Category Archives: Privacy

Cyber Concerns Lead to EU Recall of a Connected Kids Devices

By Liisa Thomas, Jonathan E. Meyer and Elfin Noce on February 13, 2019 Posted in Children's Privacy, Consumer Privacy, EU Privacy, Internet of Things

Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their children. According to the European Commission, security issues with the device could allow a hacker to access a user’s data, including location … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

By Jonathan E. Meyer and Elfin Noce on February 6, 2019 Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Privacy

In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

Year In Review: Eye on Privacy 2018

By Liisa Thomas, Craig Cardon, Brian Anderson, Jonathan E. Meyer, Townsend Bourne and Kari Rollins on January 28, 2019 Posted in Consumer Privacy, Data Breach, Data Security

As the first month of 2019 comes to a close, it is clear that this year will be another busy one in the world of privacy. To help get a handle on what to worry about this year, it is helpful to look back on the privacy developments from 2018 and consider what will be … Continue Reading

EU and Japan Finalize Data Transfer Deal

By Shanna Pearce on January 28, 2019 Posted in Cross-Border Data Transfers, EU Privacy

As we previously reported the EU and Japan reached a tentative deal last summer to ease data transfer restrictions between them. That deal has now been approved by both the European Commission and by Japan and is effective immediately. When the tentative deal was reached, Japan promised to add several new data protection safeguards. Those included … Continue Reading

Canada’s PIPEDA Consent Guidelines Now In Effect

By Liisa Thomas and Amber Thomson on January 24, 2019 Posted in Canadian Privacy, Consumer Privacy

Canada’s new guidelines for obtaining consent under PIPEDA are now in effect. Last year federal Office of the Privacy Commissioner and the Alberta and British Columbia Offices of the Information and Privacy Commissioner jointly issued the guidelines, which outline how to get “meaningful” consent. The OPC will now apply the guidelines when looking at how … Continue Reading

CBPR System Grows with Entry of Australia and Chinese Taipei

By Liisa Thomas and Amber Thomson on January 15, 2019 Posted in Cross-Border Data Transfers, International Privacy, Privacy

2018 saw two new members of APEC’s Cross Border Privacy Rules (CBPR) system: Australia and Chinese Taipei. They join the US, Mexico, Canada, Japan, South Korea and Singapore. As we have reported on previously, the CBPR system is meant to help companies transfer information between participating countries. In the coming months, Australia’s Attorney General plans to … Continue Reading

A Look Back at 2018 Privacy Shield Enforcement

By Liisa Thomas on January 14, 2019 Posted in EU Privacy, FTC, Privacy Shield

Over the course of 2018, the FTC brought several actions against US companies for violations of the Privacy Shield program. The program, which as we have reported on previously gives participating US companies a mechanism to receive personal information from EU entities. The program is reviewed annually by the EU to determine if, from an EU … Continue Reading

California AG Holding Series of CCPA Public Forums

By Liisa Thomas on January 10, 2019 Posted in CCPA, Consumer Privacy

In support of the California AG’s work towards drafting regulations under the California Consumer Privacy Act, a series of public forums are being held throughout California. The AG has invited the public to participate and provide comments either at, before or after the events, the first of which was held this week (January 8, in … Continue Reading

2019 is the Year of . . . CCPA?

By Liisa Thomas, Craig Cardon, Brian Anderson, Rachel Tarko Hudson and Snehal Desai on January 8, 2019 Posted in California Privacy, CCPA, Consumer Privacy

Everyone who has been paying attention to privacy news knows that January 1, 2020 is the implementation date of the California Consumer Protection Act, and July 1, 2020 is the current deadline for enforcement to begin. July 2020 is also the current deadline for the California AG to implement regulations under CCPA. Read more about the … Continue Reading

UK Regulator Issues Guidance About Encryption Under GDPR

By Shanna Pearce and Liisa Thomas on December 13, 2018 Posted in EU Privacy

The UK Information Commissioner’s Office recently released helpful encryption guidance. Although released to address the GDPR security requirements, this document may be helpful more broadly because of the detail around encryption the ICO provides. In the guidance, the ICO points to certain types of encryption (symmetric and asymmetric) and when to use the different methods. … Continue Reading

Live Free or Die Trying—New Hampshire Voters Enshrine Right to Privacy in State’s Constitution

By David Poell on November 19, 2018 Posted in Consumer Privacy

On Election Day 2018, in the State that boasts the official motto of “Live Free or Die,” over 80% of New Hampshire voters overwhelmingly approved an amendment to the State Constitution enshrining an explicit “right to privacy” to New Hampshire residents. Question 2 on New Hampshire ballots asked voters to approve (or reject) the following … Continue Reading

Update on Enforcement of China’s Cybersecurity Law

By Amber Thomson on November 15, 2018 Posted in Chinese Privacy, Consumer Privacy

