Technology Archives - Page 11 of 18 - The National Law Forum

Episode 2: The Importance of Data in Legal Business and Legal Marketing with Laura Leopard of Leopard Solutions [PODCAST]

Rachel and Jessica speak with Laura Leopard, the Founder and CEO of Leopard Solutions: a service that provides law firms with data to improve hiring and marketing for the business of law.

Be sure to take the Women Leaving Law Survey HERE and sign-up for the Women Leaving Law webinar on June 2, 2022 to hear the results of their survey.

We’ve included a transcript of our conversation below, transcribed by artificial intelligence. The transcript has been lightly edited for style, clarity, and readability.

INTRO 00:00

Well, hello, and welcome to Legal News Reach the official podcast for the National Law Review. Stay tuned for a discussion on the latest trends, illegal marketing, SEO, law firm best practices, and more.

Rachel 00:15

My name is Rachel,

Jessica 00:16

And my name is Jessica.

Rachel 00:18

And we’re the co-hosts for the podcast. Today we’re speaking with Laura Leopard Founder and CEO of Leopard Solutions. Laura, would you like to tell our listeners a little bit about yourself and your organization?

Laura Leopard 00:28

Of course, of course, we are a legal intelligence company that monitors law firms and attorneys. And we have been doing it for nearly 20 years. And we have grown from a simple attorney list to a detailed current and historical account of attorneys and their movements. And of course, we now offer competitive and business intelligence for law firms and the market in general. And I have been at the helm for nearly 20 years.

Rachel 01:02

We’re excited to get your insight into some of those more data-driven trends here in the industry. So the first thing that we want to focus on is the importance of data and legal marketing and legal business. One of the things that I hear pretty often is that law firms are data-rich and information poor. So can you explain a little bit about why that is and how law firms can solve for that problem?

Laura Leopard 01:26

Well, I think that was more generally true in the past. But today, many law firms are correcting that issue, because they’re hiring intelligence professionals to come in and help them mind and understand their own data. The other side of the coin is gathering external data on their competitors so that they can benchmark their own shortcomings and successes properly. And that’s where we come in. We measure law firms across the board, and we deliver those benchmarks that they need. Well, several years ago now, we had prepared a detailed report on a law firm and the top 200, about their ROI on lateral hiring and entry-level hiring. And we showed it to you know, prospective law firm. And we offered to write one for their firm, and then also a list of their competitors, you know, of their choice. And their response was, “this is very interesting, but I’m not sure what we could do with it.” And it just proved to me at that time that firms and leopard both needed to do a better job of explaining the value of the data, and how it could be used. So we developed firm scape, which is our competitive intelligence platform. And it’s filled with great data. And people were very excited to see it. But then again, only people who could readily understand what it offered, really benefited from it in really meaningful ways. So when we wrote our Business Intelligence platform, we wanted to just carefully lay out what everything meant, in clear, concise terms, so that meaningful measurement would be readily understood. You know, everyone gets very excited about data. You know, “big data, big data, data-data-data.” But not everybody understands the application of that data, what that data could mean. And that’s where we have hoped to sort of democratize data in a sense of laying it out in a way that anybody can understand it, not just data people.

Rachel 03:36

Yeah, I think just being empowered to look at it is also really great. Because I think some people can get a little intimidated by data like, “Oh, it’s just a lot of numbers,” like what the numbers mean. So one of the trends that we’ve seen, and that we’ve talked about recently is women leaving the legal industry and what that means for the profession. We published a Q&A that you did with Stefanie Marrone, about this topic. We’ve had her on the podcast before; I was curious if you could dive into this trend and talk about why this is happening and how law firms can respond to it?

Laura Leopard 04:07

So we did a survey, and it’s still in progress. We’ve had about 170 responses so far. And I have to tell you, it was incredibly depressing to read the comments and the answers that they had about why they left their top 200 law firm. And a lot of it was much of what you might suspect, you know, lack of opportunity, lack of mentorship, a feeling of not being included, you know, in the group and just really lack of opportunity stood out, you know, a great deal. So we decided, well, we can’t just we can’t just, you know, do a report. We’re gonna do a presentation in May about this at the Art conference. We really wanted to dig in deeper. So we’ve been doing interviews with women who have succeeded in the top 200 Who are partners at their firm, and they’re leading women’s initiatives, and they’re doing some really great things. And we’re learning a lot in the whole process, I didn’t want to just say, here’s a big problem, you should fix it. It’s like, Here are ideas about how you can fix it. And here are examples of where those ideas are actually succeeding in top 200 law firms. But I think the really important thing that we took away after reading a lot of this was these same problems exist for attorneys who are also underrepresented, and from who are ethnically diverse. And there are also, you know, white men at the firms that have issues because they have a family members who is ill, and they have to step away. And there’s lots of there’s, there’s lots of problems here. But there are ways to fix them. And that’s what we’re working on. Right now. We are doing some great interviews, we’re coming away with some really positive ideas. And we have some firms that are really doing some great work. And we want to share that with everyone. This is not a problem that cannot be fixed. This is a problem that can be fixed, if one wishes to fix it, and everyone is determined to see it through. And for us, it’s really important to talk about this topic, we are a woman-owned business. I’m a woman entrepreneur, we have all experienced, you know, sexism, we have all experienced some lack of opportunity in our lives. And this is really important for us to start this conversation again, or remind people this conversation needs to be ongoing and continuing. So after our presentation, we’re going to we’re going to do a webinar at leopard, we’re going to invite some great folks to speak at that webinar, we’re also going to do a full white paper. But this is one of one of something that’s really, really important to us. And I really hope it can open a lot of eyes and help move the needle to helping women succeed in those top 200 firms and in law in general.

Rachel 07:13

We talked on the show before about how COVID has sort of given people the opportunity to make change that their law firm their ongoing, I think, you know, we did speak in the past year about how COVID did push women out of the workplace. But like, I think moving forward past that and not using that as like an excuse to go back to the way things were and to make long-lasting change, I think is really important. So I was curious if you could share maybe some of the solutions that you know, law firms could implement to help remedy this problem, or if that’s something that will come later with with your white paper and after your presentation?

Laura Leopard 07:48

You know, having a strong mentorship program is really important. And you can have assigned mentors, but you also have those sort of like those volunteer mentors on the side. And not just not just women mentoring women, but men also being mentors to women. The same problem exists for those who are ethnically diverse, if you have a program in place, or everyone is assigned a mentor, then you’re you’re going to help them overcome that hurdle, flex time paternity and maternity leave and not just saying we offer maternity leave, but by saying we encourage you to take maternity leave, right? If as many men took maternity leave, as women take maternity leave, it sort of removes that stigma from a woman having to take that time off, there are some really concrete things that can be done that can make a huge difference. And, you know, the women did not just leave these firms due to COVID. They left because it became untenable to stay for many different reasons. And a lot of it had to do with flexibility on the job, right? Yes, they were. Some of them were home with children. But a lot of people that answered this survey didn’t have children at home. But this entire pandemic caused people to think differently about their lives and their situations. Women are not alone in feeling this way. Right. So there are lots of young people now that are coming, you know, coming into law firms that are saying, I don’t I don’t want to work 80 hours a week. I like being home. I like having time to myself, that’s important to me. And the pandemic showed a lot of people how important that other part of your life is, right? It’s it’s a big bargain to make when you say I’m gonna work this hard for this long and I’m gonna make partner but some of the people that responded to our survey says, here’s here’s a here’s a newsflash when you make partner, that doesn’t get any better. If anything, it gets worse. worse, there are more responsibilities on top of you, you have to continue to work those crazy hours. And you have to do business development and you have administrative duties. And and and so if you are questioning, you know if this is the lifestyle for you. And I actually did have someone say that. So if you really care about having a lifestyle with your family and friends that may be this, this choice isn’t for you, I’m gonna flip it back on its head and say, Do you really want well rounded, happy, well adjusted people working for you, somebody that’s working 80 hours a week is not going to fit that bill, right? Because that’s all they do. That’s their single focus. And they’re going to burn out, and they’re going to leave you just when you need them. So taking a more holistic view, and saying, you know, and this was this was a quote, I had a partner say, I was told when I, you know asked for flex time, my partner said, I would rather have you at 50% of your normal time than many of the people that work for me at 100%. Because you do the job that I need you to do. It’s it’s time that law firms start thinking about the future, things never stay exactly the same, right? The whole hierarchy of law firms that we know now was created, what 100 years ago, when men were the only people that were lawyers, and they had wives and housekeepers and stuff at all. Right? That’s not the world we live in anymore. And we’re also beginning to question, you know, all the young people coming up are questioning everything. They’re questioning authority, they’re questioning why they have to do this and why they have to do that. And when they say, this isn’t a life, that’s for me, I don’t want to be partner. What does it do to that old model? You know, you’re there, there’s going to have to be an inflection point where they start to think about what is going to happen at their firm five years from now 10 years from now, when this generational divide, you know, really takes place. And here’s another newsflash. According to our data for the last three years ago, I think entry level hiring coming out of law school was about 5050 men and women, then the women edged out the minute, then the women rose again, there are far more women in college and far more women in law school than there are men, and they are outnumbering men being hired on that entry level position. But if those women don’t stay, and if those women leave, because you are asking, you’re creating an untenable situation for them, what’s going to happen to your partner track, then what is going to happen to that wealth of knowledge that that person brought to your firm, and she’s gonna walk away with, there’s, there’s going to be a reckoning in the industry, because times have changed, and people have changed. And it’s going to be interesting to see how it plays out. But we can see by looking in the data that they’re, they’re going to be, there’s going to be some shockwaves. And as we start, at the Women’s seminar, we’re going to be, you know, measuring all kinds of exit data and comparing it, you know, one against the other. But it’s time that firms really start to have more of a forward view about what kind of law firm they’re going to be 10 years from now, because that’s really going to impact one thing they care about most. And that’s their bottom line.

