Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Monthly Archives: February 2012

FTC Approves New COPPA Safe-Harbor Program

Posted in Children's Privacy, Federal Trade Commission, United States

The Federal Trade Commission on Feb. 24 announced it had approved a new safe-harbor program for online services that are subject to the Children’s Online Privacy Protection Act (COPPA), a federal law that regulates the online collection of personal information from children under 13. Under COPPA and the FTC’s implementing rule, online services that comply… Continue Reading

Court Won’t Undo Dismissal of in re Facebook Privacy Litigation

Posted in Advertising & Marketing, Litigation, Online, Social Media, United States

Last week, Judge Ware of the Northern District of California denied a motion to amend his November 2011 dismissal, with prejudice, in In re Facebook Privacy Litigation, a case in which plaintiffs had argued that Facebook improperly transmitted users’ personal information, including User ID numbers or usernames, to third party advertisers. In his most recent… Continue Reading

No Federal Court Jurisdiction to Review FTC Enforcement of Google Buzz Consent Decree, Judge Rules

Posted in Federal Trade Commission, Privacy Policies, United States

An action brought by the Electronic Privacy Information Center (“EPIC”) asking that the FTC be compelled to enforce its Google Buzz consent order (previously described, here) was dismissed by Judge Amy Berman Jackson of the United States District Court for the District of Columbia, who held that “enforcement decisions are committed to agency discretion and… Continue Reading

Q&A Regarding Proposed Reforms to European Data Protection Framework

Posted in Data Security, European Union, International

As we have previously posted, on January 25, 2012, the European Commission proposed comprehensive measures to reform the European data protection framework.  Among other things, the proposal would impose restrictions on the processing of personal data relating to children; create a breach notification requirement in the EU; require organizations employing 250 or more persons to… Continue Reading

EU Court Rules that Forcing Social Networks to Monitor the Internet Infringes Right to Privacy

Posted in European Union

In a judgment laid down on 16 February 2012 in the Case 360/10 Sabam v. Netlog, the Court of Justice of the European Union (CJEU) ruled that EU national courts cannot issue injunctions forcing social networks to monitor their sites for illegal file-sharing because such injunctions would not strike a fair balance between the rights of intellectual… Continue Reading

White House Releases “Consumer Privacy Bill of Rights”

Posted in Department of Commerce, Federal Trade Commission, United States

The White House released a report today containing its “Consumer Privacy Bill of Rights,” referring to the new privacy framework as a “comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled.”  The report is entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting… Continue Reading

Court Dismisses Claims Against Pharmacy for Selling Customers’ Medical Information

Posted in Health Privacy, Litigation

Judge Mary McLaughlin of the Eastern District of Pennsylvania recently dismissed a class action complaint brought against CVS Pharmacy and CVS Caremark for selling information provided by prescription drug purchasers.  Notably, in its decision in Steinberg v. CVS Caremark Corp., the court found that information on a customer’s prescription drug and medical history “carries with… Continue Reading

Mobile Platforms Agree to Require Apps to Display Privacy Policies

Posted in Privacy Policies, United States

Yesterday California Attorney General Kamala D. Harris announced an agreement she forged among Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion to ensure that mobile device apps that collect personal information contain privacy policies.  The agreement is designed to ensure that mobile apps comply with the California Online Privacy Protection Act, which requires operators of commercial… Continue Reading

Minnesota AG Files First HIPAA Enforcement Action Against Business Associate

Posted in Health Privacy, Litigation, United States

Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law.  Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services,… Continue Reading

Senate Holds Hearing on Newly Introduced ‘Cybersecurity Act of 2012′

Posted in Congress, Cybersecurity

By David Fagan and Kristen Eichensehr Yesterday, the Senate Committee on Homeland Security and Governmental Affairs held a hearing on the “Cybersecurity Act of 2012.” Senator Joseph Lieberman (I-CT) introduced the bill, S. 2105, on Tuesday with co-sponsors Senators Susan Collins (R-ME), Dianne Feinstein (D-CA), and John D. Rockefeller, IV (D-WV). S. 2105 builds on… Continue Reading

Report Finds Advertising Companies Comply With Self-Regulatory Standards

Posted in Advertising & Marketing, Online, United States

The Network Advertising Initiative (“NAI”), a coalition of more than 80 online advertising companies committed to self-regulation, released a report this week finding that there is a high degree of compliance with the NAI’s Self-Regulatory Code of Conduct, which governs the use of consumer data for purposes of online behavioral advertising.   In particular, the report concludes that NAI’s… Continue Reading

FTC Report Calls For More Notice Involving Mobile Apps Directed To Kids, Warns Enforcement Could Come Over Next Six Months

Posted in Advertising & Marketing, Children's Privacy, Federal Trade Commission, Mobile, Online, Social Media, United States

The FTC staff released a report today calling for participants in the mobile app ecosystem — including app developers, app stores, and third parties who collect data through mobile apps – to provide better privacy notices to parents about mobile apps directed to children, and warning that over the next six months, staff will be conducting additional reviews… Continue Reading

New PCI Council Chairman Establishes Mobile Payments as Top Priority for 2012

Posted in Data Security, Financial Privacy, Mobile, United States

Newly-appointed chairman of the PCI Security Standards Council, Michael Mitchell, recently reiterated the importance of data security for mobile payments technology and the Council’s priority in studying and advising the industry on such technology.  Chairman Mitchell pointed out the sharp increase in mobile payments but also a lag in security technology protecting such payments.  “The adoption of… Continue Reading

FCC Adopts New Telemarketing Restrictions

Posted in Advertising & Marketing, Federal Communications Commission

Today, the Federal Communications Commission adopted new rules that strengthen its restrictions on autodialed or prerecorded telemarketing calls.  The FCC billed the new rules as an effort to maintain consistency with the Federal Trade Commission’s telemarketing sales rule, which also governs telemarketing calls, and to give consumers control over the calls that they receive. Under… Continue Reading

FTC Raises Fair Credit Reporting Act Concerns with Background Screening Application Marketers

Posted in Federal Trade Commission, Financial Privacy, Mobile, United States

On February 7, 2012, the Federal Trade Commission sent letters to six marketers of mobile applications that provide background screening services.  The applications, including “Police Records,” “Criminal Pages,” and “Locate Anyone,” provide criminal record histories that, if used for employment or other Fair Credit Reporting Act (FCRA)-related purposes, may subject the marketers to treatment as… Continue Reading

Korean Regulators to Investigate Google’s Privacy Policy Changes

Posted in Congress, International, Korea

The Korean Herald reports that the Korea’s Communications Commission (KCC) has opened an investigation into Google’s rollout of its new privacy policy in that country.  The investigation reportedly will focus on whether the company has received sufficient consent to the changes to Google’s existing policy and whether Google is collecting more data than is required… Continue Reading

ABA Urges U.S. Courts to Respect Foreign Data Protection Laws

Posted in International, Litigation, United States

Last week, the American Bar Association adopted a rule calling on U.S. courts to “consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign . . . with regard to data sought in discovery in civil litigation.”  In an extensive report accompanying the new rule, the ABA detailed the… Continue Reading