Insights

San Francisco – December 21, 2020: In a novel constitutional case, Crowell & Moring secured a decisive victory for the University of California (UC) by defeating a motion for preliminary injunction which sought to halt the implementation of an Executive Order requiring that all UC students, employees, and faculty working, studying, or living on campus to get a flu shot by November 1. UC was one of dozens of U.S. colleges and universities that implemented a flu vaccine requirement this year, due to the confluence of the 2020-21 flu season and the unprecedented COVID-19 pandemic.

Washington – January 2, 2020: Crowell & Moring elected eight lawyers to the firm’s partnership, effective January 1, 2020. The firm also promoted seven attorneys to the position of senior counsel, and 26 associates to the position of counsel. The new partners have been promoted from within the ranks of the firm’s Washington, Los Angeles, and San Francisco offices. The new partners have been promoted from across offices and practice groups, including White Collar & Regulatory Enforcement, Health Care, International Trade, Intellectual Property, Privacy & Cybersecurity, Government Contracts, Litigation, and Antitrust.

On December 17, 2024, the Federal Trade Commission (“FTC”) and the Illinois Attorney General (“AG”) announced a $140 million settlement with Grubhub to resolve charges involving an array of allegedly unlawful and deceptive business practices. Even though the FTC’s proposed final rule on junk fees (also announced on December 17, 2024) is limited to hotels, live events, and short-term rentals, this settlement demonstrates that the FTC will use its broad enforcement powers to pursue companies imposing junk fees online, and that both federal and state consumer protection regulators will formulate 2025 enforcement priorities with junk fees and click-to-cancel in mind. Indeed, this $140 million settlement, of which Grubhub will pay $25 million based on its demonstrated inability to pay the full amount, is the first of its kind in that it is a joint action by the FTC and state regulators to pursue both junk fees and click-to-cancel violations.

After conducting an investigation targeted at nine popular social media and video streaming companies, the Federal Trade Commission (FTC or Commission) released a Staff Report examining their data practices, including those relating to minors.  The FTC based its report on responses to questions it compelled under Section 6(b) (which enables the Commission to require an entity to file reports or answers in writing to specific questions) from Amazon.com, Inc. (which owns the gaming platform Twitch), Facebook, Inc. (now Meta Platforms, Inc.), YouTube LLC, Twitter, Inc. (now X Corp.), Snap Inc., ByteDance Ltd. (which owns the video-sharing platform TikTok), Discord Inc., Reddit, Inc., and WhatsApp Inc.

The rapid and evolving development of artificial intelligence (“AI”) has alarmed various government agencies, especially the Federal Trade Commission (“FTC”).  On November 21, the FTC approved an omnibus resolution simplifying the process for its staff to issue civil investigative demands (“CIDs”) in AI investigations.  This resolution comes on the heels of President Biden’s October executive order establishing new standards for AI safety and security.  Both actions may increase exposure for businesses involved in the use of products and services that use or are produced through AI.  Businesses should be knowledgeable about their use and marketing of AI and ensure their products and conduct do not pose a risk to consumers or competition.

Corporate Counsel speaks with San Francisco partner Kristin Madigan, who observes that when in-house counsel hear the phrase ‘AI’ or ‘algorithms,’ it’s a signal that this is a product or tool that requires further scrutiny and that AI tool providers also want to make sure their products are used as they intended.

After a surge in privacy class action lawsuits in 2024, San Francisco-based Crowell & Moring partner Kristin Madigan says she expects to see more of the same in the year ahead, as plaintiffs’ lawyers continue testing out new legal theories to bring claims against any company that collects, uses, or sells customer data.

Imagine a customer walking into a clothing store. She browses the racks, selects a few items, and asks the sales associate for a dressing room. She walks into the dressing room and tries on the clothes. Then she heads to the counter, pays for some of the items, and leaves.

The rise of artificial intelligence has captured public imagination in ways both good and bad, realistic and fantastical. AI is transforming every sector of industry, raising numerous, difficult legal and ethical issues ranging from contracting to liability to intellectual property and more. Over the next two days, our panelists will walk you through the technology and issues you need to understand today. You’ll leave with practical insight into how to confront the thorny problems that AI raises, and you’ll also get a sense of what’s coming next. We’ve designed plenty of opportunities for you to ask questions and talk with our panelists, particularly at the cocktail reception at the end of our first day together.

Crowell & Moring Partner Kristin Madigan, a member of the firm's Privacy & Cybersecurity Group, will be speaking at this year's Annual Internet of Things Virtual National Institute, hosted by ABA's Science and Technology Law Section, will be taking place virtually September 12-13. Her presentation, "Privacy in the Multiverse of Madness: Protecting Data in Real Life and Beyond," will take place on September 13th from 11:30 a.m. - 12:30 p.m. ET (CLE Offered).

The regulation of connected devices is an ongoing process at the federal and state level, and manufacturers have to contend with a variety of stringent regulations. For example, California’s IoT cybersecurity law went into effect at the beginning of 2020 and requires the manufacturer of a connected device include “a reasonable security feature or features that are…[d]esigned to protect the device and any information contained therein from unauthorized access, destruction, use, modification, or disclosure.” A number of other states, including Illinois, Maryland, Massachusetts, New York, and Oregon, have passed, or are considering similar laws. The federal government is also very interested in this area, and multiple U.S. federal agencies have authority over different aspects of IoT devices.

With companies paying out millions of dollars in ransoms and recent statements by government officials making clear that ransomware attacks now take their place alongside supply chain attacks, cyber-theft, and disinformation campaigns as national security threats in the digital age, it’s no surprise that ransomware is all over the news. While there’s no question that these attacks pose a significant risk to global companies, developing a solid plan for preventing and responding to attacks before they happen – and following that plan when they do – isn’t always an easy task. Fortunately, Crowell & Moring is here to help.