Rachel 13:46

What has been the impact that you’ve seen, like this, this lack of information?

Laura Leopard 13:54

I think we all can say, you know, pretty clearly, if you are not using data to make decisions, you’re gonna pay a price for it. You know, data improves decision making, and it can help you predict, you know, competition stresses, and then by tracking industry trends, you can begin to predict future moves a little more successfully. Of course, you have to be, you have to have really, really good data, right? If you’re using bad or incomplete data to make decisions, you might as well not use it at all. So, data quality has been very central to our business. Our data is checked and rechecked and continually updated in order to offer the best possible dataset. But I think data itself should be demystified you know, to a certain extent, by making it clear why a particular dataset matters, right? firms should care about employee turnover because it costs their bottom line and I’m not just talking about a few dollars here and there. I’m talking about Millions of dollars. And firms should care about where their competitors are opening new offices because it shows possible opportunity that they didn’t see, firms should care about who their competitors hire, to see where their next focus will be. And perhaps they should look there as well. Are, is there a competitor building up a practice that competes directly with them in their city? Are they looking at your people to possibly, you know, recruit out of them? Lack of data and insight just leaves a firm operating blindly, just by their instincts and granted, instincts are great, but they can go horribly wrong. If you look in our growth decline report now, which kind of shows that winners and losers by you know, headcount, you will see firms in the bottom of that tear that you never would have guessed would be there just a few years ago, those other firms saw an opportunity that the others didn’t, and they seized it. So data can really make or break, you know, your company, relying on your gut and anecdotal data that people bring you. It’s just not effective. I, you know, law firms love to call around and ask a recruiter. So what’s hot right now? Or what’s what’s going on right now, this was one of my favorite stories. They they talked to a recruiter, the recruiter said, Oh, the Chicago market is so hot right now. It is so hot. It’s just on fire. And I look back and I looked at our data and and like, it’s, no, it’s not, there isn’t more movement, there isn’t more job openings, that one recruiter happened to be a lot busier in Chicago than anybody else. So all of that anecdotal data like that is meaningless when you can compare that against really hard, true facts. And that’s what they really need to start doing.

Jessica 17:00

Without giving away the “secret sauce” if you will, the metrics that these firms are using for hiring specifically is that, you know, the number of job openings, like you said. I mean, what are what would you say are maybe 1-2-3 of the big numbers they’re paying attention to with hiring specifically?

Laura Leopard 17:16

Well, you know, on our platform, one of one of everyone’s favorite, you know, reports is, is that growth decline report so they can see who is who is growing quickly, and adding a lot of people to their firm. You also can see firms who who are in churn, right, they lost 100 people, they hired 100, people, and firms will use that report to find firms that it might be easier to pry people away from, right. So if you have a firm, that’s negative 15, in headcount, and people are exiting that firm like crazy, well, you have an opportunity to go pick up those people there. You also can look at our lateral reports. And you can see where the hot markets are, you can slice and dice it by practice area by specialty, you know, by far by all different kinds of metrics. You even can look at, you know, gender movement, and those who are ethnically diverse, there’s lots of different ways to look at it, but it gives you a good market view. And of course, we do have, we have a job program where we are looking at over 1000 law firms every day in real time. And I’ll tell you, you know, when the pandemic happened, we normally had like six to 7000 jobs and our job program. During the pandemic, I think in like July of 2020, that number went down to about 3000. And most of them, I don’t think were really real openings. Anyway, there were openings, they just sort of left on their website. And now we have over 12,000, approaching 13,000 openings in a program. So that will just tell you the velocity, they also can. And our job program is great for CIA too, because you can go in and see how what your competitors are looking for how they’re framing that position, like right now, we know everyone’s looking for corporate m&a people, right? How are they framing that job? How can you make yours look more attractive? What can you do to you know, sort of get an edge in that market. And there’s lots of other reports that we have that can help them gain advantage. But those are probably, you know, the top the top three, just seeing what’s going on in the market.

Jessica 19:31

With all the changes in the legal industry, I think there’s a huge focus right now, not only in just data and the services you guys offer, but also diversity in the workplace. So I would love to know–I know you mentioned a little bit of it, but being able to see you said gender maybe changes are hiring, how to make it attractive to certain diverse populations of people so that you know, the law firms represent their communities, if you will. Could you explain a little bit more of that? I would love to definitely learn more.

Laura Leopard 20:00

For years, we had been asked to have diversity information in our database. But we just thought it would be incredibly hard, we weren’t sure how we wanted to do it, it was it’s it, you know, having that kind of information in the database is a little risky. To a certain extent, you have to be really careful and really think things through. Then the summer of George Floyd happened, we were in the middle of a pandemic, things were kind of crazy. But when that happened, we all you know, on our, our, you know, our little community of folks at leopard said, we have to do something, we have to do something. So we put all of our heads together. And we said, well, here’s how we might do it. And we knew about the Mansfield rule and, you know, diversity lab who are great folks. And we knew how they handled their data. And they really, were asking for data, they really wanted law firms to be able to go in and find people that were diverse in order to bring them into the hiring game. So we took a page out of their playbook, and we said, Okay, if we put diversity in our database, we’re only going to show it to people who we think are going to use it correctly. So if a law firm is a member of the Mansfield rule, they get the diversity data, we don’t charge an extra penny for any of this, we spent months doing research on every single person in the US in our database, to see if they might be ethnically diverse. And what we did was we, we went on a probability score. So if we look at where they’re from languages, they speak committees that they belong to, like we sort of look at all of their data points, then we can come back and say, Okay, we think there was a high probability, this person could be ethnically diverse. If you are a member of the Mansfield rule, you can access and you can view those attorneys. If you’re not, then you can sign the leper diversity pledge. And with that, you are promising to use that data in the correct way, which is to include not exclude, and to really look at these people, you know, in order to bring them in front of the hiring committee of a law firm, in order to move that needle. We also put safeguards in the database in place, so that those people could never be excluded from a search, they could only be included, you can only see them when you want to find them. And we did the same thing for gender. So we moved because there were other gender issues that we wanted to recognize and acknowledge. So you have a high probability of being gender diverse or low probability of being gender diverse. So now, because because we took those steps, we are also able to report on diversity, and every single law firm in our system. And that means if you are a diverse candidate, you’re going to you’re going to be able to know, you know, or a recruiter can show you or the law firm can show you what their diversity score is, in comparison to the other law firms that they may be considering. Everyone. Everyone gets a score, everyone sees you know, how well they’re doing or how poor they’re doing. And law firms can use this in their conversations with people that they want to bring in. And let them know that they are growing diversity within their firm, you can see it in the growth decline report, you can see who’s growing in ethnic diversity numbers, who’s growing in women numbers, it’s all right there for the world to see. And we use the same scoring across the board for every firm. So it’s so it’s all equal. But that was an incredibly important thing for us to do. We spent months with, you know, all hands on deck, getting this data in, and it’s something that we continue to work on all the time. You know, there are people that we have as, as we consider sort of, we don’t have enough information to go either way. Well, we continually go back to see if there’s more information that’s available about that attorney, so we can label them properly, high or low. But being able to do that also led us fold in diversity into our leopard law firm index. So we decided that the normal way that firms are assigned, you know, a grade of excellence, where those scores coming from a once a year list, you know, are really not helpful in today’s fast paced world. We have always seen firms go out of business in the top 200 of emerging they, you know, they go away, they go under, and we wanted something that was real time that would go up as the firm was improving and if the firm Um, you know, hit a bad patch than their score would also show that we have firms in the leopard top 250 that are not in the top 200. We have, we also have firms that are in the top 200 that are not in the leopard top 250 Because our scoring scoring methods are very different. And they’re really database and one of those data points is a diversity number, how well are they doing with diversity. So it is become a part of everything that we do in almost every single report. And in our last leopard law firm index, how well a firm is doing on ethnic diversity is incredibly important. And we wanted to show that by using it as many as many different ways as possible.