Companies doing business in China may see an increase in enforcement actions with the enactment of a new cybersecurity regulation and the enforcement powers of the Public Security Bureaus (PSBs) officially codified. The regulation – Provisions on Internet Security Supervision and Inspection by Public Security Organs – is now in effect, more than a year … Continue Reading

Ninth Circuit Opens Door for More Expansive Meaning of ATDS in TCPA Cases

By David Poell on November 14, 2018 Posted in Consumer Privacy, TCPA, Telecommunications Privacy

In the recent case of Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018) the Ninth Circuit broadly interpreted the TCPA’s definition of automatic telephone dialing system (often referred to as ATDS) to include devices with the capacity to dial stored numbers automatically. The device at issue in Marks is called the … Continue Reading

Supermarket Held Vicariously Liable in UK’s First Data Leak Class Action

By Shanna Pearce on November 13, 2018 Posted in Consumer Privacy, Data Security, EU Privacy

UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted to a public file-sharing website the payroll data of nearly 100,000 employees (including names, addresses, dates of birth, … Continue Reading

UK Issues Fine for Unsolicited Funeral Marketing Emails

By Alyssa Shauer and Liisa Thomas on October 26, 2018 Posted in Communication Privacy, Email Marketing, EU Privacy

The U.K. data protection authority recently fined a lead generation company £90,000 ($118,000) for a 2017 unsolicited email marketing campaign. The company, Boost Finance Ltd, sent over 4 million emails promoting pre-paid funeral plans under the name findmeafuneralplan.com. In reaching its decision, the ICO (the UK data protection regulator), said that the company violated the … Continue Reading

SEC Issues $1 Million Identity Theft Rule Fine

By Liisa Thomas and Amber Thomson on October 22, 2018 Posted in Privacy, SEC

The Securities and Exchange Commission recently settled with Voya Financial Advisors, Inc. for alleged violation of Regulation S-ID (otherwise known as the Identity Theft Red Flags Rule) and Regulation S-P (otherwise known as the Safeguards Rule). According to the SEC, Voya had failed to implement a written identity theft program as required of broker-dealers and … Continue Reading

France Imposes Fine for Unauthorized Use of Fingerprint Timeclocks

By Shanna Pearce on October 15, 2018 Posted in Biometrics, EU Privacy

French data protection authority CNIL has issued a fine against company Assistance Centre d’Appel related to the use of biometric technology in the workplace. During an audit at the end of 2016, CNIL found that the company was using fingerprint timeclocks to track employee hours without prior authorization from CNIL as required by the French … Continue Reading

California Pioneers IoT Security Legislation

By Liisa Thomas on October 9, 2018 Posted in Consumer Privacy, Data Security, Online Privacy

California’s governor recently signed into law a bill requiring connected device manufacturers to include “reasonable” security features for connected devices sold in California. The law doesn’t go into effect until January 1, 2020, and requires that the devices have security “appropriate to the nature and function of the device” and appropriate to the type of … Continue Reading

Apple Imposes Privacy Policy Requirement for All Apps Operating on its Platform

By Shanna Pearce on September 27, 2018 Posted in Consumer Privacy, Mobile Privacy, Online Privacy

As Apple recently reminded developers, starting on October 3, 2018 it will require all apps being submitted for distribution through its app store, or for testing by its TestFlight service, to have a publicly posted privacy policy. This requirement was incorporated into Apple’s App Store Review Guidelines and will apply to all new apps, as … Continue Reading

UK’s ICO Fines Marketing Company Over Unsolicited Emails

By Liisa Thomas on September 18, 2018 Posted in Europe, Online Privacy

The UK’s data protection authority, the ICO, recently fined marketing firm Everything DM Ltd for sending almost 1.5 million marketing emails without obtaining sufficient consent as required by the UK’s Privacy and Electronic Communications Regulations. In particular, the company sent messages on its clients behalf, the messages appeared to the recipient to come from the … Continue Reading

New York Federal Court Dismisses Nationwide Class Action Arising Out of Alleged Spying by E-Commerce Retailers

By Kari Rollins and David Poell on September 10, 2018 Posted in Data Security, Online Privacy

In a victory for online retailers, a New York federal court recently dismissed three putative class action lawsuits brought on behalf of website visitors whose mouse clicks, keystrokes, and electronic communications were tracked by a third-party marketing company. The cases were filed against three e-commerce retailers—Casper (a mattress manufacturer and retailer), Tyrwhitt (a men’s clothing … Continue Reading

Unixiz Settles COPPA Allegations with NJ AG

By Liisa Thomas on August 27, 2018 Posted in Children's Privacy, COPPA, Data Breach, Data Security, Online Privacy

Unixiz, operator of the i-Dressup site, reached an agreement with the New Jersey Attorney General to settle charges that the company had violated the Children’s Online Privacy Protection Act and the New Jersey’s Consumer Fraud Act. The New Jersey AG claimed that Unixiz violated these statutes by collecting information about children without first getting parental … Continue Reading

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree