targeting

Illinois Appellate Court Weighs in on Biometric Data Policies

By David Poell & Kari Rollins on December 14, 2022

Posted in Biometrics, Illinois Privacy, Tracking, US Privacy

An Illinois state appellate court’s recent ruling will impact how companies consider compliance with Illinois’ Biometric Information Privacy Act (BIPA). That court ruled companies must have a BIPA-compliant written retention-and-destruction policy in place before collecting and possessing biometric data. The decision makes clear that mere possession of biometric data triggers the duty to develop the necessary written BIPA policy. In relevant part, under BIPA’s section 15(a), companies must establish a written, publicly-available policy that governs their retention and destruction of biometric data.…

Continue Reading Illinois Appellate Court Weighs in on Biometric Data Policies

White House Releases Guidance on AI

By Elfin Noce on November 10, 2022

Posted in Artificial Intelligence, Tracking, US Privacy

The White House recently released its Blueprint for an AI Bill of Rights in an effort to guide the discussion on the design, use and deployment of AI in systems that impact the American public. The Blueprint outlines the following five guiding principles:…

Continue Reading White House Releases Guidance on AI

CFPB Sues Payment Platform Over Dark Patterns

By Moorari Shah, A.J. Dhaliwal & Alyssa Paddock on October 27, 2022

Posted in CFPB, Dark Patterns, Financial Privacy, Tracking

On October 18, the CFPB sued a software company for utilizing their online payment platform to enroll unknowing consumers into annual subscriptions through deceptive acts and “dark pattern” techniques in violation of the CFPA and EFTA. Among other things, the complaint alleges that the company encouraged consumers to unknowingly enroll in free trials and converted the free trials into annual subscriptions through a “negative option” renewal policy (our sister blog covered “negative option” marketing in a previous post here). During this process, the company allegedly collected consumers’ registration information and consumer payments data (e.g., credit or debit card number) so that it could transmit the consumer payments data through its payments systems. …

Continue Reading CFPB Sues Payment Platform Over Dark Patterns

Tools for Understanding Global Privacy Obligations

By Liisa Thomas & Michael Cohen on September 8, 2021

Posted in Big Data, EU Privacy, Global Privacy, US Privacy

Companies are struggling to understand how to comply with rapidly changing and sometimes conflicting privacy obligations. For entities outside of the US seeking to do business in the States, approaching and understanding the patchwork of state and federal privacy laws can be daunting, especially since US privacy laws vary depending on the type of activities in which companies engage, the individuals from whom they gather or use information, and the industry in which the company operates. While there are some “general” privacy laws (notably in California and Virginia) those are the exception rather than the rule.
…
Continue Reading Tools for Understanding Global Privacy Obligations

What to Watch in Artificial Intelligence in 2021

By Liisa Thomas & Siraj Husain on February 10, 2021

Posted in Biometrics

Artificial intelligence continues to be a focus and concern for businesses, regulators, and lawmakers alike. As we recently wrote, there was much activity and focus on artificial intelligence and the impact on privacy laws. In addition to legal developments, there have been advancements in AI business technologies by major multinational technology firms, something focused on this post in our sister Intellectual Property Law Blog. There has been an arms race underway by the world’s leading economies to win the estimated $13 Trillion of GDP this field stands to award the winner. In a recent podcast episode, partners Siraj Husain and Michael P.A. Cohen discuss these developments, risks, and solutions that businesses are experiencing.
Continue Reading What to Watch in Artificial Intelligence in 2021

FTC Provides Direction on AI Technology

By Jonathan E. Meyer & Liisa Thomas on May 5, 2020

Posted in Consumer Privacy, FTC

The FTC recently issued comments on how companies can use artificial intelligence tools without engaging in deceptive or unfair trade practices or running afoul of the Fair Credit Reporting Act. The FTC pointed to enforcement it has brought in this area, and recommended that companies keep in mind four key principles when using AI tools. While much of their advice draws on requirements for those that are subject to the Fair Credit Reporting Act (FCRA), there are lessons that may be useful for many.
Continue Reading FTC Provides Direction on AI Technology

UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies

By Liisa Thomas on April 18, 2019

Posted in Behavioral Advertising, Children's Privacy, EU Privacy, Online Privacy

The ICO first began its examination of Bounty UK Ltd. (a support club for parents) when the ICO was investigating the data brokerage industry generally, of which it viewed Bounty as taking part (given that it shared member information with third parties like Acxiom and Equifax). Here, in reaching its conclusion that the company had violated UK privacy laws, the ICO found the volume of sharing in which Bounty engaged “unprecedented,” and accused the company of both “careless data-sharing” as well as violations of the UK law that pre-dated GDPR (the violation having occurred prior to the law’s May 2018 implementation date). Interestingly, the violation has been described by commentators as a “data breach,” although it did not involve the typical “hacker” scenario that one thinks of when contemplating a breach. Instead, the company collected information and shared it with third parties without appropriate notice and consent.
Continue Reading UK ICO Fines Parenting Club £400,000 Over Breach Involving PII of Mothers and Babies

No Federal Court Standing for BIPA Violation Without Injury

By Sheppard Mullin on January 16, 2019

Posted in Biometric Information Privacy Act, Biometrics, Employee Privacy

A lawsuit against US Cold Storage under the Biometric Information Privacy Act was recently dismissed because, the court held, the violations of the law were merely technical. As a result, the plaintiff did not have sufficient standing. This decision echoes the other cases we have reported on recently.
Continue Reading No Federal Court Standing for BIPA Violation Without Injury

Eye On Privacy