Following on the heels of major developments coming out of the Senate last week to advance privacy protections for children online, the Department of Justice (“DOJ”) officially filed a lawsuit on Friday against TikTok, Inc., its parent company, ByteDance, and certain affiliates (collectively, “TikTok”), over alleged violations of the Children’s Online Privacy Protection Act (“COPPA”) and its implementing rule (the “COPPA Rule”) as well as an existing FTC 2019 consent order (the “2019 Order”) alleging violations of the same.[1]Continue Reading DOJ Brings Lawsuit Against TikTok Over Alleged Violations of the Children’s Online Privacy Protection Act
DOJ Guidance
Developments at Justice: The Deputy Attorney General Talks Cybersecurity and the National Cryptocurrency Enforcement Team Gets its First Director
February 17, 2022 was a busy day for the Department of Justice and its growing cyber portfolio. First, Deputy Attorney General Lisa O. Monaco delivered remarks at the Annual Munich Cyber Security Conference, stressing the Department’s efforts to confront cyber criminals and its increasing focus on disruption and prevention, even if doing so would limit criminal prosecutions. Additionally, the Department announced the appointment of the first Director of the National Cryptocurrency Enforcement Team, which was established to address criminal misuse of cryptocurrencies and digital assets.
Continue Reading Developments at Justice: The Deputy Attorney General Talks Cybersecurity and the National Cryptocurrency Enforcement Team Gets its First Director
Cleary Gottlieb Welcomes Back Anthony M. Shults, Former Acting Deputy Assistant Attorney General and Senior Counsel at the Department of Justice
We are delighted that Anthony M. Shults has rejoined Cleary Gottlieb as a senior attorney from the U.S. Department of Justice (DOJ), where he served as acting Deputy Assistant Attorney General and Senior Counsel in the Office of Legal Policy and as Attorney-Advisor in the National Security Division. He is based in our New York office and will focus on cybersecurity, data privacy, and emerging technologies, as well as securities, appellate, and complex commercial litigation.
Continue Reading Cleary Gottlieb Welcomes Back Anthony M. Shults, Former Acting Deputy Assistant Attorney General and Senior Counsel at the Department of Justice
DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach
On August 20, 2020, the Department of Justice (“DOJ”) announced that it had charged Joseph Sullivan, the former Chief Security Officer (“CSO”) of Uber Technologies Inc. (“Uber”), with obstruction of justice and misprision of a felony for allegedly attempting to cover up Uber’s 2016 data incident during the course of an investigation by the Federal Trade Commission (“FTC”).
Continue Reading DOJ Charges Former Uber Executive for Alleged Role in Attempted Cover-Up of 2016 Data Breach
DOJ Issues Guidance on Private Sector Intelligence Gathering Activities on the Dark Web
Earlier this year, the Cybersecurity Unit (“CsU”) of the Computer Crime and Intellectual Property Section of the United States Department of Justice released guidance for the private sector entitled “Legal Considerations when Gathering Online Cyber Threat Intelligence and Purchasing Data from Illicit Sources.” The Guidance (available here) is intended to aid private actors to assess the potential legal exposure under federal criminal law as a result of engaging in common cyber intelligence-gathering activities on the dark web. Focusing on activity on TOR-based Dark Markets, i.e., “online forums in which computer crimes are discussed and planned and stolen data is bought and sold,” CsU offers practical tips and best practices for legitimate private actors to reduce the risk of liability and other negative repercussions under federal law.[1]
Continue Reading DOJ Issues Guidance on Private Sector Intelligence Gathering Activities on the Dark Web
United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement
On October 3, 2019, the governments of the United Kingdom and United States signed the first-ever executive agreement governing cross-border data requests (the “Agreement”) pursuant to the US Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”).[1] As contemplated by the CLOUD Act, the Agreement provides a mechanism for the governments to access and share data stored abroad by electronic communications services providers (“CSP”) in their respective countries in a timely manner. The Agreement will enter into effect following a 180 day Congressional review period required by the CLOUD Act and a similar review by the UK Parliament.
Continue Reading United Kingdom and United States Governments Sign First-Ever CLOUD Act Agreement
July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors
In late July 2019, U.S. federal and state regulators announced three headline‑grabbing data privacy and cybersecurity enforcement actions against Equifax and Facebook. Although coverage of these cases has focused largely on their striking financial penalties, as important are the terms the settlements imposed on the companies’ operations as well as their officers, directors, and compliance professionals—and what they signal about potential future enforcement activity to come.
Continue Reading July 2019 Privacy and Cybersecurity Enforcement: Lessons for Management and Directors
DOJ Releases White Paper Addressing Scope & Implications of CLOUD Act
On April 10, 2019, the Department of Justice (“DOJ”) released a white paper titled Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act. This white paper is the first official DOJ statement about the Clarifying Lawful Overseas Use of Data Act (“CLOUD Act”) and reflects the DOJ’s current perspective on its scope and implications. Below we summarize the CLOUD Act and discuss the DOJ’s key observations.
Continue Reading DOJ Releases White Paper Addressing Scope & Implications of CLOUD Act