Category Archives: Privacy

Subscribe to Privacy RSS Feed

Maine Passes Broadband Privacy Bill

Elfin NoceBy Elfin Noce on Posted in Data Security, Telecommunications Privacy
Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers, in part, customer web browsing history, application usage history, and geolocation information. An internet service provider may only use, disclose, sell or permit … Continue Reading

Feds Want New IoT Guidance to Address Security Vulnerabilities

Townsend BourneElfin NoceBy Townsend Bourne and Elfin Noce on Posted in Cybersecurity, Data Security, Government Privacy, Internet of Things
“Internet of Things” devices are listening.  And now the federal government is taking notice. As we reported in our Government Contracts and Investigations blog, to date, federal cybersecurity regulations for government contractors focus on implementing safeguards to protect sensitive government data. A gap has emerged where the federal government purchases IoT devices. Those devices collect and send data … Continue Reading

Utah Requires Law Enforcement Search Warrants

Elfin NoceBy Elfin Noce on Posted in Consumer Privacy, Data Security
Effective this week, law enforcement in Utah will need a search warrant to obtain for certain electronic records. The new state legislation looks to expand privacy protections for content that consumers store online. Generally, the third-party doctrine limits the protection this type of information receives under Fourth Amendment protections against unreasonable searches and seizures. The … Continue Reading

EDPB Seeks Comment On Online Services Guidance

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy, GDPR
The European Data Protection Board is seeking comment about proposed guidelines that impact websites that provide online services. This might include services a user pays for, or where the fee is indirect (the services being funded through advertising dollars, for example). The EDPB guidance points out that these services typically fall under the provision of … Continue Reading

UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies

Liisa ThomasBy Liisa Thomas on Posted in Behavioral Advertising, Children's Privacy, EU Privacy, Online Privacy
The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member information with third parties like Acxiom and Equifax). Here, in reaching its conclusion that the company had … Continue Reading

Washington State’s Comprehensive Privacy Law Bill Continues to Navigate Through State Legislature

Alyssa ShauerBy Alyssa Shauer on Posted in CCPA, Consumer Privacy, GDPR
The Washington Privacy Act (SB 5376) is making its way through that state’s House after gaining nearly unanimous approval in the state Senate just weeks after being introduced. This bill promises to overhaul how Washington protects the personal information of its residents. The proposed Act closely mirrors the California Consumer Privacy Act of 2018 (CCPA) … Continue Reading

FTC Looks Back at 2018

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy, Data Security, FTC
As we enter into the second quarter of the year, the FTC has released its annual report on privacy and data security, and the steps it took in those areas over the course of 2018. The report includes summaries of its actions against companies for alleged violations of the FTC Act,  CAN-SPAM, and COPPA, among … Continue Reading

UK ICO Settles with Marketer Over Unsolicited Email Messages

Liisa ThomasBy Liisa Thomas on Posted in Communication Privacy, EU Privacy
Grove Pension Solutions Ltd is a UK-based company that helps people get “pension releases,” i.e. getting money out of their pensions. The company uses a vendor to conduct lead generation. That vendor would identify individuals who had given consent to get messages on a variety of third party websites (including for example, soapboxsurvey.co.uk). None of … Continue Reading

France Continues to Focus on Use of Biometrics

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy
The French CNIL (the country’s data protection authority) has released rules for how companies can use the biometric information of their employees. Fingerprint scanning is a popular method for “clocking in” around the globe, and like the biometric laws in the US (in particular in Illinois, which we have written about here), it has fallen … Continue Reading

European Data Protection Board’s Priorities for 2019/2020

Liisa ThomasBy Liisa Thomas on Posted in EU Privacy, GDPR
The European Data Protection Board (EDPB) has released its priorities for 2019/2020 in its two-year “Work Program.” The EDPB is charged with issuing guidelines and opinions about GDPR, advising the European Commission about privacy-related issues, to help with the “consistent application” of GDPR, and to promote cooperation among the EU Member States’ supervisory authorities. Among … Continue Reading

UK’s ICO Brings Texting Enforcement Action, Fines Vote Leave 40,000 Pounds

Liisa ThomasBy Liisa Thomas on Posted in Communication Privacy, Consumer Privacy, EU Privacy
Prior to the “Brexit” vote in 2016, the pro-Brexit campaign, Vote Leave, sent almost 200,000 unsolicited texts in violation of the Privacy and Electronic Communications Regulations (PECR), according to a recent settlement it reached with the ICO. Under those regulations, as the ICO outlines in its PECR guidance, consumers must either have opted into receiving … Continue Reading

