2021, I expect to see increased enforcement of privacy and data security laws and regulations at both the federal and state level. Considering new leadership in Washington D.C. and the looming impact of the COVID-19 pandemic, I predict not just an uptick in enforcement, but also a more muscular approach by regulators.  More enforcement actions are expected, a further reminder for companies to work with experienced tech privacy and security legal counsel to minimize legal and technical risk.

At the federal level, look for enhanced enforcement by the Federal Trade Commission (FTC), Federal Communications Commission (FCC), and Securities and Exchange Commission (SEC). On the state level, I anticipate a similar response by state attorneys general outside of Washington.   

In 2020, we saw a major uptick in cyber-attacks, due in part to companies having to quickly adopt policies for a distributed workforce.  There were also numerous COVID-related phishing attempts. These developments have resulted in a record number of data security incidents. Therefore, I expect the focus of these enforcement actions to be not just on privacy compliance, but also on effective data security and incident response.  

Watch Mike’s video prediction here.


Privacy Compliance – Kara L. Hilburger, Esq., CIPP-US

My prediction for the privacy compliance area in 2021 is the increased focus on consumer privacy rights. With California’s comprehensive privacy law, the California Consumer Privacy Act (CCPA), now one year old, there is increase awareness and attention to data subject rights.  With a myriad of other states entertaining statutes similar to the CCPA, I anticipate a host of plaintiff related lawsuits filed under these statutes’ privacy right of action provisions. The result is that business operating in this highly global, multi-jurisdictional environment will need to continue to work towards building out robust and scalable data security and privacy infrastructures that take into account not only the GDPR and CCPA but other emerging laws. For example, updating forward-facing website disclosure policies and user agreements will be paramount here to be sure they comply with the required disclosures.

Relatedly, my second prediction as that we will continue to see an uptick in litigation filed under the Americans with Disabilities Act and frankly no end is in sight.  Businesses are continuing to educate themselves on the legal standards necessary for building and maintaining an accessible website.  We also anticipate much in the way of legislation or increase DOJ involvement in this area under the new administration.

Watch Kara’s video prediction here.


Health Law – Allison K. Prout, Esq., Cert. AWS Cloud Practitioner

With so much of our everyday lives moving online in the wake of the COVID-19 pandemic, we have seen a large uptick in data breaches caused by third-party vendors and service providers. And when it comes to the healthcare industry, I anticipate a continued increase in incidents that originate with business associates and other vendors providing services to covered entities. 

 In fact, about 40% of HIPAA breaches involve or are caused by business associates. With a new administration that’s likely to favor regulatory action, we expect to see regulatory authorities continue to enforce actions against covered entities whose business associates or service providers experience breaches. 

So what does this mean for the industry?  We expect to see covered entities taking a much closer look at who they are working with—and whether those parties have robust security and privacy protocols. For this reason, business associates may need to prepare accordingly. Whether you are a covered entity or a business associate, now is the time to dust off vendor due diligence and monitoring policies and procedures. It’s also a good idea to take a closer look at those service agreements and business associate agreements to make sure your service providers are making the right security commitments—and assuming responsibility—when there’s a breach.

Watch Allie’s video prediction here.


Global Data Privacy – Jordan L. Fischer, Esq. CIPP/US, CIPP/E, CIPM

My first prediction for the global data privacy space in 2021 is the creation and evolution of additional data privacy regulations across the globe. The so-called “GDPR Effect” has been pushing data privacy trends across the globe, and we expect to this to continue as more regions and countries adopt legislation mimicking parts of the GDPR, putting their own unique twist on data privacy, or modernizing their existing data privacy regulations to make them more compatible with the GDPR and other global privacy regimes.

My second prediction is a major emphasis on cross-border data transfers. The 2020 Schrems II decision invalidated the EU-US Privacy Shield for sending data from Europe to the United States. This decision was focused on data transfers between the United States and the European Union, but it also highlights a challenge we are continuing to see in international law – while these privacy regulations see borders, the digital realm does not.  Thus, it is increasingly hard to segment data and maintain it within a specific region. This year, I anticipate a lot of tension between regions that approach privacy and security from various perspectives that don’t always align. This presents a challenge for businesses to continue to operate efficiently while minimizing risk and dealing with multiple global privacy and security regulations.

Regardless of the specific trends we expect to see this year, one thing is certain – the global data privacy landscape will continue to change rapidly, creating a fascinating environment for data privacy and security lawyers to practice in.  I am very excited to be a part of such a dynamic team that will continue to provide services to our clients in this space.

Watch Jordan’s video prediction here.


Key Takeaways

Today, as well as every other day of the year, we hope you take some time to reflect on data privacy and security and the ways you can better protect your personal or business’ private information. The Beckage team is passionate about to educating the masses on the importance of data security, the consumer privacy rights and the impact on businesses, and the steps you can take safeguard your information. We are committed to providing updates on relevant legislation, current threats, and proactive data security steps. Be sure to follow us on LinkedIn, read our blog, and subscribe to our newsletter to stay up to date on the latest in this ever-changing space. Happy Data Privacy Day!

*Attorney advertising – prior results do not guarantee future outcomes.

2020Looking Back on 2020’s Top Privacy and Cybersecurity Trends

Looking Back on 2020’s Top Privacy and Cybersecurity Trends

As 2020 comes to a close, Beckage looks back on the ways this difficult and unprecedented year impacted the data privacy and cybersecurity landscape both domestically and across the globe.

Enhanced Privacy Challenges and Concerns Due to Covid-19

In response to the COVID-19 pandemic, businesses around the globe made a major pivot to online or virtual operations early this year. An intentional focus on data protection and a solid understanding of the regulatory landscape is a legal requirement that demands the integration of data protection up front in any network design or business practice. The increase in exposure of company assets made it necessary to implement a variety of technical safeguards. Companies still had to meet the compliance milestones of the NY SHIELD Act and California’s Consumer Protection Act (CCPA) while dealing with new privacy challenges caused by a distributed workforce and a global health pandemic. Beckage reminds organizations of the importance of revisiting their readiness through business continuity, incident response, and more expansive administrative, technical, and physical safeguards when shifting to a work-from-home model and recommends continued assessment of your company’s privacy pitfalls in this ever-shifting legal landscape.

Increased Ransomware and Cyberattacks

With rapid changes in organizational operations caused by the COVID-19 pandemic, attackers became more sophisticated in their strategies and unleashed several unrelenting, simultaneous attacks on service providers and the organizations they serve in 2020. Victims of recent cyber attacks, such as the SolarWinds campaign carried out in December, include government agencies, healthcare providers, consulting agencies, and , technology, telecom, and oil and gas companies. In many of these campaigns, attackers were able to gain access and move freely throughout an organization’s server, installing additional software, creating new accounts, and accessing sensitive data and valuable resources while remaining largely undetected. In response to the uptick in data incidents this year, the Beckage Incident Response Team recommends organizations implement several preventative steps to safeguard their organization to help minimize legal risk.

Patient Access Rights and Interoperability

Recent developments in 2020 concerning patients’ right to access health information to implement interoperability and record access requirements intend to help patients obtain access to health records and payment data to make informed decisions about their healthcare. The CMS Proposed Rule and the OCR Proposed Rule represent a complete overhaul of well-established standards and an introduction of new and highly technical requirements with healthcare compliance. The experienced Health Law Team at Beckage can help to distill these lengthy and complicated rules so organizations can understand practical implications on daily operations.

Increased International Focus on Consumer Privacy

On the heels of EU’s General Data Protection Regulation (GDPR), many countries followed suit by establishing legal frameworks for governing how organizations collect, use, and store their citizens’ personal data. One example is Brazil’s Lei Geral de Proteção de Dados (LGPD), which went into effect in August of 2020. This general data protection law, which closely mimics the GDPR, places strict requirements on organizations that process Brazilian citizen’s personal data.

At the same time, Europe continued to elevate its enforcement of the GDPR, with major decisions from various member state Data Protection Authorities, the European Court of Justice (ECJ), and the European Data Protection Board (EDBP). The most impactful for businesses across the globe was the ECJ’s decision in Schrems II, which invalidated the EU-US Privacy Shield and called into question the long-term viability of the Standard Contractual Clauses (SCCs) to transfer data from the EU to the US. In 2021, companies should closely monitor the evolving guidance on international data transfers and be prepared to mitigate risk of global data transfers.

