Category Archives: Privacy

Subscribe to Privacy RSS Feed

Seventh Circuit Issues Landmark BIPA Decision

The Seventh Circuit has recently ruled that plaintiffs have standing to enforce the Illinois Biometric Information Privacy Act’s informed consent requirements in federal court. As we have written before, , BIPA regulates the collection, use, and retention of a person’s biometric information, e.g., fingerprints, face scans, etc. For years, federal trial courts have been split … Continue Reading

Using Health Data in Europe During COVID-19

The EDPB recently issued guidelines about how to use health data during the current pandemic in compliance with GDPR. Given the COVID-19 pandemic, there have been many research efforts in place to fight against the virus.  The EDPB’s guidelines shed light on the special rules for processing health data for scientific research, which apply in … Continue Reading

Privacy and Data Protection Enactment and Enforcement Timelines During COVID-19

During COVID-19, in certain areas of the law, we have seen significant flexibility from regulators and government agencies in how they are addressing typical approval processes and/or compliance requirements. In the context of privacy and cybersecurity regulations, largely, regulators are emphasizing that personal privacy and data security are important now more than ever. New information … Continue Reading

FTC Settles with Company Over Alleged Deceptive Security Practices

The FTC recently settled with smart lock maker Tapplock, Inc., a Canadian company, over allegations that it deceived consumers with false claims about its product’s security practices. These allegations arose based on vulnerabilities that a security researcher demonstrated – not in the aftermath of a data security breach where these complaints often originate.… Continue Reading

FCC Ruling Helps Clarify What COVID-19 Texts and Calls Are “Emergency” Under TCPA

The FCC recently issued a declaratory ruling explaining what calls and text message alerts it viewed as “emergency” for purposes of the Telephone Consumer Protection Act. Under TCPA, requirements to obtain consent to make certain calls and texts to cell phone numbers do not apply when a message is an “emergency.” Under the FCC’s new … Continue Reading

Apple Eases Push Notification and Other Privacy Restrictions

Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.”  This changes a prior -and longstanding- prohibition on push notices that contain such content. Customers must affirmatively opt in to get promotional push notices, though (“through consent language displayed in your app’s UI”). They must also be able … Continue Reading

Turn On the Camera Part Three: Fulfilling CCPA Training Obligations in the Face of COVID-19

As many who have been tracking CCPA are aware, the law requires training employees who handle consumer inquiries, and ensuring that employees understand how to help consumers exercise their rights. Since most of those rights requests are arriving by web page, email, and phone, it is unlikely that rights requests will slow in the face … Continue Reading

NY SHIELD Act Data Security Requirements Effective This Month

Businesses collecting personal information from New York residents will soon be expected to apply enhanced data security requirements. The New York SHIELD Act, signed into law in July 2019, expanded breach notice requirements in October 2019. Now, On March 21, 2020, the remaining provisions related to data security will also come into effect. As we … Continue Reading

FTC Releases 2019 Privacy and Security Year in Review

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a … Continue Reading

European Parliament Weighs in on Automated Decision-Making

The European Parliament recently issued a resolution directed at the European Commission on its concerns with automated decision-making processes and artificial intelligence. While the EU Parliament addresses several areas of automated decision-making, the underlying theme of this resolution is that the Commission should ensure that there is transparency and human oversight of these processes. In … Continue Reading

And the Modified Proposed CCPA Regulations are Here!

On February 10, the California Attorney General’s office released a highly anticipated updated draft of the proposed CCPA regulations. This draft corrected a version first issued on February 7, 2020. These latest updates follow the four public hearings held in December 2019 and nearly 1,700 pages of comments submitted after the AG first released the initial proposal … Continue Reading

FTC Finalizes Five Settlements Regarding Privacy Shield Claims

The FTC recently finalized settlements with five companies over allegations that they falsely claimed certification under the EU-U.S. Privacy Shield framework. In each complaint, the FTC alleged that DCR Workforce, Inc., Thru, Inc., LotaData, Inc., and 214 Technologies, Inc. made false and misleading representations when they stated that they participated under the Privacy Shield framework … Continue Reading

NAI’s 2020 Code Effective January 1 Along with CCPA

The Network Advertising Initiative, which provides guidance to advertisers who engage in personalized advertising, updated its Code of Conduct (2020 Code) earlier this year to address, inter alia, data collected offline and used for tailored advertising, as well as CCPA and TV-based tailored advertising. In anticipation of the January 1, 2020 effective date of the … Continue Reading

New European Data Protection Board Guidance on Data Protection by Design and by Default

The European Data Protection Board recently requested comments on its data protection “by design and default” guidelines. Comments are due by mid-January of next year. The Guidelines provide clarity about how to address GDPR’s requirement that companies take “appropriate” technical and organizational steps to protect personal information and individuals. Part of the law’s requirements, according … Continue Reading

The Privacy Shield Survives Another EU Commission Review, For Now…

The EU Commission concluded its third annual review of the EU-U.S. Privacy Shield and found that it continues to provide an adequate level of protection for EU personal data. The program was created as a mechanism to facilitate transfers of personal data from the EU to the US. It is reviewed annually by the EU … Continue Reading

California Follows Vermont, Requires Data Broker Registration

Joining Vermont, California will now require data brokers to register with the California Attorney General. The law was signed October 11, 2019. It applies to companies that “knowingly” collect and sell personal information about consumers with whom they do not have a “direct relationship.” They must register with the AG by January 31, 2020.… Continue Reading

A Single Text Message May Not Violate TCPA

As we reported in our sister blog, “One ‘Chirp, Buzz, Or Blink’ Is Not Enough To Sue Under the TCPA”, a recent court decision makes it more difficult for plaintiffs to establish standing under the Telephone Consumer Protection Act. In its decision, the Eleventh Circuit ruled that a single text message from an attorney to … Continue Reading

CNIL Issues Record-Keeping Guidance

Under GDPR, companies are required to keep certain records of their processing activities. There has been some question about the types of records controllers should keep. To help clarify the questions arising from many companies, CNIL issued guidance recently about how to fulfill record keeping obligations. The guidance includes an RPA template for controllers, and outlines contents to … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree