Emerging Technology and the Law Blog
Unmanned aircraft systems have become indispensable tools for construction project management, but rapid adoption has introduced regulatory compliance obligations and liability risks that require careful legal consideration. Drone technology provides construction companies with unprecedented capabilities for site surveying, progress monitoring, and safety inspections that were previously costly and time-consuming. However, the construction industry’s rapid adoption of drone technology has created new efficiencies alongside regulatory compliance obligations and liability risks that demand careful legal attention. Federal Aviation Administration Regulatory Framework Federal Aviation Administration regulations govern all commercial drone operations, including construction-related activities. The Part 107 rule establishes operational limitations that construction companies must observe, including daylight-only operations, visual line-of-sight requirements, and altitude restrictions. Construction sites often present complex airspace challenges, particularly in urban environments where temporary flight restrictions may apply or where operations near airports require additional coordination. The regulatory framework requires remote pilot certification for anyone operating drones commercially, including construction applications. Construction companies must ensure that personnel conducting drone operations possess appropriate Federal Aviation Administration certifications and understand applicable limitations. Violations can result in significant civil penalties and potential criminal liability. Professional Liability Considerations Professional liability considerations extend beyond regulatory compliance to encompass the accuracy and application of drone-collected …
The construction industry’s widespread adoption of Building Information Modeling has transformed project delivery, but this digital revolution brings complex liability questions that traditional construction contracts were never designed to address. Building Information Modeling technology creates a shared digital environment where architects, engineers, contractors, and subcontractors contribute to and rely upon a single comprehensive model. This collaborative approach generates significant benefits, including reduced conflicts, improved coordination, and enhanced project visualization. However, the very nature of shared digital modeling creates potential liability traps that project participants often fail to recognize until disputes arise. The Fundamental Challenge of Shared Responsibility The primary legal challenge lies in determining responsibility when BIM-related errors lead to construction defects, schedule delays, or cost overruns. Traditional professional liability concepts assume clear boundaries between design and construction responsibilities. BIM technology blurs these lines by enabling real-time model updates throughout the project lifecycle. Consider this scenario: when a structural engineer modifies the digital model to reflect field conditions, and that modification creates conflicts with mechanical systems, who bears responsibility for the resulting problems? The answer depends largely on contract language that frequently fails to address these scenarios adequately. Key Legal ConsiderationStandard form agreements developed before widespread BIM adoption contain limited …
New U.S. Privacy Laws Follow GDPR Trend With the approval of the CPRA citizen’s initiative (Consumer Privacy Reform Act amending the CCPA – Proposition 24) and the introduction of new privacy legislation in New York and elsewhere all moving toward a U.S. equivalent of GDPR, it is time to face the fact that U.S. privacy compliance obligations are here to stay. When GDPR enforcement began in 2018, many U.S. businesses that were not operating in the EU considered it something that was happening “over there.” Enforcement of the California CCPA (California Consumer Privacy Act) began in January 2020. Now, the hope of avoiding strict privacy compliance obligations “over here” is now only a dream. The CPRA amended and strengthened the CCPA, moving it closer to the protections afforded to EU citizens, and post-Brexit, to UK citizens. (Proposition 24 approved November 2020; Effective 1/1/23.) it is time to face the fact that U.S. privacy compliance obligations are here to stay There are privacy bills pending before the New York Assembly that like CCPA/CPRA adopt many of the key privacy principles staked out by the GDPR: Consent, Privacy by Design, Data Minimization, Lawful Purpose, and Information Security. In addition, both the California …
Under the European Union GDPR privacy compliance obligations, Data Protection Impact Assessments (DPIA) are mandatory for data processing “likely to result in a high risk to the rights and freedoms of data subjects.” Failure to conduct such a risk assessment is a breach of the GDPR that is subject to significant fines. Whether an organization is required to comply with the GDPR is beyond the scope of this article but if your organization processes any of the following types of “risky” Personal Data of EU or UK citizens listed in the table below, now is the time to find out. …
Privacy and cybersecurity compliance issues are inextricably linked. In one sense, they are peas in a pod. A security breach can leak all sorts of information assets, from useless server logs to trade secrets to sensitive personally identifiable information, or PII. At the heart of many privacy compliance obligations is the recognition of a duty to make “reasonable” efforts to protect PII through technical and organizational means. Such balancing tests are necessarily a key aspect of enterprise risk management. The massive SolarWinds supply chain hack is a case in point. On January 12, 2021, security research company CrowdStrike reported discovery …
On July 16, 2020, the European Court of Justice (ECJ – the European Union’s high court) invalidated the EU-US Privacy Shield Framework as a potential mechanism for meeting the GDPR’s cross-border personal data transfer restrictions. Effective immediately, U.S. companies that process EU “personal data” can no longer rely on registration under the Privacy Shield and must establish an alternative legal basis for any continued EU-US transfers. Previously, cross-border transfers to the US were permitted under three mechanisms: 1) the Privacy Shield (http://privacyshield.gov), 2) Standard Contractual Clauses (SCC), and 3) Binding Corporate Rules (BCR). The Privacy Shield was originally developed in …
In the wake of the Cambridge Analytica scandal, restrictions on monetization of personal information (aka PI or PII) are coming to California in 2020. The California legislature unanimously passed a historic bill to adopt many of the core privacy principles of the EU General Data Protection Initiative (GDPR) for California consumers. The bill was fast-tracked into law in order to avoid the likely passage of a more rigorous ballot initiative in the November election. The key difference between the ballot initiative and the adopted law is that the legislative version can be more easily amended to avoid unintended consequences. Indeed, …
The California Consumer Privacy Act of 2018 is a ballot initiative that has gained more than enough signatures to appear on the November 6, 2018 general election ballot. If approved by the voters, the Act will greatly expand privacy rights in California. It will apply to larger companies that do business in California as well as entities that collect substantial amounts of Personal Information from California residents. California has in the past led the US in various trends and regulations, good and bad. Freeways, Beach Boys, hippies, hipsters, car culture, bikers, early Burning Man, the music industry, and Hollywood helped define US …
On May 25th, Senators Edward J. Markey (D-Mass.), Dick Durbin (D-Ill.), Richard Blumenthal (D-Conn.), and Bernie Sanders (I-Vt.) introduced a Senate resolution calling for U.S. companies and institutions covered by the European Union’s (EU) new privacy law, the General Data Protection Regulation (GDPR), to provide Americans with privacy protections included in the European law. The 5 page Resolution summarizes the GDPR as requiring: that data processors have a legal basis for processing the data of users; and that opt-in, freely given, specific, informed, and unambiguous consent from users is a primary legal basis. The Resolution is not a bill and …
Does GDPR Apply in the US? Yes. GDPR (European Union General Data Protection Regulation) is a comprehensive new law protecting the data privacy of EU citizens. GDPR takes effect on May 25, 2018. It consists of 99 articles and will have sweeping impact on U.S. enterprises. It requires that all personal data be handled according to the GDPR Data Protection Principles. These includes the famous “right to be forgotten,” as well as transparency, data portability, breach notification, information security, etc. If you have a public facing website that collects user data and operates in EU countries, it is not too late to get advice. Watch this space as we roll out solutions for enterprises that are not ready.