Jessica 25:49

I think it’s great to have so many different options of metrics, because I think casting that wide net, as far as what you’re able to keep track of for your firm, allows you to pick up any alarm bells of things that maybe aren’t going as well, like you said of, you know, growth, maybe it’s going down in this area or what have you. So I’m curious to know what some of those alarm bells would be or like red flags in the data that maybe law firms should pay attention to or could affect their business model and moving forward for their growth?

Laura Leopard 26:22

Well, I think all those items that are in that, you know, law firm index, and the score that we give because of it. So we look at metrics that really don’t change over time in the in the sense that we do look at only one little tiny piece of the financial puzzle, which is the revenue per lawyer, but it’s scored over a five year period, because that is really there just to show Oh, it’s going up, oh, it’s going down. So that is available there, and part of that index, but we also use items, the growth decline and attorney headcount, we use the average attorney tenure increases or decreases in that RPL, as I just mentioned, and the ROI, the success and lateral recruitment, and the success and entry-level recruitment. And for the index, we only look at it in the prior 12 months. Because if you are having problems retaining people, the first year they join that firm, we see that we think that is a red flag of something going on at the firm, which is why it’s in the index, we also look at promotions to partner and we look at ethnic diversity within the firm. And one reason that we do that is that companies have said over and over again, they care about ethnic diversity, and they want to work with firms that have a good ethnic diversity number, if that’s true, and if they hold their feet to the fire, then that really must be in the index. And there are other items that we’re looking to fold into that index. But those are the ones that help give that score. There are so many other things, that ROI that I talked about, like in the index, we look at the past 12 months, but you can go back and look, look three years ago, how well did you do in your hiring three years ago? How well did you do that the year before that, because we’re talking about millions of dollars that these firms are losing because they only have a 70% retention of people that they just hired two years ago. And and that is a huge red flag that they really must pay attention to. So then the question is, you know, where’s my problem? Right? So we wrote a report in the in the BI Suite, that really helps you break it down? Is it a practice area issue? Is it a particular office that has an issue, and you can benchmark your firm against your competing firms? I think sometimes when people say, Oh, we have a 80 80% retention rate, that’s pretty good. Well, it’s good until you compare it against some of your competitors who have a much higher number. And it’s also good until you realize exactly how much that attrition is costing your firm, millions and millions of dollars. You know, I’ve also I once had a recruiter and a law firm say, they really didn’t mind the attrition because it was sort of job security for them. Because they kept busy. But really, job security for them is not just it’s making sure you have a successful hire. It’s making sure that those people are happy and they’re getting what they need, is looking to see, you know who might be on the cusp of leaving. We have something in our attorney database called the probability The move, right? So we’re looking at people that have moved in the past and similar circumstances and JD, your range, practice area and all that good stuff. So you can run it on your own firm. And you can see who has a very high probability at your firm that allows you to play defense with those people and help to see if they’re getting what they need, are they happy? Do they need to look at some new kind of schedule? Are they unhappy in their practice area, and they’re not getting an opportunity to change it, there’s a lot, a lot of things that firms can do, if they start to use that data to help see where they might have a problem. And we’ve written many reports that could help them do that, again, again, even with the law firm index, it’s not about calling out oh, this is the big winner, this is the big loser, it’s like, you might have a problem. And we’re gonna help you find where your problem is, because this report will show you where you are, you know, far beneath your competitors, this is an area that you have to look at. And that’s what it’s there for is to really help them do better. And we can show them the metrics that say, this is where you should begin looking.

Rachel 31:15

We’d spoke a little bit about at the beginning of our conversation, how law firms are starting to really start to adopt this technology to integrate more data and things like that into their business. I was curious to get your thoughts on how the legal industry has changed over the course of your career in terms of how this technology has been adopted? Have you seen like a paradigm shift in the past couple of years? Or how has that been?

Laura Leopard 31:37

They certainly have changed, but it hasn’t been a change overnight, you know, law firms, both now. And then they use several different kinds of technology for several different purposes. And, you know, data was housed in silos, you know, with multiple programs used by multiple people. And today, you see firms hiring technology teams, to better integrate and manage that data. So that’s a step in the right direction. You know, I have seen firms that have very little data about their own firm, and about, you know, their own alumni. And they’re beginning to recognize that, that puts them at a disadvantage, right. So that recognition is a huge step, and getting the task of just getting all the data in a proper form, and then the right system, that’s a really big undertaking, and only the largest firms can really, you know, kind of take those steps and hiring that technology department, you know, lucky for others, we can kind of step in and provide that market data that CEI intelligence for them. And even for the firms that have, you know, their own CI department, they still need data on their competing firms to use to create that proper analysis and benchmarking. And that’s where we step in to fill that bill. But technology has been getting much, much better in in many law firms, but not all law firms, there will always be some that are sort of lagging behind.

Rachel 33:11

I wonder, you know, when is going to be the point where these people who are lagging behind will start to realize that, you know, if if you don’t change, then you die, essentially, you know, it’s because eventually just not going to be able to keep up with everyone else around you. So I think one of the technologies that in addition to data that we’ve been hearing about is the use of artificial intelligence in you know, recruiting and and other operations. I was wondering if you could speak a little bit about like your experience in using artificial intelligence and recruiting and things like that, and how it can improve those processes.

Laura Leopard 33:46

We have a product that uses AI, that sort of analyzes a possible merger, right, so it can produce possible candidates. And then when you select one, we use all of the data from all the past mergers that we’ve seen in our database, to really say, Well, this is how we think this merger would go based on attrition rates. And then we highlight all the risks points, you know, of that particular acquisition or merger. And that’s, that’s in the BI Suite. An AI for hiring is kind of tricky. So while it sounds like you know, oh, we’re going to use AI and it’s going to eliminate bias. The problem is there will be inherent bias baked in, depending upon the data set that AI is based on. And the legal industry has historically been predominantly white and male for decades. So an AI hiring system based on that data set is going to have bias unless you work to overcome it. If you’re parsing resumes and cover letters is going to need to be trained on you know, being neutral on titles and verbiage. And you know, was key words. Now we like to look at data patterns, which can prove to be, you know, maybe even more helpful than that kind of AI. You know, there’s different processes that firms do almost without thinking, you know, firms do a lot of institutional hiring. And we can show that in data and tell that story. And these are the types of data patterns that you know, I would like to see kind of shake up that hiring model, the one that, you know, may not be serving the firm as well as they thought. But an AI for hiring has always been tricky. And we’ve, we’ve explored some of this ourselves. And then at the same time, we said, Well, wait a minute, it could very well be that the best person at the firm, the one that succeeds the most is always going to be that white male partner that came on 30 years ago. So this is something that we’re working on. And we’re working to see how we could eliminate bias in that kind of report. But it’s, it’s a tricky thing. And it’s I know, a lot of companies outside of law firms have used it. And there have been a lot of issues with using AI in that process. So it’s something you have to watch very closely.

Rachel 36:17

Yeah, I think there’s this misconception that AI is just like, you know, it’s not a person. So how can it you know, make these questionable decisions. But the problem is that, like a person has to build the AI. And it has to be based off of, you know, it has to learn these things from something else. So I can see how that would be a slippery slope. So with that in mind, like do you see…Or I guess, like what technologies do you see changing these processes moving forward? What do you expect the role of technology will be like, in the future?

Laura Leopard 36:49

There are many, there are many hiring issues. And we are working now on a really cool piece of technology. To help with one of those, you know, I talked to I talked to a lot of law firm people who have to do a lot of work, before the hiring partner sits down with the candidate. Because so often that hire can be blown if that hiring partner doesn’t know what to say that I care. So much about lateral hiring is about convincing that person to join your firm. And competition right now is at an all-time high. So what sets your firm apart? You know, why would this top-notch corporate m&a attorney, choose your firm over the five others that he’s looking at, you really have to tell them and you can’t just say, Oh, we’re a great firm with great people and a great culture, you really have to say, how your firm has, you know, grown over your competitors. Let’s say you’re interviewing a woman who’s an IP associate and wants to make partner, well let her know how many women IP partners you have in your firm in relation to her current firm. And if that number isn’t as great, maybe the percentage of growth is great, right? Just convince them that your firm is the best choice by using data to confirm that back. There are always good stories that can be told with data. And we are trying to help firms uncover those and help that hiring partner convey those really positive things. And right now, you can do that. But you’d have to run several reports. And then you’d have to write the analysis and then hand it to the to the hiring partner. So we are developing a tool called the Coach’s Corner, that’s going to do just that. And it’s going to analyze the firm that seeking to hire against the firm with the attorney currently works. And it’s going to map out all the positives that we have in the data for your firm. And that is a really important part of the conversation. Right now the competition is so tight, and it’s so everything is moving so quickly, that they all need, you know, as as much help as they can to paint their firm in the right light if they’re gonna get that higher. So there’s a lot of power on the job seeker right now, especially in certain practice areas and in certain areas of the country. And they want to make sure that they’re making the right choice. All that there’s a lot of strange decisions going on out there. There’s, there’s a race for, you know, who’s getting paid the most. But if you’re all paying the most, how do you decide between one and the other, you have to look at all of that other data to say overall, our firm would be the better choice for you because of a B, C, D, and E. And that’s what we’re trying to do is give them the data for all of those points. So you may see people making decisions based on all of those metrics, and all of those things that that firm offers, as opposed to just monetary decisions, right? Am I going to be happy where I go? Am I going to be able to live the kind of life that I want to leave, all of that’s going to happen and that those firms that are doing that are going to change the dynamic of the rest. So it’s not all about starting salary, and it’s not all about the PPP. There’s a lot more in the mix now. And there may be a reshuffling of firms, as some firms begin to realize they need to change how they do business in order to have, you know, people that stay with them and people who want to join them.

