Category Archives: Consumer Privacy

Subscribe to Consumer Privacy RSS Feed

UK’s Data Protection Authority Enforces GDPR

The UK’s Information Commissioner’s Office (ICO) has issued its first GDPR notice to Canadian data analytics firm AggregateIQ Data Services Ltd. The company uses personal data to target political advertising at voters prior to elections. The ICO was concerned about the firm’s use of targeted advertising in the UK’s 2016 EU referendum and the 2016 … Continue Reading

California Pioneers IoT Security Legislation

California’s governor recently signed into law a bill requiring connected device manufacturers to include “reasonable” security features for connected devices sold in California. The law doesn’t go into effect until January 1, 2020, and requires that the devices have security “appropriate to the nature and function of the device” and appropriate to the type of … Continue Reading

Apple Imposes Privacy Policy Requirement for All Apps Operating on its Platform

As Apple recently reminded developers, starting on October 3, 2018 it will require all apps being submitted for distribution through its app store, or for testing by its TestFlight service, to have a publicly posted privacy policy. This requirement was incorporated into Apple’s App Store Review Guidelines and will apply to all new apps, as … Continue Reading

The California Privacy Law Is Coming: What Should Your Company Do Now?

As has been widely reported, California’s new privacy regime is set to come into effect on January 1, 2020. The law constitutes an expansion beyond California’s existing privacy laws, in particular California’s existing Shine the Light Law and the California Online Privacy Protection Act. Various provisions of the new law will apply to businesses with … Continue Reading

FTC Pursuing, and Getting More Specific, About Privacy Post-LabMD Finding

The Eleventh Circuit recently issued a long awaited ruling in the LabMD case. In that case, the FTC had gone after a cancer detection facility that suffered a data breach.  The agency criticized the company for lax data security and in July 2016 issued a broad order against the company requiring changes to the company’s … Continue Reading

FTC Provides Insight into COPPA Deletion Requirements

The Federal Trade Commission recently posted a blog entry reminding companies about the deletion requirements under the Children’s Online Privacy Protection Act. Namely, that companies under the Act must give parents the right to review and delete their children’s information. In addition COPPA also requires companies to delete children’s personal information when the information is … Continue Reading

FTC Signals that It Will Enforce Statements of GDPR Compliance

Just as companies may be catching their breath after sprinting to get ready for GDPR in time for its recent implementation date, the FTC has now entered the enforcement fray. It has stated that, where companies are choosing to apply GDPR protections to American consumers, the FTC may enforce any failures to abide by those commitments. … Continue Reading

FTC Outlines Expected Privacy Program Elements in BLU Settlement

The FTC recently settled with the mobile phone company BLU Products, Inc., over allegations that the company was letting one of its vendors pull extensive and detailed personal information off of users’ phones. According to the FTC, BLU phones were pre-loaded with firmware updating tools made by ADUPS Technology. ADUPS, through its software, was then … Continue Reading

DoC Comments on Privacy Shield In Advance of GDPR

The Department of Commerce issued an update to explain how it has supported the E.U.-U.S. and Swiss-U.S. Privacy Shield frameworks. As we have written previously, the Shield gives E.U. companies a basis under which it can send personal data to entities in the U.S. The comments from Commerce come after the Europeans raised concerns about the … Continue Reading

FTC Expresses Concerns Over Mobile Security Updates

In its recent report (Mobile Security Updates: Understanding the Issues), the FTC expressed concerns with the process for keeping mobile devices updated and secure. Of particular concern for the FTC were inconsistencies in the length of time that support is offered for mobile devices, the frequency of updates and the perceived lapse of time between … Continue Reading

Dawn of the New FTC

On April 26, the Senate voted to confirm nominees to all five Commissioner slots on the Federal Trade Commission. It was the first time the entire FTC has been confirmed at once since its founding in 1914. The new roster of Commissioners raises new questions about the role the FTC will play in cybersecurity and … Continue Reading

