| Time |
Session |
Dialogue Leaders |
| |
Wednesday, November 5 |
|
| 5:30 — 7:30 p.m. |
Welcome Reception |
|
| |
Thursday, November 6 |
|
| 7:45 — 8:45 a.m. |
Breakfast & Sign-In |
|
| 8:45 — 9:00 a.m. |
Welcome & Overview |
|
| 9:00 — 10:00 a.m. |
[Session 01] Tracking Technologies |
|
| |
A panel of drafting team members will lead a dialogue on their draft Commentary on Tracking Technologies. The dialogue will focus on the essential issues of fairness, transparency, and consumer choice addressed in the draft Commentary, as well as the challenges of balancing legislation with rapidly changing technologies. Additionally, the panel will discuss recent developments in case law and regulatory enforcement relevant to tracking technologies covered in the draft Commentary. |
| 10:00 — 11:00 a.m. |
[Session 02] Legislative Drafting Considerations: Lessons from Colorado's Privacy and AI Law Intersection |
|
| |
The panel of drafting team members will lead a dialogue on their draft Commentary which analyzes statutory clarifications and/or interpretations that may be needed in order for potentially contradictory privacy and AI laws to be read consistently, with the intersection of the Colorado Privacy Act and the Colorado AI Law as an exemplar. The draft Commentary aims to provide guidance to policymakers and legislators that ensures the absence of compliance challenges that can arise when privacy and AI laws are developed in isolation. |
| 11:00 — 11:15 a.m. |
Morning Break |
|
| 11:15 a.m. — 12:15 p.m. |
[Session 03] Judicial Perspectives on Privacy and Data Breach Litigation |
|
| |
Federal and state court judges from the South Florida region, one of the United States’ most active jurisdictions for privacy and cybersecurity litigation, will share their insights on emerging trends and developments in privacy and data breach litigation. Drawing on their experience presiding over these complex and rapidly evolving matters, the judges will offer commentary on key legal issues, including standing, merits, and class certification. Panelists will also discuss what litigants can do to better assist the court in managing these cases and will highlight patterns they’re observing in the cases that come before them. |
| 12:15 — 1:15 p.m. |
Lunch |
|
| 1:15 — 2:30 p.m. |
[Session 04] Onward Transfer of Consumer PII in M&A and Bankruptcy Contexts |
|
| |
A panel of brainstorming group members will lead a dialogue on their outline that evaluates the legal and privacy considerations regarding the onward transfer of consumer Personally Identifiable Information (PII) during mergers and acquisitions (M&A) and bankruptcy proceedings. In conducting its analysis, the brainstorming group reviewed WG11’s Commentary on Data Privacy and Security Issues in Mergers & Acquisitions Practice (“Commentary”), published in 2019, and provided recommendations in the outline as to whether an update or expansion of the Commentary is merited, and/or if a new, standalone publication is warranted. |
| 2:30 — 3:30 p.m. |
[Session 05] Venue, Forum, and Choice of Law in Privacy and Data Breach Class Actions: Time for a Closer Look? |
|
| |
As privacy and data breach class actions proliferate in both state and federal courts, complex questions around forum selection and jurisdictional questions, particularly under the Class Action Fairness Act (CAFA) are becoming increasingly consequential. Dialogue leaders will explore a number of CAFA issues, including whether CAFA's “home-state” exceptions are functioning as intended in the context of privacy and data breach litigation, and whether modifications to broaden the exception would promote fairness and efficiency. This panel will also examine how courts are (and should be) addressing venue transfer under 28 U.S.C. § 1404(a) in data breach and web tracking class actions, and whether these cases call for a specialized framework given their unique factual and legal contours. Additionally, the panel will discuss how foundational doctrines like lex loci delicti can and should apply in multi-state privacy class actions. The session will aim to identify areas of convergence and division in the case law, with an eye toward whether the topic merits further exploration in a brainstorming group. |
| 3:30 — 3:45 p.m. |
Afternoon Break |
|
| 3:45 — 5:00 p.m. |
[Session 06] Privacy and Data Security Regulator Roundtable |
|
| |
The panel will lead a dialogue on key developments in U.S. federal and state legislative and enforcement activity, with a particular focus on the enhanced consumer privacy laws that were recently enacted. |
| 5:00 — 7:00 p.m. |
Reception (guests invited) |
|
| |
Friday, November 7 |
|
| 8:00 — 9:00 a.m. |
Breakfast & Sign-In |
|
| 9:00 — 10:15 a.m. |
[Session 07] Beyond the Draft: Revisiting Notice and Consent for Facial Recognition |
|
| |
As biometric technologies like facial recognition advance, the legal frameworks governing their use remain fragmented and debated. A drafting team was convened in May 2021 to prepare a commentary on whether and under what circumstances notice and consent was appropriate for the use of facial recognition technology. Since that drafting team was initially convened, there have been several rewrites of the paper, membership changes, and significant changes to the law in this area. This panel will explore whether and how the commentary could be reimagined or alternative issues WG11 might address regarding biometric technologies. |
| 10:15 — 10:30 a.m. |
Morning Break |
|
| 10:30 — 11:45 a.m. |
[Session 08] Application of Attorney-Client Privilege in the Cybersecurity Context: The Latest Developments |
|
| |
Since Fall 2021, when WG11 last discussed an updated edition of the Commentary on Application of Attorney-Client Privilege and Work-Product Protection to Documents and Communications Generated in the Cybersecurity Context (“Privilege Commentary”), drafting team members have been busy adding significant new caselaw developments addressing attorney-client privilege and attorney work product in the context of litigation related to cyber incidents, as well as adding additional commentary on certain specific areas of legal response to cyber incidents that were only touched on or were outside the scope of the original Privilege Commentary. These areas include: (a) commentary on entity specific guidance including with regard to insurer/insureds, service providers/vendors, joint defense groups/joint common interest groups, agency/affiliate relationships, and communications between different/unrelated companies on areas of mutual interest/risk; and (b) exploration of the difference between business and legal advice, including, but not limited to, in the context of PR work in response to a cyber-incident. A panel of WG11 drafting team members will lead a dialogue with all attendees on the next steps regarding a second edition of the Privilege Commentary. |
| 11:45 a.m. — 1:00 p.m. |
[Session 09] Town Hall |
|
| |
WG11 Steering Committee members will lead a dialogue on progress made on the work product of WG11, and by WG11 as a whole. WG11 member input will be sought regarding the future direction of WG11, including ideas for existing and new commentaries and projects. |
| 1:00 — 2:00 p.m. |
Grab-&-Go Lunch (provided) |
|