Rachel 40:48

There will be an interesting thing to watch here in the coming years, especially as your company continues to roll out these new tools.

Laura Leopard 40:54

As a group as a women working in law firms, as men working in law firms, we have to look and demand and ask for that change to happen.

Rachel 41:04

Excellent. Well, that’s why we’re so excited to have you on as a guest today to get these ideas and these topics out there! So special. Thanks to you, Laura, for joining us today. We really appreciate it.

OUTRO 41:19

Thank you for listening to The National Law Review’s Legal News Reach podcast. Be sure to follow us on Apple podcasts, Spotify, wherever you get your podcasts for more episodes for the latest legal news. interested in publishing and advertising with us visit WWW dot NAT law review.com. We’ll be back soon with our next episode.

Article By Rachel Popa and Jessica Scheck with The National Law Review/The National Law Forum LLC.

For more episodes of Legal News Reach, please visit the podcast page.

Apple Smartwatch Antitrust Case Survives, Showing ‘Freedom of Design’ is Not Absolute

Judge Cites ‘Associated’ Anticompetitive Conduct Claims

It’s a case that challenges the limits of the “freedom of design” usually enjoyed by companies accused of product design changes alleged to harm competition. Ordinarily, a design change is not the kind of conduct that runs afoul of the antitrust laws, but on March 21, U.S. Judge Jeffrey S. White from the Northern District of California denied Apple Inc.’s motion to dismiss an antitrust case brought against it by AliveCor Inc. The suit alleges that Apple unlawfully maintained its monopoly in the market for heart rate analysis apps by updating WatchOS, the Apple Watch operating system on which AliveCor’s heart rate analysis app runs. (AliveCor, Inc. v. Apple Inc., No. 21-cv-03958-JSW, N.D. Calif.).

Heart rate analysis apps analyze the user’s heart rate in real time using a sensor close to the user’s wrist and determine whether the user’s heart rate is normal or irregular. The app runs constantly while the device is worn and alerts the user when a situation arises requiring an ECG recording and medical analysis. AliveCor also sells an electrocardiogram-capable wrist band for the Apple Watch and related WatchOS software that analyzes reading from the band. AliveCor claims that its products—the ECG-wristband hardware and software and its heart rate analysis app—“helped change the perception of the Apple Watch from an accessory to a personal health monitoring tool.”

AliveCor calls its heart rate monitoring app “SmartRhythm.” According to AliveCor, when sales of SmartRhythm took off Apple was inspired to announce an update to WatchOS with its own heart monitoring app designed to exclude AliveCor from the U.S. market for WatchOS heart rate analysis apps.

SmartRhythm works by using data from the Apple Watch’s heart rate algorithm. According to the complaint, Apple’s update to WatchOS altered the heart rate algorithm in a way that prevents third-party developers from being able to detect heart rate fluctuations and irregularities. As a result of these changes, SmartRhythm could not provide accurate heart rate analysis, and AliveCor removed it from the market.

Consequently, Apple is a monopolist in the WatchOS heart rate analysis app market, which AliveCor claims Apple is maintaining with exclusionary design changes to WatchOS, in violation of Section 2 of the Sherman Act, California’s Unfair Competition Law, and Section 17200 of California Business and Professions Code.

The court denied Apple’s motion to dismiss AliveCor’s monopolization claim in what it characterized as the “[single brand] aftermarket for WatchOS apps.” Applying the factors enumerated by the court in Newcal Indus., Inc. v. Ikon Office Sol., 513 F.3d 1038, 1044 (9th Cir. 2008), the court found that the WatchOS app aftermarket was wholly derivative from the primary smartwatch market, the alleged restraint applied only to the aftermarket, Apple’s aftermarket power was not obtained through contract terms reached in the primary market, and that competition in the smartwatch market does not discipline anticompetitive practices in the WatchOS app aftermarket. Accordingly, the court ruled that AliveCor’s market definition met the Newcal standards for a “single product” relevant market.

Apple argued that a company that improves a product to the benefit of consumers does not violate antitrust laws “absent some associated anticompetitive conduct,” citing the leading “freedom of design” case of Allied Orthopedic Appliances Inc. v. Tyco Health Care Group LP, 592 F.3d 991, 998-99 (9th Cir. 2010). The court quoted the holding of Allied: “If a monopolist’s design change is an improvement, it is necessarily tolerated by the antitrust laws, unless the monopolist abuses or leverages its monopoly power in some other way when introducing the product.”

Apple argued that its update to WatchOS was purely a design change that benefitted users, with no associated anticompetitive conduct. It observed that AliveCor hadn’t established that consumers use Apple’s app instead of some third-party app, or that Apple rejected any third-party apps, or that no other third-party heart apps are available to Apple Watch users. But the court rejected those arguments, noting that Apple failed to provide any legal authority that would require such allegations.

Apple ignored AliveCor’s allegations that Apple abused or leveraged its monopoly power “in some other way” by changing its heart rate algorithm to make it effectively impossible for third parties to inform a user when to take an ECG. AliveCor contended that Apple’s updated heart rate algorithm, which was pushed out to all earlier Apple Watch models, did not improve user experience. Its purpose was to prevent third parties from identifying irregular heart rates and offering competing apps based on that data. “These allegations present the type of ‘associated conduct’ that makes product design changes cognizable under antitrust law. Plaintiff’s allegations plausibly establish that Apple’s conduct was anticompetitive,” Judge White held. A case management conference set for May 20.

Commentary

It is truly difficult to see how some separate, “associated” conduct by Apple other than its design change to WatchOS violates Section 2. It seems more straightforward to consider the design change itself to be a cognizable anticompetitive act. It may be time to drop the fiction maintained in Allied v. Tyco that design changes are “never” antitrust violations unless accompanied by some “other” conduct. Here, Apple has created the market itself in the form of an OS platform used by millions of consumers who depend on it to access all manner of competing complementary products. Under those circumstances, it should be uncontroversial to hold a platform operator liable under the antitrust laws for design changes that exclude competitors or foreclose participants from the market, without indulging in the fiction of “associated” conduct.

Article By Jonathan Rubin of MoginRubin

For more antitrust legal news, click here to visit the National Law Review.

French Insider Episode 12: Navigating the Metaverse with Jim Gatto [PODCAST]

Joining host Sarah Aberg is Jim Gatto. Jim joins us today to discuss the metaverse, the technology and business models involved in these virtual worlds, the role of NFTs and cryptocurrency in the digital economy, and the legal, regulatory, and governance issues that can arise when companies seek to enter that space.

Jim Gatto is a partner in Sheppard Mullin’s Washington, D.C. office, where he leads the Blockchain & Fintech Team, Social Media & Games Team, and Open Source Team. Jim’s practice focuses on blockchain, interactive entertainment, digital art, AI, and online gambling. He advises clients on IP strategies, development and publishing agreements, licensing and technology transaction agreements, and tech regulatory issues. Jim has been involved with blockchain since 2012 and has been recognized as a thought leader by leading organizations including as a Cryptocurrency, Blockchain and Fintech Trailblazer by the National Law Journal.

Sarah Aberg is special counsel in the White Collar Defense and Corporate Investigations Group in Sheppard Mullin’s New York office. Sarah’s practice encompasses litigation, internal investigations and white collar defense. Her areas of focus include financial services and securities, as well as corporate fraud in a variety of industries, including technology, construction, and non-profits. Sarah’s regulatory practice encompasses market regulation, foreign registration and disclosure requirements, supervisory procedures, and sales practices. Sarah represents corporations, financial services companies, and associated individuals in connection with investigations and regulatory matters before the U.S. Department of Justice, the Securities and Exchange Commission, the Commodity Futures Trading Commission, FINRA, the New York Stock Exchange, the New York State Department of Financial Services, and the New York Attorney General’s Office.

What We Discussed in This Episode:

What is the Metaverse?
How Do Metaverses Differ from Earlier Virtual Worlds?
What Role Do NFTs Play in the Digital Economy?
Investing in a Metaverse: What are the Risks?
What are Legal, Regulatory, and Tax Considerations?
What Governance Issues Exist for Brands Operating in a Metaverse?
What are the Inflationary and Deflationary Aspects of the Virtual Economy?
How Might Blockchain and Cryptocurrency Alter International Financial Transactions?
Is the World Moving into a Virtual/Digital Economy?

