Tracking

Illinois High Court Rules “Per-Scan” Damages Can Be Awarded Under BIPA

By Anne-Marie Dao & David Poell on March 2, 2023

Posted in Biometric Information Privacy Act, Biometrics, Illinois Privacy, Tracking, US Privacy

February 2023 was a momentous month for Illinois’ Biometric Information Privacy Act (BIPA). Just two weeks after imposing a 5-year time limit for all BIPA claims, the Illinois Supreme Court resolved another pressing issue. In Cothron v. White Castle System, Inc., the Illinois Supreme Court considered whether a BIPA claim accrues every time a company scans or transmits a person’s biometric identifier (e.g., fingerprint) without consent. In a closely divided 4-3 ruling, the Court answered “yes.”…

Continue Reading Illinois High Court Rules “Per-Scan” Damages Can Be Awarded Under BIPA

Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

By David Poell & Alyssa Sones on February 10, 2023

Posted in Biometrics, Illinois Privacy, Tracking

A plaintiff has her fingerprints forever. But she doesn’t have forever to file a lawsuit for improper retention, deletion, collection, or use of her fingerprints. For years, Illinois courts have been perplexed on what statute of limitations applies to different claims under the Illinois Biometric Information Privacy Act (“BIPA”). That left an unanswered question: how long does a plaintiff have to file a BIPA claim before losing it? The Illinois Supreme Court weighed in last week, siding with the plaintiffs’ bar. In Tims v. Black Horse Carriers, Inc., that Court held that plaintiffs have five years to file any BIPA claim.…

Continue Reading Illinois High Court Allows Biometric Privacy Claims to Go Back Five Years

Illinois Appellate Court Weighs in on Biometric Data Policies

By David Poell & Kari Rollins on December 14, 2022

Posted in Biometrics, Illinois Privacy, Tracking, US Privacy

An Illinois state appellate court’s recent ruling will impact how companies consider compliance with Illinois’ Biometric Information Privacy Act (BIPA). That court ruled companies must have a BIPA-compliant written retention-and-destruction policy in place before collecting and possessing biometric data. The decision makes clear that mere possession of biometric data triggers the duty to develop the necessary written BIPA policy. In relevant part, under BIPA’s section 15(a), companies must establish a written, publicly-available policy that governs their retention and destruction of biometric data.…

Continue Reading Illinois Appellate Court Weighs in on Biometric Data Policies

White House Releases Guidance on AI

By Elfin Noce on November 10, 2022

Posted in Artificial Intelligence, Tracking, US Privacy

The White House recently released its Blueprint for an AI Bill of Rights in an effort to guide the discussion on the design, use and deployment of AI in systems that impact the American public. The Blueprint outlines the following five guiding principles:…

Continue Reading White House Releases Guidance on AI

CFPB Sues Payment Platform Over Dark Patterns

By Moorari Shah, A.J. Dhaliwal & Alyssa Paddock on October 27, 2022

Posted in CFPB, Dark Patterns, Financial Privacy, Tracking

On October 18, the CFPB sued a software company for utilizing their online payment platform to enroll unknowing consumers into annual subscriptions through deceptive acts and “dark pattern” techniques in violation of the CFPA and EFTA. Among other things, the complaint alleges that the company encouraged consumers to unknowingly enroll in free trials and converted the free trials into annual subscriptions through a “negative option” renewal policy (our sister blog covered “negative option” marketing in a previous post here). During this process, the company allegedly collected consumers’ registration information and consumer payments data (e.g., credit or debit card number) so that it could transmit the consumer payments data through its payments systems. …

Continue Reading CFPB Sues Payment Platform Over Dark Patterns

IAB Steps In State Signal Morass

By Liisa Thomas & Julia Kadish on October 25, 2022

Posted in California Privacy, Tracking, US Privacy

Companies who participate in the AdTech and digital advertising eco-system are very familiar with the Interactive Advertising Bureau and its form advertiser agreements. Those agreements can help streamline negotiations, presenting the parties with, essentially, a pre-negotiated approach to common issues. When CCPA was passed, IAB updated its form to address that law and address consumer notice and consent. With the upcoming laws in California, Colorado, Connecticut, Utah and Vermont, the document is now outdated.…

Continue Reading IAB Steps In State Signal Morass

New York City Set To Regulate Employment Decisions Made By AI

By Kari Rollins & Charles Glover on September 28, 2022

Posted in Artificial Intelligence, Employee Privacy, New York Privacy, Tracking

Beginning January 1, 2023, New York City will restrict employers from using artificial intelligence to make employment decisions unless they follow certain guidelines. The local law applies to employment decisions made “within the city” regarding job applicants and promotion decisions.…

Continue Reading New York City Set To Regulate Employment Decisions Made By AI

DAA Issues Warning On Device Fingerprinting

By Brittany Walter & Liisa Thomas on March 23, 2022

Posted in Behavioral Advertising, Consumer Privacy, Online Privacy, Tracking, US Privacy

The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.
Continue Reading DAA Issues Warning On Device Fingerprinting

FTC Surveillance App Settlement Signals Concern Over Deceptive Tracking

By Liisa Thomas & Harrison Schafer on September 22, 2021

Posted in Data Breach, Data Security, FTC, Tracking, US Privacy

The FTC recently settled with a surveillance app operator over allegations that the company facilitated the secret harvesting of personal information. According to the FTC, the main users of Support King, LLC’s “SpyFone” app were bad actors who used the tool to remotely monitor users’ physical and digital activities. The FTC dismissed the company’s argument that the users were employers and parents as a “pretext.” It felt neither group would want to use the product, which to install required minimizing the device’s security settings and potentially voiding the device warranty.
…
Continue Reading FTC Surveillance App Settlement Signals Concern Over Deceptive Tracking

Baltimore Blows By Brother Burghs with Big Biometrics Ban

By Liisa Thomas & Charles Glover on September 14, 2021

Posted in Data Privacy, Tracking, US Privacy

Baltimore recently prohibited several uses of “face surveillance” technology. Under the new law companies cannot use systems that identify or verify individuals based on their face. The law also prohibits saving information gathered from these systems. Getting an individual’s consent is not a way around the prohibition. Nor is promising not to connect information gathered with other personal information.
…
Continue Reading Baltimore Blows By Brother Burghs with Big Biometrics Ban

Eye On Privacy