Category Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

Cyber Concerns Lead to EU Recall of a Connected Kids Devices

Citing cybersecurity concerns with a children’s smartwatch, the European Commission recently issued a recall of the device. The Safe-KID-One is a smartwatch that gives parents the ability to track and communicate with their children. According to the European Commission, security issues with the device could allow a hacker to access a user’s data, including location … Continue Reading

Court Finds Cybersecurity-Related Claims Sufficient in Securities Class Action

In the aftermath of Equifax’s data breach, a federal court recently found that allegations of poor cybersecurity coupled with misleading statements supported a proper cause of action. In its decision, the U.S. District Court for the Northern District of Georgia allowed a securities fraud class action case to continue against Equifax. The lawsuit claims the company issued … Continue Reading

Canada’s PIPEDA Consent Guidelines Now In Effect

Canada’s new guidelines for obtaining consent under PIPEDA are now in effect. Last year federal Office of the Privacy Commissioner and the Alberta and British Columbia Offices of the Information and Privacy Commissioner jointly issued the guidelines, which outline how to get “meaningful” consent. The OPC will now apply the guidelines when looking at how … Continue Reading

2019 is the Year of . . . CCPA?

Everyone who has been paying attention to privacy news knows that January 1, 2020 is the implementation date of the California Consumer Protection Act, and July 1, 2020 is the current deadline for enforcement to begin. July 2020 is also the current deadline for the California AG to implement regulations under CCPA. Read more about the … Continue Reading

Live Free or Die Trying—New Hampshire Voters Enshrine Right to Privacy in State’s Constitution

On Election Day 2018, in the State that boasts the official motto of “Live Free or Die,” over 80% of New Hampshire voters overwhelmingly approved an amendment to the State Constitution enshrining an explicit “right to privacy” to New Hampshire residents. Question 2 on New Hampshire ballots asked voters to approve (or reject) the following … Continue Reading

Update on Enforcement of China’s Cybersecurity Law

Companies doing business in China may see an increase in enforcement actions with the enactment of a new cybersecurity regulation and the enforcement powers of the Public Security Bureaus (PSBs) officially codified. The regulation – Provisions on Internet Security Supervision and Inspection by Public Security Organs – is now in effect, more than a year … Continue Reading

Ninth Circuit Opens Door for More Expansive Meaning of ATDS in TCPA Cases

In the recent case of Marks v. Crunch San Diego, LLC, 904 F.3d 1041 (9th Cir. 2018) the Ninth Circuit broadly interpreted the TCPA’s definition of automatic telephone dialing system (often referred to as ATDS) to include devices with the capacity to dial stored numbers automatically. The device at issue in Marks is called the … Continue Reading

Supermarket Held Vicariously Liable in UK’s First Data Leak Class Action

UK supermarket chain Morrisons has been held vicariously liable for the acts of a malicious employee in the UK’s first data leak class action. The issue began in 2014, when a disgruntled Morrison’s internal IT auditor posted to a public file-sharing website the payroll data of nearly 100,000 employees (including names, addresses, dates of birth, … Continue Reading

UK’s Data Protection Authority Enforces GDPR

The UK’s Information Commissioner’s Office (ICO) has issued its first GDPR notice to Canadian data analytics firm AggregateIQ Data Services Ltd. The company uses personal data to target political advertising at voters prior to elections. The ICO was concerned about the firm’s use of targeted advertising in the UK’s 2016 EU referendum and the 2016 … Continue Reading

California Pioneers IoT Security Legislation

California’s governor recently signed into law a bill requiring connected device manufacturers to include “reasonable” security features for connected devices sold in California. The law doesn’t go into effect until January 1, 2020, and requires that the devices have security “appropriate to the nature and function of the device” and appropriate to the type of … Continue Reading

Apple Imposes Privacy Policy Requirement for All Apps Operating on its Platform

As Apple recently reminded developers, starting on October 3, 2018 it will require all apps being submitted for distribution through its app store, or for testing by its TestFlight service, to have a publicly posted privacy policy. This requirement was incorporated into Apple’s App Store Review Guidelines and will apply to all new apps, as … Continue Reading

The California Consumer Privacy Law (CCPA) Is Coming: What Should Your Company Do Now?

As has been widely reported, California’s new privacy regime entitled the California Consumer Privacy Act of 2018, or CCPA, is set to come into effect on January 1, 2020. The law constitutes an expansion beyond California’s existing privacy laws, in particular California’s existing Shine the Light Law and the California Online Privacy Protection Act. Various … Continue Reading

FTC Pursuing, and Getting More Specific, About Privacy Post-LabMD Finding

The Eleventh Circuit recently issued a long awaited ruling in the LabMD case. In that case, the FTC had gone after a cancer detection facility that suffered a data breach.  The agency criticized the company for lax data security and in July 2016 issued a broad order against the company requiring changes to the company’s … Continue Reading

FTC Provides Insight into COPPA Deletion Requirements

The Federal Trade Commission recently posted a blog entry reminding companies about the deletion requirements under the Children’s Online Privacy Protection Act. Namely, that companies under the Act must give parents the right to review and delete their children’s information. In addition COPPA also requires companies to delete children’s personal information when the information is … Continue Reading

FTC Signals that It Will Enforce Statements of GDPR Compliance

Just as companies may be catching their breath after sprinting to get ready for GDPR in time for its recent implementation date, the FTC has now entered the enforcement fray. It has stated that, where companies are choosing to apply GDPR protections to American consumers, the FTC may enforce any failures to abide by those commitments. … Continue Reading

FTC Outlines Expected Privacy Program Elements in BLU Settlement

The FTC recently settled with the mobile phone company BLU Products, Inc., over allegations that the company was letting one of its vendors pull extensive and detailed personal information off of users’ phones. According to the FTC, BLU phones were pre-loaded with firmware updating tools made by ADUPS Technology. ADUPS, through its software, was then … Continue Reading

DoC Comments on Privacy Shield In Advance of GDPR

The Department of Commerce issued an update to explain how it has supported the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks. As we have written previously, the Shield gives E.U. companies a basis under which it can send personal data to entities in the U.S. The comments from Commerce come after the Europeans raised concerns about the … Continue Reading

FTC Expresses Concerns Over Mobile Security Updates

In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between … Continue Reading

Dawn of the New FTC

On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and … Continue Reading

Biometric Breakdown Part IV – Protecting

In continuing our series on biometrics, we conclude with an analysis of protection requirements and risks. Illinois, Texas, and Washington—the three states which have thus far implemented specific biometric privacy laws—each require companies to reasonably protect biometric data in their possession. Illinois and Texas have further specified that the data must be protected to the … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree