online privacy

Subscribe to online privacy

Texas has joined Arkansas and Utah as the third state to impose requirements on social media accounts for those under 18. Namely, with the Securing Children Online through Parental Empowerment Act (“SCOPE Act”), Texas will place requirements on “digital service providers.” The law goes into effect September 1, 2024. It does not provide for a private right of action. Instead, enforcement will be by the Texas attorney general.

Continue Reading Texas’ SCOPE Act Puts Focus on Social Media and Minors

X Corp., the company formerly known as Twitter, recently sued Bright Data over its site scraping activities. Bright Data is a data collection company and advertises—among other services—its “website scraping” solutions. Scraping is not new, nor are lawsuits attempting to stop the activity. We may, though, see a rise in these suits with the rise in companies using them in conjunction with generative AI tools.

Continue Reading Scraping the Bottom of the Barrel: X Corp. Sues Bright Data Over Site Scraping

Florida has become the latest state to enact a comprehensive privacy law this year when SB 262 was signed by Governor DeSantis last week. It combines some new, and some familiar, provisions. It has also passed a child privacy law, similar to parts of California’s Age Appropriate Design Act, going into effect July 1, 2024.

Continue Reading Another Governor Signs: Florida Privacy Law Will be Effective July 2024

The Utah legislature recently passed SB 152 and HB 311. While these two bills will primarily impact those who are “social media” entities under the law, they may have broader impact when the majority of their requirements take effect, on March 1, 2024.

Continue Reading The Beehive State Joins the Buzz Around Minors and Social Media

Companies are continuing to find it hard to navigate the legal landscape of website accessibility. Plaintiff’s lawyers argue that “inaccessible” websites or mobile apps fail to comply with the Americans With Disabilities Act or similar state laws. This despite the absence of standards for website accessibility in these laws. Similarly, while the Department of Justice does not have a regulation setting out detailed website accessibility standards, the Department’s position has been that the Americans with Disabilities Act’s general nondiscrimination and effective communication provisions apply to web accessibility. 

Continue Reading The Rough Waters of Website Accessibility

Following its 2021 Dark Patterns enforcement policy, the FTC recently issued a staff report on the practice. The report summarized many of the cases the agency has brought against companies it alleges have engaged in “dark patterns” designed to “get consumers to part with their money or data.” These include using design elements that induce false beliefs, that delay important and material information, that lead to unauthorized charges, or that subvert or confuse privacy choices.

Continue Reading FTC Renews Focus on Dark Patterns

The Children’s Advertising Review Unit recently settled with TickTalk Tech, LLC over its information collection practices. CARU, a self-regulatory body that reaches voluntary settlements with companies, conducts regular audits of privacy practices by companies in the child space. During one such audit, it identified concerns over TickTalk Tech’s kids smart watch, TickTalk4.

Continue Reading Smart Watch Maker Settles with CARU Over Privacy Policy and Parental Consent

The Digital Advertising Accountability Program, which enforces privacy principles for digital advertising, issued a compliance warning to advertisers regarding device fingerprinting. This warning is worth keeping in mind, since the “fingerprinting” practice is rising in more and more industries.
Continue Reading DAA Issues Warning On Device Fingerprinting

Google Play’s “data safety form” is now live. Developers can now submit the form for early review and feedback. Starting in April 2022, Google will require this label and a privacy policy for all new and existing apps. This is similar to Apple. Before, only apps that collected personal and sensitive user data needed to share a privacy policy in Google’s store.

Continue Reading Google’s Privacy “Data Safety” Form Is Now Available

Apple has issued new guidelines for apps that let people create accounts. The guidelines will require these apps to give people a way to delete their accounts. This requirement is broader than CCPA and GDPR deletion rights, as it applies to all users (not just those from specific territories). The requirements go into effect for submissions starting January 31, 2022.

Continue Reading Apple To Require Ability to Delete Accounts In-App

New York City recently amended its law governing third party delivery services, with the changes going into effect December 27, 2021. The revised law specifically permits restaurants to ask for customers’ personal information from the delivery service. The delivery service, in turn, must tell consumers about the potential sharing “in a conspicuous manner” on its website and give people the ability to opt-out of such sharing.  That notice needs to indicate that the person’s information will be shared with the restaurant, and needs to identify the restaurant.

Continue Reading Impact of NYC’s New Delivery Service Data Sharing Requirement