Article By Sarah E. Aberg and James G. Gatto of Sheppard, Mullin, Richter & Hampton LLP

For more technology and internet legal news, click here to visit the National Law Review.

How Businesses Can Use LinkedIn Company Newsletters in Their Marketing Efforts

LinkedIn has added what I think is the most helpful tool in a long time for businesses to engage with and bring value to their followers – the ability for LinkedIn Company Pages to publish email newsletters right through LinkedIn.

This underscores the importance of having a company page and how it can be used as a content hub for marketing and recruiting your business.

Linked Company Page newsletters are available to businesses with more than 150 followers that actively maintain their LinkedIn presences.

You can create a LinkedIn Company Page newsletter in three simple steps:

Create: Start writing an article on and select “Create a Newsletter.” Give it a title, add a header image (it prompts you with the dimensions) and cut and paste your text. You can add hyperlinks and images for each article too.
Publish: When you publish your newsletter it will post to your feed and LinkedIn will notify your followers. They can opt in to receive email and in-platform notifications when you publish new content.
Review performance: View the analytics of each newsletter sent out and see the number of subscribers. The number increases pretty quickly which is awesome. And it’s opt in so you don’t have to worry about GDPR rules.

There’s a lot of opportunity here because it is a new feature (for companies – it’s been available to individuals for a short time) and most companies don’t know about it yet (and certainly aren’t using it yet), so being an early adopter is to your benefit.

Even if you send out an email newsletter, you should still utilize the LinkedIn platform to send out a newsletter because you will reach a different audience and cast a wider net for your content.

In addition, people are opting into this newsletter, so it’s not building an audience from scratch, and if you haven’t ever sent out an email newsletter, this is a great way to start. If email marketing programs and CRM management tools overwhelm you, this is a great way to test out the waters.

It’s also really easy to repurpose content you already have. I would include hyperlinks to your website or blog with the full text (in order to keep the newsletter short and to drive traffic to your site).

You can embed links from YouTube into the newsletter to play. Check out my LinkedIn newsletter to see how it looks.

Here are some content ideas for what you can include in your LinkedIn Company Page Newsletter:

Article snippets with links to your latest blog posts or client alerts
Links to past webinars (provide a synopsis too)
Links to recent podcasts and videos (with shownotes)
Recent case studies
Q&As with your employees
Highlights of your community service/pro bono work
Announcements of your recent hires
Recent press coverage (this would be the only place where I would recommend including self-promotional items in the newsletter – the rest of it should be client-focused)
Upcoming events/webinars – this is a great way to promote them
Open jobs – why not promote them through this newsletter? It’s a competitive job market
News about your diversity and women’s initiatives programs – clients care a lot about this

Check out this new feature and let me know what you think of it. With nearly 800 million people on LinkedIn and the fact that your competitors are very likely not using it yet, it’s at least worth trying out.

Article By Stefanie M. Marrone of Stefanie Marrone Consulting

For more business of law thought leadership, click here to visit the National Law Review.

WW International to Pay $1.5 Million Civil Penalty for Alleged COPPA Violations

In 2014, with childhood obesity on the rise in the United States, tech company Kurbo, Ltd. (Kurbo) marketed a free app for kids that, according to the company, was “designed to help kids and teens ages 8-17 reach a healthier weight.” When WW International (WW) (formerly Weight Watchers) acquired Kurbo in 2018, the app was rebranded “Kurbo by WW,” and WW continued to market the app to children as young as eight. But according to the Federal Trade Commission (FTC), Kurbo’s privacy practices were not exactly child-friendly, even if its app was. The FTC’s complaint, filed by the Department of Justice (DOJ) last month, claims that WW’s notice, data collection, and data retention practices violated the Children’s Online Privacy Protection Act Rule (COPPA Rule). WW and Kurbo, under a stipulated order, agreed to pay a $1.5 million civil penalty in addition to complying with a range of injunctive provisions. These provisions include, but are not limited to, deleting all personal information of children whose parents did not provide verifiable parental consent in a specified timeframe, and deleting “Affected Work Product” (defined in the order to include any models or algorithms developed in whole or in part using children’s personal information collected through the Kurbo Program).

Complaint Background

The COPPA Rule applies to any operator of a commercial website or online service directed to children that collects, uses, and/or discloses personal information from children and to any operator of a commercial website or online service that has actual knowledge that it collects, uses, and/or discloses personal information from children. Operators must notify parents and obtain their consent before collecting, using, or disclosing personal information from children under 13.

The complaint states that children enrolled in the Kurbo app by signing up through the app or having a parent do it on their behalf. Once on Kurbo, users could enter personal information such as height, weight, and age, and the app then tracked their weight, food consumption, and exercise. However, the FTC alleges that Kurbo’s age gate was porous, requiring no verification process to establish that children who affirmed they were over 13 were the age they claimed to be or that users asserting they were parents were indeed parents. In fact, the complaint alleges that the registration area featured a “tip-off” screen that gave visitors just two choices for registration: the “I’m a parent” option or the “I’m at least 13” option. Visitors saw the legend, “Per U.S. law, a child under 13 must sign up through a parent” on the registration page featuring these choices. In fact, thousands of users who indicated that they were at least 13 were younger and were able to change their information and falsify their real age. Users who lied about their age or who falsely claimed to be parents were able to continue to use the app. In 2020, after a warning from the FTC, Kurbo implemented a registration screen that removed the legend and the “at least 13” option. However, the new process failed to provide verification measures to establish that users claiming to be parents were indeed parents.

Kurbo’s notice of data collection and data retention practices also fell short. The COPPA Rule requires an operator to “post a prominent and clearly labeled link to an online notice of its information practices with regard to children on the home or landing page or screen of its Web site or online service, and, at each area of the Web site or online service where personal information is collected from children.” But beginning in November 2019, Kurbo’s notice at registration was buried in a list of hyperlinks that parents were not required to click through, and the notice failed to list all the categories of information the app collected from children. Further, Kurbo did not comply with the COPPA Rule’s mandate to keep children’s personal information only as long as reasonably necessary for the purpose it was collected and then to delete it. Instead, the company held on to personal information indefinitely unless parents specifically requested its removal.

Stipulated Order

In addition to imposing a $1.5 million civil penalty, the order, which was approved by the court on March 3, 2022, requires WW and Kurbo to:

Refrain from disclosing, using, or benefitting from children’s personal information collected in violation of the COPPA Rule;
Delete all personal information Kurbo collected in violation of the COPPA Rule within 30 days;
Provide a written statement to the FTC that details Kurbo’s process for providing notice and seeking verifiable parental consent;
Destroy all affected work product derived from improperly collecting children’s personal information and confirm to the FTC that deletion has been carried out;
Delete all children’s personal information collected within one year of the user’s last activity on the app; and
Create and follow a retention schedule that states the purpose for which children’s personal information is collected, the specific business need for retaining such information, and criteria for deletion, including a set timeframe no longer than one year.

Implications of the Order

Following the U.S. Supreme Court’s decision in AMG Capital Management, LLC v. Federal Trade Commission, which halted the FTC’s ability to use its Section 13(b) authority to seek monetary penalties for violations of the FTC Act, the FTC has been pushing Congress to grant it greater enforcement powers. In the meantime, the FTC has used other enforcement tools, including the recent resurrection of the agency’s long-dormant Penalty Offense Authority under Section 5(m)(1)(B) of the FTC Act and a renewed willingness to use algorithmic disgorgement (which the FTC first applied in the 2019 Cambridge Analytica case).

Algorithmic disgorgement involves “requir[ing] violators to disgorge not only the ill-gotten data, but also the benefits—here, the algorithms—generated from that data,” as then-Acting FTC Chair Rebecca Kelly Slaughter stated in a speech last year. This order appears to be the first time algorithmic disgorgement was applied by the Commission in an enforcement action under COPPA.

Children’s privacy issues continue to attract the attention of the FTC and lawmakers at both federal and state levels. Companies that collect children’s personal information should be careful to ensure that their privacy policies and practices fully conform to the COPPA Rule.

Article By Sheila A. Millar and Tracy P. Marshall of Keller and Heckman LLP

For more privacy and cybersecurity legal news, click here to visit the National Law Review.

New UK IDTA and Addendum Come Into Force

The new UK International Data Transfer Agreement (“IDTA”) and Addendum to the new 2021 EU Standard Contract Clauses (“New EU SCCs”) are now in force (as of the 21 March 2022), providing much needed certainty for UK organisations transferring personal data to service providers and group companies based outside of the UK/EEA.

The IDTA and Addendum replace the old EU Standard Contractual Clauses (“Old EU SCCs”) for use as a UK GDPR-compliant transfer tool for restricted transfers from the UK, which also enables UK data exporters to comply with the European Court of Justice’s ‘Schrems II’ judgement.

For new UK data transfer arrangements or where UK organisations are in the process of reviewing their existing arrangements, use of the new ITDA or Addendum would be the best option to seek to future proof against the need to replace them in 2 years’ time.