Beckage’s Global Data Privacy Team expects continued adoption of data protection regulations across many regions, and an emphasis on creating global security and privacy compliance programs in the year ahead.

Uptick in ADA Litigation

This past year, the Beckage Accessibility Team has witnessed a drastic increase in litigation under Title III of the Americans with Disabilities Act. On average, about eight new lawsuits are filed a day by disabled individuals alleging unequal access to goods and services provided on a company’s digital platforms. While the Department of Justice (DOJ) has consistently held that the ADA applies to websites and mobile apps, they have failed to clarify the precise requirements for a business to be deemed compliant. This has prompted a wave of litigation by plaintiffs’ who claim a website or mobile app’s incompatibility with assistive technology, like screen-reading software, has denied them full access to and equal enjoyment of the goods, services, and accommodations of the website, therefore violating the ADA. Most of these lawsuits are settled quickly out of court to avoid litigating in such uncertain legal terrain.

Beckage handles the defense of website accessibility lawsuits as well as assists companies in navigate pre and post-suit settlement agreements for this unique area of the law.  Beckage also works with clients under privilege to conduct internal and remedial audits of client websites and mobile applications, evaluate platform compatibility and oversee implementation of recommended remedial or accessibility-enhancement measures.

California Consumer Protection Act (CCPA)  

Enforcement of California’s comprehensive California Consumer Privacy Act (CCPA) began on July 1, 2020 and has brought a range of plaintiff related lawsuits under its private right of action provision expanding California breach laws. For a data breach to be actionable, the information accessed must be identified as personal information, as narrowly defined by California’s data breach notification law. Recently, in November 2020, the Consumer Right To Privacy Act (CRPA) ballot initiative was passed, creating additional privacy rights and obligations pertaining to sensitive personal information that will go into effect. CPRA also expands data breach liability created by the CCPA, adds a private right of action for unauthorized access that permits access to an account if the business failed to maintain reasonable security, and imposes data protection obligations directly on service providers, contractors, and third parties. Beckage urges businesses who operate in or serve California citizens to continue to follow CCPA developments and carefully monitor related litigation in the coming months.

Emerging Technologies

The recent expansion of the Illinois Biometric Information Privacy Act (BIPA) has resulted in numerous class actions suits against organizations alleged to have collected plaintiffs’ biometric data. With the expanding use of biometric equipment, these claims often allege defendants obtained plaintiffs’ biometric data without complying with the BIPA’s notification and consent requirements. Upcoming class suits may address the issue of BIPA having an extraterritorial effect when bringing claims against out of state vendors.

Similarly, computers that manipulate the media, known as deep fakes, advance the dangers of influenced perceptions. The advancements of deep fakes are giving rise to laws regarding defamation, trade libel, false light, violation of right of publicity, or intentional infliction of emotional distress. Sophisticated tech lawyers can assist in determining rights and technological solutions to mitigate harm. As former tech business owners, Beckage lawyers want to drive innovation with use of these new and emerging technologies while understanding standards and laws that may impact such development. Beckage recommends that companies proactively mitigate the risks associated with collecting biometric information and deep fakes to prevent legal repercussions and defamation. 

Key Takeaways

2020 proved to be an unpredictable year in more ways than one. The COVID-19 pandemic forced companies to rapidly adapt to new privacy and data security challenges caused by a distributed workforce, emerging technologies, and an increased focus on ecommerce with in-person shopping and events. As we move towards 2021 with no definitive end to the pandemic in sight, it is crucial for companies to prioritize data privacy and cybersecurity initiatives by consulting qualified legal tech experts who can help navigate the uncertainty next year will bring. Beckage attorneys can assist in creating, implementing, and evaluating robust data security and privacy infrastructures that will help put your business in a position to tackle all the challenges 2021 has in store.

*Attorney Advertising. Prior results do not guarantee similar outcomes.

Subscribe to our newsletter.

1 2