Biometric Breakdown Part IV – Protecting

In continuing our series on biometrics, we conclude with an analysis of protection requirements and risks. Illinois, Texas, and Washington—the three states which have thus far implemented specific biometric privacy laws—each require companies to reasonably protect biometric data in their possession. Illinois and Texas have further specified that the data must be protected to the … Continue Reading

Biometric Breakdown Part III – Sharing

We’ve looked in our series to what companies should do when collecting biometric information, and now we turn to issues around sharing biometric information. The three states which have thus far enacted specific biometric privacy legislation—Illinois, Texas, and Washington—each place restrictions upon the sharing of biometric information. Illinois has imposed a blanket prohibition upon the … Continue Reading

Biometric Breakdown Part II – Collection

Continuing our series, we look today at what a company should think about when collecting biometric data. Three U.S. states—Illinois, Texas, and Washington—have laws on-point. The Illinois statute is the most specific requiring written notice disclosing the purpose of collection and the length of time biometric information will be stored. It also requires companies to … Continue Reading

Biometric Breakdown – Part I

Technologies which use permanent physical characteristics for identification are increasingly popular. These “biometric” identifiers offer clear advantages over traditional passwords and keys: they can’t be lost or forgotten, and they are much more difficult to steal. No longer only the stuff of spy thrillers and science fiction, fingerprint and facial geometry scans are now commonly … Continue Reading

Federal Court Curbs FCC Robocall Restrictions

The Court of Appeals for the District of Columbia Circuit recently set aside two key provisions of the Federal Communication Commission’s Declaratory Ruling and Order issued in 2015. Namely, the FCC’s definition of autodialing equipment covered by the TCPA and its approach to reassigned telephone numbers. The ruling has been seen as a major victory … Continue Reading

Privacy, Data Security, and Your Board: Day Five

In our final installment on privacy, cyber security, and your board, we look at privacy and cyber issues in M&A. So you are thinking about acquiring a new entity? Divesting of current one? Due diligence will need to be conducted to best understand and evaluate privacy and data security issues and risks. Your board will … Continue Reading

Privacy, Data Security, and Your Board: Day Four

In our fourth installment of privacy, data (cyber) security, and your board, we look at crisis management and data breach issues. As part of providing appropriate duty of care and oversight, board members will want to ensure that the company has an incident response plan in place. They should review and understand the plan. They … Continue Reading

Privacy, Data Security, and Your Board: Day Three

In our ongoing conversation about privacy, data security and your board, we turn next to cyber insurance and vendor management. Boards, when executing their duty of care, should keep in mind that while there may be some coverage for data incidents under a company’s CGL and D&O policies, there may be significant gaps in coverage … Continue Reading

Car Dealer’s Attempt to Crash Data Privacy Class Action Sputters Out

A Texas court recently affirmed the vitality of potential nationwide class actions brought under the federal Driver’s Privacy Protection Act (“DPPA”), in a case brought by an individual whose personal information had allegedly been obtained illegally from the Texas DMV database. The case was filed by a local individual, Arthur Lopez, who complained of getting … Continue Reading

How to Prepare Interest-Based Video Ads for the April 1 Deadline

The Better Business Bureau’s Online Interest Based Advertising Accountability Program announced that that it will require interest-based video ads to provide notice and choice to viewers as of April 1, 2018, as we reported in our Advertising blog, in compliance with the Digital Advertising Alliance’s self-regulatory principles for interest-based advertising. As providers of interest-based video … Continue Reading

2018: The Year of the FTC and Informational Injuries?

What constitutes actionable consumer injuries post-breach or data misuse is a hotly contested topic. As we reported in our Advertising blog late last year the FTC hosted a workshop on December 12th to look at the issue. A large focus during the workshop was what constitutes harm to consumers. While there is a school of thought that … Continue Reading
LexBlog

By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would like to stop cookies being stored on your device in the future, you can find out more and adjust your preferences here.

Agree