Where the data flows involve transfers of personal data from both the UK and the EU, the use of the Addendum alongside the New EU SCCs, will enable organisations to implement a more harmonised solution.

To view copies of the documents please follow the links below:

To read our previous blog post on this topic, click here.

Article By Francesca Fellowes of Squire Patton Boggs (US) LLP. Hannah-Mei Grisley also contributed to this article.

For more data privacy legal news, click here to visit the National Law Review.

Utah Becomes Fourth U.S. State to Enact Consumer Privacy Law

On March 24, 2022, Utah became the fourth state in the U.S., following California, Virginia and Colorado, to enact a consumer data privacy law, the Utah Consumer Privacy Act (the “UCPA”). The UCPA resembles Virginia’s Consumer Data Protection Act (“VCDPA”) and Colorado’s Consumer Privacy Act (“CPA”), and, to a lesser extent, the California Consumer Privacy Act (as amended by the California Privacy Rights Act) (“CCPA/CPRA”). The UCPA will take effect on December 31, 2023.

The UCPA applies to a controller or processor that (1) conducts business in Utah or produces a product or service targeted to Utah residents; (2) has annual revenue of $25,000,000 or more; and (3) satisfies at least one of the following thresholds: (a) during a calendar year, controls or processes the personal data of 100,000 or more Utah residents, or (b) derives over 50% of its gross revenue from the sale of personal data, and controls or processes the personal data of 25,000 or more consumers.

As with the CPA and VCDPA, the UCPA’s protections apply only to Utah residents acting solely within their individual or household context, with an express exemption for individuals acting in an employment or commercial (B2B) context. Similar to the CPA and VCDPA, the UCPA contains exemptions for covered entities, business associates and protected health information subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), and financial institutions or personal data subject to the Gramm-Leach-Bliley Act (“GLB”). As with the CCPA/CPRA and VCDPA, the UCPA also exempts from its application non-profit entities.

In line with the CCPA/CPRA, CPA and VCDPA, the UCPA provides Utah consumers with certain rights, including the right to access their personal data, delete their personal data, obtain a copy of their personal data in a portable manner, opt out of the “sale” of their personal data, and opt out of “targeted advertising” (as each term is defined under the law). Notably, the UCPA adopts the VCDPA’s more narrow definition of “sale,” which is limited to the exchange of personal data for monetary consideration by a controller to a third party. Unlike the CCPA/CPRA, CPA and VCDPA, the UCPA will not provide Utah consumers with the ability to correct inaccuracies in their personal data. Also unlike the CPA and VCDPA, the UCPA will not require controllers to obtain prior opt-in consent to process “sensitive data” (i.e., racial or ethnic origin, religious beliefs, sexual orientation, citizenship or immigration status, medical or health information, genetic or biometric data, or geolocation data). It will, however, require controllers to first provide consumers with clear notice and an opportunity to opt out of the processing of his or her sensitive data. With respect to the processing of personal data “concerning a known child” (under age 13), controllers must process such data in accordance with the Children’s Online Privacy Protection Act. The UCPA will prohibit controllers from discriminating against consumers for exercising their rights.

In addition, the UCPA will require controllers to implement reasonable and appropriate data security measures, provide certain content in their privacy notices, and include specific language in contracts with processors.

Unlike the CCPA/CPRA, VCDPA and CPA, the UCPA will not require controllers to conduct data protection assessments prior to engaging in data processing activities that present a heightened risk of harm to consumers, or to conduct cybersecurity audits or risk assessments.

In line with existing U.S. state privacy laws, the UCPA does not provide for a private right of action. The law will be enforced by the Utah Attorney General.

Article By the Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more cybersecurity and data privacy legal news, click here to visit the National Law Review.

EDPB on Dark Patterns: Lessons for Marketing Teams

“Dark patterns” are becoming the target of EU data protection authorities, and the new guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm their focus on such practices. While they are built around examples from social media platforms (real or fictitious), these guidelines contain lessons for all websites and applications. The bad news for marketers: the EDPB doesn’t like it when dry legal texts and interfaces are made catchier or more enticing.

To illustrate, in a section of the guidelines regarding the selection of an account profile photo, the EDPB considers the example of a “help/information” prompt saying “No need to go to the hairdresser’s first. Just pick a photo that says ‘this is me.’” According to the EDPB, such a practice “can impact the final decision made by users who initially decided not to share a picture for their account” and thus makes consent invalid under the General Data Protection Regulation (GDPR). Similarly, the EDPB criticises an extreme example of a cookie banner with a humourous link to a bakery cookies recipe that incidentally says, “we also use cookies”, stating that “users might think they just dismiss a funny message about cookies as a baked snack and not consider the technical meaning of the term “cookies.”” The EDPB even suggests that the data minimisation principle, and not security concerns, should ultimately guide an organisation’s choice of which two-factor authentication method to use.

Do these new guidelines reflect privacy paranoia or common sense? The answer should lie somewhere in between, but the whole document (64 pages long) in our view suggests an overly strict approach, one that we hope will move closer to commonsense as a result of a newly started public consultation process.

Let us take a closer look at what useful lessons – or warnings – can be drawn from these new guidelines.

What are “dark patterns” and when are they unlawful?

According to the EDPB, dark patterns are “interfaces and user experiences […] that lead users into making unintended, unwilling and potentially harmful decisions regarding the processing of their personal data” (p. 2). They “aim to influence users’ behaviour and can hinder their ability to effectively protect their personal data and make conscious choices.” The risk associated with dark patterns is higher for websites or applications meant for children, as “dark patterns raise additional concerns regarding potential impact on children” (p. 8).

While the EDPB takes a strongly negative view of dark patterns in general, it recognises that dark patterns do not automatically lead to an infringement of the GDPR. The EDPB acknowledges that “[d]ata protection authorities are responsible for sanctioning the use of dark patterns if these breach GDPR requirements” (emphasis ours; p. 2). Nevertheless, the EDPB guidance strongly links the concept of dark patterns with the data protection by design and by default principles of Art. 25 GDPR, suggesting that disregard for those principles could lead to a presumption that the language or a practice in fact creates a “dark pattern” (p. 11).

The EDPB refers here to its Guidelines 4/2019 on Article 25 Data Protection by Design and by Default and in particular to the following key principles:

“Autonomy – Data subjects should be granted the highest degree of autonomy possible to determine the use made of their personal data, as well as autonomy over the scope and conditions of that use or processing.
Interaction – Data subjects must be able to communicate and exercise their rights in respect of the personal data processed by the controller.
Expectation – Processing should correspond with data subjects’ reasonable expectations.
Consumer choice – The controllers should not “lock in” their users in an unfair manner. Whenever a service processing personal data is proprietary, it may create a lock-in to the service, which may not be fair, if it impairs the data subjects’ possibility to exercise their right of data portability in accordance with Article 20 GDPR.
Power balance – Power balance should be a key objective of the controller-data subject relationship. Power imbalances should be avoided. When this is not possible, they should be recognised and accounted for with suitable countermeasures.
No deception – Data processing information and options should be provided in an objective and neutral way, avoiding any deceptive or manipulative language or design.
Truthful – the controllers must make available information about how they process personal data, should act as they declare they will and not mislead data subjects.”

Is data minimisation compatible with the use of SMS two-factor authentication?

One of the EDPB’s positions, while grounded in the principle of data minimisation, undercuts a security practice that has grown significantly over the past few years. In effect, the EDPB seems to question the validity under the GDPR of requests for phone numbers for two-factor authentication where e-mail tokens would theoretically be possible:

“30. To observe the principle of data minimisation, [organisations] are required not to ask for additional data such as the phone number, when the data users already provided during the sign- up process are sufficient. For example, to ensure account security, enhanced authentication is possible without the phone number by simply sending a code to users’ email accounts or by several other means.
31. Social network providers should therefore rely on means for security that are easier for users to re[1]initiate. For example, the [organisation] can send users an authentication number via an additional communication channel, such as a security app, which users previously installed on their mobile phone, but without requiring the users’ mobile phone number. User authentication via email addresses is also less intrusive than via phone number because users could simply create a new email address specifically for the sign-up process and utilise that email address mainly in connection with the Social Network. A phone number, however, is not that easily interchangeable, given that it is highly unlikely that users would buy a new SIM card or conclude a new phone contract only for the reason of authentication.” (emphasis ours; p. 15)

The EDPB also appears to be highly critical of phone-based verification in the context of registration “because the email address constitutes the regular contact point with users during the registration process” (p. 15).

This position is unfortunate, as it suggests that data minimisation may preclude controllers from even assessing which method of two-factor authentication – in this case, e-mail versus SMS one-time passwords – better suits its requirements, taking into consideration the different security benefits and drawbacks of the two methods. The EDPB’s reasoning could even be used to exclude any form of stronger two-factor authentication, as additional forms inevitably require separate processing (e.g., phone number or third-party account linking for some app-based authentication methods).

For these reasons, organisations should view this aspect of the new EDPB guidelines with a healthy dose of skepticism. It likewise will be important for interested stakeholders to participate in the consultation to explain the security benefits of using phone numbers to keep the “two” in two-factor authentication.