E-Cig Company Settles Online Behavioral Advertising Inquiry

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy, Online Privacy
A Dutch e-cigarette company recently settled a self-regulatory inquiry over its online behavioral advertising practices. The Accountability Program (a US self-regulatory group that oversees online and interactive behavioral advertising) found that the company, Fontem, did not provide sufficient methods for individuals to opt out of online behavioral advertising (OBA). The Accountability Program enforces the Digital … Continue Reading

Happy First Day of Spring! Ohio Insurance Law Effective Today

Amber ThomsonLiisa ThomasElfin NoceKari RollinsBy Amber Thomson, Liisa Thomas, Elfin Noce and Kari Rollins on Posted in Consumer Privacy, Cybersecurity, Data Security
Ohio recently followed South Carolina as the second state to adopt cybersecurity legislation modeled after the NAIC’s Insurance Data Security Model Law. The Ohio law, Senate Bill 273, applies to insurers authorized to do business in Ohio and goes into effect today, March 20, 2019 (the first day of Spring). Companies have, under the law, … Continue Reading

New York Department of Financial Services Releases Letter Regarding Third Party Data Sources

Liisa ThomasBy Liisa Thomas on Posted in Consumer Privacy
In a recent letter, the New York Department of Financial Services provided guidance for insurers who use third party data to help with their underwriting decisions. The letter was drafted in response to reports that insurers are getting information about potential insureds from many “unconventional” data sources, including those that contain predictive models and algorithms. … Continue Reading

Talk About Ironic: Brexit Group Fined Under EU-Related Privacy Regulations

Jonathan E. MeyerEmilio CazaresBy Jonathan E. Meyer and Emilio Cazares on Posted in EU Privacy, GDPR
In an ironic twist, the British Information Commissioner’s Office (ICO) recently fined a Brexit advocacy group for violating regulations issued under an EU directive.  The fines, totaling £120,000,  were levied against Leave.EU and a related insurance company, Eldon Insurance, for sending marketing emails to each other’s subscribers without sufficient consent.  Leave.EU had sent marketing emails … Continue Reading

Cyber Concerns Lead to EU Recall of a Connected Kids Devices

Liisa ThomasJonathan E. MeyerElfin NoceBy Liisa Thomas, Jonathan E. Meyer and Elfin Noce on Posted in Children's Privacy, Consumer Privacy, EU Privacy, Internet of Things
Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their children. According to the European Commission, security issues with the device could allow a hacker to access a user’s data, including location … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

Jonathan E. MeyerElfin NoceBy Jonathan E. Meyer and Elfin Noce on Posted in Consumer Privacy, Cybersecurity, Data Breach, Data Security, Privacy
In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

EU and Japan Finalize Data Transfer Deal

By Sheppard Mullin on Posted in Cross-Border Data Transfers, EU Privacy
As we previously reported the EU and Japan reached a tentative deal last summer to ease data transfer restrictions between them. That deal has now been approved by both the European Commission and by Japan and is effective immediately. When the tentative deal was reached, Japan promised to add several new data protection safeguards. Those included … Continue Reading

Canada’s PIPEDA Consent Guidelines Now In Effect

Liisa ThomasAmber ThomsonBy Liisa Thomas and Amber Thomson on Posted in Canadian Privacy, Consumer Privacy
Canada’s new guidelines for obtaining consent under PIPEDA are now in effect. Last year federal Office of the Privacy Commissioner and the Alberta and British Columbia Offices of the Information and Privacy Commissioner jointly issued the guidelines, which outline how to get “meaningful” consent. The OPC will now apply the guidelines when looking at how … Continue Reading

CBPR System Grows with Entry of Australia and Chinese Taipei

Liisa ThomasAmber ThomsonBy Liisa Thomas and Amber Thomson on Posted in Cross-Border Data Transfers, International Privacy, Privacy
2018 saw two new members of APEC’s Cross Border Privacy Rules (CBPR) system: Australia and Chinese Taipei. They join the US, Mexico, Canada, Japan, South Korea and Singapore. As we have reported on previously, the CBPR system is meant to help companies transfer information between participating countries. In the coming months, Australia’s Attorney General plans to … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree