Data Privacy in a Time of Reaction: "Big Data" versus "The People"

by White & Case LLP

White & Case LLP

1. Data privacy concerns entwined with anti-globalization

Anti-globalization has become a serious theme in Western countries. Right-wing and left-wing political movements converge on the issue. Centrist elites acknowledge that the great wave of borderless commerce since the end of the Cold War has imposed unanticipated, serious harm on local work forces.

Recent political developments around the world underscore the trend.  A consensus is developing that something must be done, with no agreement on what. In addition, the nature of security risks has changed: both terrorism and financial and industrial crime increasingly inhabit the shadow world created by the Internet. At a base level, substantial constituencies are now re-examining the main economic drivers of the modern world, with potentially severe political and commercial ramifications.

The same dynamic of expansion and reaction is now confronting the movement of data. On the one hand, most people recognize the benefits of technology.  On the other hand, many scapegoat technology as the problem. "Security" and "privacy" are the surrogate targets for these concerns. They exert the same rallying power as "jobs," "income equality" and "immigration." The "cloud" and "networking" may inspire the same suspicions as "outsourcing" and "free trade." However, there is a major difference—there are no simple fixes for macroeconomic trends; but there is a sense that there are available methods to address privacy concerns. These include law, regulation, computer mechanics and cyber warfare.

Concern about data privacy and security, whether for intrinsic reasons or as a vehicle to advance other agendas, has been building as a result of various high-profile incidents, including the multiple reports of vast commercial hacking, Snowden's exposé of government surveillance activities, and cyber breaches of sensitive government personnel data. The tipping point may have been reached as a result of the presumptive Russian/WikiLeaks involvement in the US political process. Until those events occurred, "hacking" was considered something that occurred largely outside of the overt political sphere, instead impacting private institutions (such as banks) and individuals (suffering identity theft) or occurring behind the closed doors of national security agencies. The extraordinary infiltration and disclosure of data from the Democratic Party, campaign officials and current and former US national leaders is vivid and tangible. Everyone can understand "if it can happen to them, it can happen to me."  In this environment, data privacy and security issues may be manipulated, and related violations penalized, based on economic or political motivations.

2. US and EU approaches to data privacy have differed, but are converging

While there is no express general right to privacy in the US Constitution, several of its provisions (in particular, in the Bill of Rights) protect specific aspects of an individual's privacy,i and the Fourteenth Amendment is often interpreted (despite some prominent opponents ii) as guaranteeing a fairly broad right to privacy; spawning several seminal Supreme Court cases.iii In addition, many US states recognize related torts, such as for invasion of privacy and protection of rights of publicity. In Europe, privacy has a long tradition as a fundamental human right. It is enshrined in the European Union's Charter of Fundamental Rights, which is enforced by a dedicated Court of Human Rights and is the cornerstone for a plethora of related privacy law, regulation and cases.

However, historically, the approach taken by each jurisdiction to the privacy of data about individuals has differed. The data privacy regime in the European Union ("EU") reflects the "fundamental human right" approach and generally expects "privacy by default." In contrast, the US has tended to focus instead on the constitutional right to free speech, transparency and the people's "right to know." In the EU, any encroachment on overarching, universally applicable rights to privacy of an individual's data requires a specific justification, rationale or "lawful basis." In the US, by contrast, any assertion of an inherent right to data privacy generally requires specific law-making or expanded interpretations of existing law (whether by legislatures, regulators or courts) to "create" a right that does not otherwise exist. The EU has an omnibus data privacy regime, applicable in all industries and to all businesses,iv while the US has a patchwork of laws and precedents in specific areas such as health care, higher education and financial services.v When it comes to the consent of an individual to the collection of data about them, the US takes more of a libertarian view, so individuals are largely considered freely able to give consent to any use of their data by any means and in any circumstances, while in the EU, an individual's consent can be challenging to establish and rely upon in certain circumstances (perhaps most notably within the employer-employee contextvi).

When it comes to international business and relations, particularly across the Atlantic, these differences in approach and legal regime create tension. EU citizens and other stakeholders bemoan a lack of respect for EU data privacy laws by US businesses and government. EU courts have declared that the US does not provide "adequate protection" of personal datavii and in response have stretched territorial concepts to the limit in an effort to make global businesses headquartered outside the EU subject to EU data privacy laws.viii EU regulators have "upped the ante" by introducing new regulations with maximum fines based on a percentage of a business's worldwide revenues.ix Meanwhile, US businesses, which at home (outside certain sectors) have generally been free to use and monetize personal data as they see fit, unless there is a contract or law that specifically prevents them from doing so, have been frustrated by the EU legal regime and have been deterred from doing business in Europe. This is because the EU legal regime appears to many US businesses as introducing draconian and often entirely new compliance obligations. From a US perspective, the European approach jeopardizes profits and even existing business models, appears in a constant state of flux, and calls into question or invalidates entirely compliance mechanisms that were once considered adequate.x

Notably, the legal (and political) balance has appeared at times to be shifting to the European approach to data privacy. In order to facilitate transatlantic data transfers, the US government recently made significant concessions on issues like the surveillance and rights of EU citizens to litigate data privacy complaints in US courts.xi In addition, while there is currently no EU-style omnibus data protection law, there have been several moves to introduce one.

3. New privacy protection measures are rising in the US

The "holes" in the US patchwork grow smaller every day, with the regular introduction of new state and federal data privacy laws governing different issues, not to mention the FTC's increasingly active role in enforcing consumer data privacy and cybersecurity rights, under the general umbrella of "unfair or deceptive" trade practices. There have also been several recent examples of a policy shift by big business in the US towards "privacy-first" principles as a compelling consumer offering, even in the face of demands for cross-border disclosurexii and calls for decryption of consumer data in extremely dramatic scenarios. Finally, the plaintiffs' class action bar has shown a growing interest in damages cases for hacking and negligence on the part of hacked businesses.xiv

Government enforcement of law and policies is often the front line. However, there is a more serious enforcement mechanism at hand.xv The US pioneered the use of private litigation for the enforcement of public policy. Beginning over a hundred years ago with antitrust enforcement, followed by securities fraud, organized crime,xvi corporate corruption,xvii and, most recently, terror financing, the private right of action has been a mainstay of US policy and jurisprudence. It is the substantive and economic basis of a large part of the US legal profession. While its use in the data privacy context has been limited so far, and many cases get dismissed for lack of common injury or harm, there has been much discussion about this situation, and it is likely only a matter of time before there are new laws to address the issue.xviii New legislation, together with existing laws and case precedent, dramatically increases the pool of potential litigants and offers them ever more fertile opportunities to sue for data privacy incursions and violations, whether because of external hacking or internal mishandling (whether intentional, reckless or negligent). Government and private litigation often cooperate in pursuing enforcement targets, where the governmental parties seek criminal or civil penalties and the private plaintiffs seek money damages. This powerful combination can pose extreme, possibly existential risk for business defendants. And this is the likely future for privacy enforcement.

4. Takeaways

There are many possible scenarios of business risk in the constantly evolving landscape of data privacy rights, cyber threat capabilities, and regional economic and political interests.  As a result, implementing a robust data privacy regime requires more than solid data management and security practices.  A company's global market strategy increasingly must anticipate how data collection, use, and transfer restrictions are likely to change over time, and data privacy and security programs must be designed to respond to those changes faster than the competition.

i E.g., Privacy of beliefs (1st Amendment), privacy of person and possessions against unreasonable searches (4th Amendment), privilege against self-incrimination, i.e., privacy of certain personal information (5th Amendment).
ii E.g., Judge Robert Bork.
iii E.g., Meyer v. Nebraska, 262 U.S. 390 (1923), Pierce, Governor of Oregon, et al. v. Society of the Sisters of the Holy Names of Jesus and Mary, 268 U.S. 510 (1925), Griswold v. Connecticut, 381 U.S. 479 (1965), Roe v. Wade, 410 U.S. 113 (1973).
iv See Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (Data Protection Directive), and related EU legislation including Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on Privacy and Electronic Communications), Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009 amending Directive 2002/22/EC on universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.  See also Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC (General Data Protection Regulation), which, as well as repealing the Data Protection Directive, amends the Directive on Privacy and Electronic Communications.
v See, e.g., Health Insurance Portability and Accountability Act ("HIPAA"), 42 U.S.C. § 300gg, 29 U.S.C § 1181 et seq. & 42 USC § 1320d et seq.(1996); Health Information Technology for Economic and Clinical Health ("HITECH") Act, 42 U.S.C. § 300jj et seq. & § 17901 et seq. (2009); The Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. § 1232 (1974); Gramm-Leach-Bliley Act ("GLBA"), 15 U.S.C. § 6801 et seq.(1999); Fair Credit Reporting Act ("FCRA"), 15 U.S.C. § 1681 et seq. (1970).
vi It is generally understood that an employer in the EU may be unable to obtain genuine consent from employees to process their personal data, on the ground that those employees might not, realistically, be able to refuse to consent (leaving such employers to pursue other options for legitimizing the processing of employee personal data). See, e.g., the fifteen year-old Article 29 Data Protection Working Party Opinion 8/2001 on the processing of personal data in the employment context ("If it is not possible for the worker to refuse it is not consent" and "where as a necessary and unavoidable consequence of the employment relationship an employer has to process personal data it is misleading if it seeks to legitimise this processing through consent".)
vii Case C-362/14 Maximillian Schrems v. Data Protection Commissioner.
viii Case C-131/12, Google Spain SL and Google Inc. v Agencia Española de Protección de Datos (AEPD) and Mario Costeja González, 2014 E.C.R. 317; Case C‑230/14, Weltimmo s.r.o. v Nemzeti Adatvédelmi és Információszabadság Hatóság, 2015.
ix General Data Protection Regulation, supra note iv, Article 79.
x See, e.g., "European Court of Justice Invalidates EU-US 'Safe Harbor' Pact," (Oct. 14, 2015); New Threats to Transatlantic Data Flows as Model Clauses Come Under Fire (June 9, 2016); EU-U.S. Privacy Shield Challenged,  (Nov. 2, 2016).
xi Judicial Redress Act of 2015, H.R. 1428, 114th Congress (2015-2016) (enacted). And see ANNEX A: EU-U.S. Privacy Shield Ombudsperson Mechanism, and, regarding Privacy Shield more generally, EU-U.S. Privacy Shield approved,(Jul. 12, 2016).
xii See, e.g., Microsoft Corporation v. United States of America, No. 14-2985 (2d Cir. 2016).
xiii See, e.g., Matt Zapotosky, "FBI Has Accessed San Bernardino Shooter's Phone Without Apple's Help," (March 28, 2016), Contrast with this example of the approach taken by a foreign government, with China moving to require technology suppliers to disclose their proprietary source code, to prove their products cannot be compromised by hackers.
xiv See, e.g., Dominic Patten, "Sony Hack Class Action Settlement Gets Final Approval," (April 6, 2016, 10:36 AM), ("the total price tag to Sony [from litigation arising out of a Nov. 24, 2014 data breach] is around $15 million, with a max of $10,000 per individual plus around $1,000-$3,000 to the group of initial plaintiffs"); Charles Riley & Jose Pagliery, "Target Will Pay Hack Victims $10 Million," (March 19, 2015: 3:05 PM ET), ("Target will pay customers who suffered from a 2013 data breach up to $10,000 each in damages.")
xv E.g., the Financial Crimes Enforcement Network, a bureau of the US Department of the Treasury, is empowered to enforce domestic laws prohibiting money laundering, terrorist financing, and other financial crimes. A federal district court in Minnesota also recently held that the Bank Secrecy Act (BSA) permits FinCEN to bring suit against individuals for willfully violating the BSA's anti-money laundering requirement, see, U.S. Dep't of Treasury v. Haider, No. 15-CV-01518, 2016 WL 107940 (D. Minn. Dec. 18, 2014).
xvi Racketeer Influenced and Corrupt Organizations Act ("RICO"), 18 U.S.C. §§ 1961–68 (1970).
xvii E.g., False Claims Act, 31 U.S.C. §§ 3729–33 (amended 2009); Foreign Corrupt Practices Act ("FCPA"), 15 U.S.C. § 78dd-1 et seq. (1977).
xviii Justice Against Sponsors of Terrorism Act ("JASTA"), Pub.L. 114–222, 114th Congress (2015­­–2016) (enacted); Judicial Redress Act, supra note xi.

Alan Gover, a Retired Partner of White & Case also assisted in the development of this publication.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Written by:

White & Case LLP

White & Case LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.