Consent withdrawal: same number of clicks?

Recent decisions by EU regulators (notably two decisions by the French authority, the CNIL have led to speculation about whether EU rules effectively require website operators to make it possible for data subjects to withdraw consent to all cookies with one single click, just as most websites make it possible to give consent through a single click. The authorities themselves have not stated that this is unequivocally required, although privacy activists notably filed complaints against hundreds of websites, many of them for not including a “reject all” button on their cookie banner.

The EDPB now appears to side with the privacy activists in this respect, stating that “consent cannot be considered valid under the GDPR when consent is obtained through only one mouse-click, swipe or keystroke, but the withdrawal takes more steps, is more difficult to achieve or takes more time” (p. 14).

Operationally, however, it seems impossible to comply with a “one-click withdrawal” standard in absolute terms. Just pulling up settings after registration or after the first visit to a website will always require an extra click, purely to open those settings. We expect this issue to be examined by the courts eventually.

Is creative wording indicative of a “dark pattern”?

The EDPB’s guidelines contain several examples of wording that is intended to convince the user to take a specific action.

The photo example mentioned in the introduction above is an illustration, but other (likely fictitious) examples include the following:

For sharing geolocation data: “Hey, a lone wolf, are you? But sharing and connecting with others help make the world a better place! Share your geolocation! Let the places and people around you inspire you!” (p.17)
To prompt a user to provide a self-description: “Tell us about your amazing self! We can’t wait, so come on right now and let us know!” (p. 17)

The EDPB criticises the language used, stating that it is “emotional steering”:

“[S]uch techniques do not cultivate users’ free will to provide their data, since the prescriptive language used can make users feel obliged to provide a self-description because they have already put time into the registration and wish to complete it. When users are in the process of registering to an account, they are less likely to take time to consider the description they give or even if they would like to give one at all. This is particularly the case when the language used delivers a sense of urgency or sounds like an imperative. If users feel this obligation, even when in reality providing the data is not mandatory, this can have an impact on their “free will”” (pp. 17-18).

Similarly, in a section about account deletion and deactivation, the EDPB criticises interfaces that highlight “only the negative, discouraging consequences of deleting their accounts,” e.g., “you’ll lose everything forever,” or “you won’t be able to reactivate your account” (p. 55). The EDPB even criticises interfaces that preselect deactivation or pause options over delete options, considering that “[t]he default selection of the pause option is likely to nudge users to select it instead of deleting their account as initially intended. Therefore, the practice described in this example can be considered as a breach of Article 12 (2) GDPR since it does not, in this case, facilitate the exercise of the right to erasure, and even tries to nudge users away from exercising it” (p. 56). This, combined with the EDPB’s aversion to confirmation requests (see section 5 below), suggests that the EDPB is ignoring the risk that a data subject might opt for deletion without fully recognizing the consequences, i.e., loss of access to the deleted data.

The EDPB’s approach suggests that any effort to woo users into giving more data or leaving data with the organisation will be viewed as harmful by data protection authorities. Yet data protection rules are there to prevent abuse and protect data subjects, not to render all marketing techniques illegal.

In this context, the guidelines should in our opinion be viewed as an invitation to re-examine marketing techniques to ensure that they are not too pushy – in the sense that users would in effect truly be pushed into a decision regarding personal data that they would not otherwise have made. Marketing techniques are not per se unlawful under the GDPR but may run afoul of GDPR requirements in situations where data subjects are misled or robbed of their choice.

Other key lessons for marketers and user interface designers

Avoid continuous prompting: One of the issues regularly highlighted by the EDPB is “continuous prompting”, i.e., prompts that appear again and again during a user’s experience on a platform. The EDPB suggests that this creates fatigue, leading the user to “give in,” i.e., by “accepting to provide more data or to consent to another processing, as they are wearied from having to express a choice each time they use the platform” (p. 14). Examples given by the EDPB include the SMS two-factor authentication popup mentioned above, as well as “import your contacts” functionality. Outside of social media platforms, the main example for most organisations is their cookie policy (so this position by the EDPB reinforces the need to manage cookie banners properly). In addition, newsletter popups and popups about “how to get our new report for free by filling out this form” are frequent on many digital properties. While popups can be effective ways to get more subscribers or more data, the EDPB guidance suggests that regulators will consider such practices questionable from a data protection perspective.
Ensure consistency or a justification for confirmation steps: The EDPB highlights the “longer than necessary” dark pattern at several places in its guidelines (in particular pp. 18, 52, & 57), with illustrations of confirmation pop-ups that appear before a user is allowed to select a more privacy-friendly option (and while no such confirmation is requested for more privacy-intrusive options). Such practices are unlawful according to the EDPB. This does not mean that confirmation pop-ups are always unlawful – just that you need to have a good justification for using them where you do.
Have a good reason for preselecting less privacy-friendly options: Because the GDPR requires not only data protection by design but also data protection by default, make sure that you are able to justify an interface in which a more privacy-intrusive option is selected by default – or better yet, don’t make any preselection. The EDPB calls preselection of privacy-intrusive options “deceptive snugness” (“Because of the default effect which nudges individuals to keep a pre-selected option, users are unlikely to change these even if given the possibility” p. 19).
Make all privacy settings available in all platforms: If a user is asked to make a choice during registration or upon his/her first visit (e.g., for cookies, newsletters, sharing preferences, etc.), ensure that those settings can all be found easily later on, from a central privacy settings page if possible, and alongside all data protection tools (such as tools for exercising a data subject’s right to access his/her data, to modify data, to delete an account, etc.). Also make sure that all such functionality is available not only on a desktop interface but also for mobile devices and across all applications. The EDPB illustrates this point by criticising the case where an organisation has a messaging app that does not include the same privacy statement and data subject request tools as the main app (p. 27).
Be clearer in using general language such as “Your data might be used to improve our services”: It is common in most privacy statements to include a statement that personal data (e.g., customer feedback) “can” or “may be used” to improve an organisation’s products and services. According to the EDPB, the word “services” is likely to be “too general” to be viewed as “clear,” and it is “unclear how data will be processed for the improvement of services.” The use of the conditional tense in the example (“might”) also “leaves users unsure whether their data will be used for the processing or not” (p. 25). Given that the EDPB’s stance in this respect is a confirmation of a position taken by EU regulators in previous guidance on transparency, and serves as a reminder to tell data subjects how data will be used.
Ensure linguistic consistency: If your website or app is available in more than one language, ensure that all data protection notices and tools are available in those languages as well and that the language choice made on the main interface is automatically taken into account on the data-related pages (pp. 25-26).

Best practices according to the EDPB

Finally, the EDPB highlights some other “best practices” throughout its guidelines. We have combined them below for easier review:

Structure and ease of access:
- Shortcuts: Links to information, actions, or settings that can be of practical help to users to manage their data and data protection settings should be available wherever they relate to information or experience (e.g., links redirecting to the relevant parts of the privacy policy; in the case of a data breach communication to users, to provide users with a link to reset their password).
- Data protection directory: For easy navigation through the different section of the menu, provide users with an easily accessible page from where all data protection-related actions and information are accessible. This page could be found in the organisation’s main navigation menu, the user account, through the privacy policy, etc.
- Privacy Policy Overview: At the start/top of the privacy policy, include a collapsible table of contents with headings and sub-headings that shows the different passages the privacy notice contains. Clearly identified sections allow users to quickly identify and jump to the section they are looking for.
- Sticky navigation: While consulting a page related to data protection, the table of contents could be constantly displayed on the screen allowing users to quickly navigate to relevant content thanks to anchor links.
Transparency:
- Organisation contact information: The organisation’s contact address for addressing data protection requests should be clearly stated in the privacy policy. It should be present in a section where users can expect to find it, such as a section on the identity of the data controller, a rights related section, or a contact section.
- Reaching the supervisory authority: Stating the specific identity of the EU supervisory authority and including a link to its website or the specific website page for lodging a complaint is another EDPB recommendation. This information should be present in a section where users can expect to find it, such as a rights-related section.
- Change spotting and comparison: When changes are made to the privacy notice, make previous versions accessible with the date of release and highlight any changes.
Terminology & explanations:
- Coherent wording: Across the website, the same wording and definition is used for the same data protection concepts. The wording used in the privacy policy should match that used on the rest of the platform.
- Providing definitions: When using unfamiliar or technical words or jargon, providing a definition in plain language will help users understand the information provided to them. The definition can be given directly in the text when users hover over the word and/or be made available in a glossary.
- Explaining consequences: When users want to activate or deactivate a data protection control, or give or withdraw their consent, inform them in a neutral way of the consequences of such action.
- Use of examples: In addition to providing mandatory information that clearly and precisely states the purpose of processing, offering specific data processing examples can make the processing more tangible for users
Contrasting Data Protection Elements: Making data protection-related elements or actions visually striking in an interface that is not directly dedicated to the matter helps readability. For example, when posting a public message on the platform, controls for geolocation should be directly available and clearly visible.
Data Protection Onboarding: Just after the creation of an account, include data protection points within the onboarding experience for users to discover and set their preferences seamlessly. This can be done by, for example, inviting them to set their data protection preferences after adding their first friend or sharing their first post.
Notifications (including data breach notifications): Notifications can be used to raise awareness of users of aspects, changes, or risks related to personal data processing (e.g., when a data breach occurs). These notifications can be implemented in several ways, such as through inbox messages, pop-in windows, fixed banners at the top of the webpage, etc.

Next steps and international perspectives

These guidelines (available online) are subject to public consultation until 2 May 2022, so it is possible they will be modified as a result of the consultation and, we hope, improved to reflect a more pragmatic view of data protection that balances data subjects’ rights, security, and operational business needs. If you wish to contribute to the public consultation, note that the EDPB publishes feedback it receives (as a result, we have occasionally submitted feedback on behalf of clients wishing to remain anonymous).

Irrespective of the outcome of the public consultation, the guidelines are guaranteed to have an influence on the approach of EU data protection authorities in their investigations. From this perspective, it is better to be forewarned – and to have legal arguments at your disposal if you wish to adopt an approach that deviates from the EDPB’s position.

Moreover, these guidelines come at a time when the United States Federal Trade Commission (FTC) is also concerned with dark patterns. The FTC recently published an enforcement policy statement on the matter in October 2021. Dark patterns are also being discussed at the Organisation for Economic Cooperation and Development (OECD). International dialogue can be helpful if conversations about desired policy also consider practical solutions that can be implemented by businesses and reflect a desirable user experience for data subjects.

Organisations should consider evaluating their own techniques to encourage users to go one way or another and document the justification for their approach.

Article By Peter Craddock, Sheila A. Millar, and Tracy P. Marshall of Keller and Heckman LLP

For more cybersecurity legal news, click here to visit the National Law Review.

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use.

Background

On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analytics by various companies. The complaints focused on whether the transfer of EU personal data to Google in the U.S. through the use of cookies is permitted under the EU General Data Protection Regulation (“GDPR”), following the Schrems II judgment of the Court of Justice of the European Union. Following these complaints, the French and Austrian DPAs ruled that the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie is unlawful.

Google’s New Solution

According to Google’s press release, Google Analytics 4 “is designed with privacy at its core to provide a better experience for both our customers and their users. It helps businesses meet evolving needs and user expectations, with more comprehensive and granular controls for data collection and usage.”

The most impactful change from an EU privacy standpoint is that Google Analytics 4 will no longer store IP address, thereby limiting the data transfers resulting from the use of Google Analytics that were under scrutiny in the EU following the Schrems II ruling. It remains to be seen whether this change will ease EU DPAs’ concerns about Google Analytics’ compliance with the GDPR.

Google’s previous analytics solution, Universal Analytics, will no longer be available beginning July 2023. In the meantime, companies are encouraged to transition to Google Analytics 4.

Read Google’s press release.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more cybersecurity legal news, click here to visit the National Law Review.

EV Buses: Arriving Now and Here to Stay

In the words of Miss Frizzle, “Okay bus—do your stuff!”¹ A favorable regulatory environment, direct subsidy, private investment, and customer demand are driving an acceleration in electric vehicle (EV) bus adoption and the lane of busiest traffic is filling with school buses. The United States has over 480,000 school buses, but currently, less than one percent are EVs. Industry watchers expect that EV buses will eventually become the leading mode for student transportation. School districts and municipalities are embracing EV buses because they are perceived as cleaner, requiring less maintenance, and predicted to operate more reliably than current fossil fuel consuming alternatives. EV bus technology has improved in recent years, with today’s models performing better in cold weather than their predecessors, with increased ranges on a single charge, and requiring very little special training for drivers.² Moreover, EV buses can serve as components in micro-grid developments (more on that in a future post).

The Investment Incline

Even if the expected operational advantages of EV buses deliver, the upfront cost to purchase vehicles or to retrofit existing fleets remains an obstacle to expansion. New EV buses price out significantly more than traditional diesel buses and also require accompanying new infrastructure, such as charging stations. Retrofitting drive systems in existing buses comparatively reduces some of that cost, but also requires significant investment.³

To detour around these financial obstacles, federal, state, and local governments have made funding available to encourage the transition to EV buses.⁴ In addition to such policy-based subsidies, private investment from both financial and strategic quarters has increased. Market participants who take advantage of such funding earlier than their competitors have a forward seat to position themselves as leaders.

You kids pipe down back there, I’ve got my eyes on a pile of cash up ahead!

Government funding incentives for electrification are available for new EV buses and for repowering existing vehicles.⁵ Notably, the Infrastructure Investment and Jobs Act committed $5 billion over five years to replace existing diesel buses with EV buses. Additionally, the Diesel Emissions Reduction Act provided $18.7 million in rebates for fiscal year 2021 through an ongoing program.

In 2021, New York City announced its commitment to transition school buses to electric by 2035. Toward that goal, the New York Truck Voucher Incentive Program provides vouchers to eligible fleets towards electric conversions and covers up to 80% of those associated costs.⁶ California’s School Bus Replacement Program had already set aside over $94 million, available to districts, counties, and joint power authorities, to support replacing diesel buses with EVs, and the state’s proposed budget for 2022-23 includes a $1.5 billion grant program to support purchase of EV buses and charging stations.

While substantial growth in EV bus sales will continue in the years ahead, it will be important to keep an eye out for renewal, increase or sunset of these significant subsidies.

Market Players and Market Trends, OEMs, and Retrofitters

The U.S is a leader in EV school bus production: two of the largest manufacturers, Blue Bird and Thomas Built (part of Daimler Truck North America), are located domestically, and Lion Electric (based in Canada) expects to begin delivering vehicles from a large facility in northern Illinois during the second half of 2022. GM has teamed up with Lighting eMotors on a medium duty truck platform project that includes models prominent in many fleets, and Ford’s Super Duty lines of vehicles (which provide the platform for numerous vans and shuttle vehicles) pop up in its promotion of a broader electric future. Navistar’s IC Bus now features an electric version of its flagship CE series.

Additionally, companies are looking to a turn-key approach to deliver complete energy ecosystems, encompassing vehicles, charging infrastructure, financing, operations, maintenance, and energy optimization. In 2021, Highland Electric Transportation raised $253 million from Vision Ridge Partners, Fontinalis Partners (co-founded by Bill Ford) and existing investors to help accelerate its growth, premised on a turn-key fleet approach.⁷

Retrofitting is also on the move. SEA Electric (SEA), a provider of electric commercial vehicles, recently partnered with Midwest Transit Equipment (MTE) to convert 10,000 existing school buses to EVs over the next five years.⁸ MTE will provide the frame for the school uses and SEA will provide its SEA-drive propulsion system to convert the buses to EV.⁹ In a major local project, Logan Bus Company announced its collaboration with AMPLY Power and Unique Electric Solutions (UES) to deploy New York City’s first Type-C (conventional) school bus.¹⁰

Industry followers should expect further collaborations, because simplifying the route to adopting an EV fleet makes it more likely EV products will reach customers.

Opportunities Going Forward

Over the long haul, EV buses should do well. Scaling up investments and competition on the production side should facilitate making fleet modernization more affordable for school districts while supporting profit margins for manufacturers. EVs aren’t leaving town, so manufacturers, fleet operators, school districts and municipalities will either get on board or risk being left at the curb.

Article By Michael J. Small and Samantha Ruppenthal at Foley & Lardner LLP

For more utilities and transportation legal news, click here to visit the National Law Review.

¹https://shop.scholastic.com/parent-ecommerce/series-and-characters/magic-school-bus.html

²https://www.busboss.com/blog/having-an-electric-school-bus-fleet-is-easier-than-many-people-think

³https://thehill.com/opinion/energy-environment/570326-electric-school-bus-investments-could-drive-us-vehicle

⁴https://info.burnsmcd.com/white-paper/electrifying-the-nations-mass-transit-bus-fleets

⁵https://stnonline.com/partner-updates/electric-repower-the-cheaper-faster-and-easier-path-to-electric-buses/

⁶https://www1.nyc.gov/office-of-the-mayor/news/296-21/recovery-all-us-mayor-de-blasio-commits-100-electric-school-bus-fleet-2035

⁷https://www.bloomberg.com/press-releases/2021-02-16/highland-electric-transportation-raises-253-million-from-vision-ridge-partners-fontinalis-partners-and-existing-investors

⁸https://www.electrive.com/2021/12/07/sea-electric-to-convert-10k-us-school-buses/#:~:text=SEA%20Electric%20and%20Midwest%20Transit,become%20purely%20electric%20school%20buses.

⁹ Id.

¹⁰https://stnonline.com/news/new-york-city-deploys-first-type-c-electric-school-bus/

Category: Technology

Episode 2: The Importance of Data in Legal Business and Legal Marketing with Laura Leopard of Leopard Solutions [PODCAST]

Like this: