Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Privacy Policies

Subscribe to Privacy Policies RSS Feed

California AG Releases Online Tracking Disclosure Guidelines

Posted in Privacy Policies, United States

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they… Continue Reading

Ten Key Take-Aways From the White House Big Data Report

Posted in Health Privacy, Privacy Policies, United States

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a… Continue Reading

Covington at #SXSW: If “Big Data Is the New Oil” Then “Privacy Is the New Green”

Posted in Emerging Technologies, Privacy Policies

South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there to cover privacy and big data’s big buzz, a topic which dominated much of the conference.  Among the events that took place last Friday were “Big Data Inverted: The Best Candy from Strangers?” and “Privacy Under the Covers: The Naked Truth.”  The… Continue Reading

FTC Announces $32.5M Settlement with Apple, Inc., May Be Seen as Expanding its “Unfairness” Authority

Posted in Federal Trade Commission, Privacy Policies

The Federal Trade Commission (“FTC”) recently announced a settlement with Apple, Inc. over allegations that the company billed parents and other account holders for children’s in-app activities without obtaining the account holders’ express and informed consent. The FTC’s complaint alleged that Apple’s failure to obtain express and informed consent prior to each in-app purchase constituted… Continue Reading

Google Fined by the CNIL for Privacy Breaches as European Regulators Continue Investigation

Posted in European Union, Privacy Policies, Uncategorized

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of… Continue Reading

Berlin Court Condemns Google, Strikes Provisions in Privacy Policy and Terms

Posted in European Union, International, Privacy Policies

On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv).  The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy.  In Germany, consumer associations have a… Continue Reading

European Regulators and the Eternal Cookie Debate

Posted in Advertising & Marketing, European Union, International, Online, Privacy Policies, United Kingdom

By Dan Cooper, Mark Young and Maria-Martina Yalamova This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website… Continue Reading

DAA to Website Operators: Provide “Enhanced Notice” of OBA by January 1

Posted in Advertising & Marketing, Online, Privacy Policies, United States

Earlier this week, the organization that enforces the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising issued a “Compliance Warning” to website operators, advising them to provide “enhanced notice” on every web page where data is being collected or used for online behavioral advertising (“OBA”) by January 1, 2014.  The DAA defines OBA as… Continue Reading

Revised OECD Privacy Guidelines Strengthen Accountability Principle

Posted in European Union, International, Privacy Policies

The Organization for Economic Cooperation and Development (“OECD”) has revised its Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data. The revision has been triggered by changes in personal data usage as well as new approaches to privacy protection since the adoption of the first Guidelines back in 1980, which were the… Continue Reading

World Wide Web Consortium Tracking Protection Working Group Names Two New Chairs

Posted in Advertising & Marketing, Privacy Policies

The World Wide Web Consortium (“W3C”) Tracking Protection Working Group (“TPWG”) on Wednesday announced the addition of two new chairs to spearhead its efforts to craft an online tracking mechanism. The new chairs, Center for Democracy and Technology Director Justin Brookman, and Adobe Systems, Inc. Carl Cargill will be joining Intel Corp.’s Matthias Schunter in… Continue Reading

Digital Advertising Alliance Leaves Do Not Track Group

Posted in Advertising & Marketing, Privacy Policies

The Digital Advertising Alliance (“DAA”) on Tuesday announced that it will withdraw from the World Wide Web Consortium (“W3C”) tracking protection working group (“TPWG”), saying that the TPWG has “reached the end of its useful life.” In a letter to the TPWG (full text available here), DAA Managing Director Lou Mastria explained that: “After more… Continue Reading

Bill Adding Do-Not-Track Disclosures to CalOPPA Passes California Senate

Posted in Online, Privacy Policies, State Legislatures, United States

Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking.  The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored… Continue Reading

Article Reports on Practice of Tracking Merchandise Returns and Associated Privacy Issues

Posted in Federal Trade Commission, Privacy Policies, United States

Earlier this week, the Huffington Post’s Jennifer Kerr reported on the practice of tracking of merchandise returns by retailers.  According to the article, some retailers track merchandise returns to identify “chronic returners or gangs of thieves trying to make off with high-end products that are returned later for store credit.”  The article notes that many… Continue Reading

Korea Strengthens Protection for ‘Resident Registration Numbers’ (RRNs): Leaks May Face a Fine of up to 0.5 Billion Korean Won

Posted in International, Korea, Privacy Policies

On July 30, 2013, the Korean Ministry of Security and Public Administration (MOSPA) announced several amendments to the Personal Information Protection Act (PIPA) concerning collection and use of ‘Resident Registration Numbers’ (RRNs) – Korea’s national identification numbers. The PIPA is a general legal framework for personal information protection and is complemented by several sector-specific laws…. Continue Reading

Korea Strengthens Protection for ‘Resident Registration Numbers’ (RRNs): Leaks May Face a Fine of up to 0.5 Billion Korean Won

Posted in International, Korea, Privacy Policies

On July 30, 2013, the Korean Ministry of Security and Public Administration (MOSPA) announced several amendments to the Personal Information Protection Act (PIPA) concerning collection and use of ‘Resident Registration Numbers’ (RRNs) – Korea’s national identification numbers. The PIPA is a general legal framework for personal information protection and is complemented by several sector-specific laws…. Continue Reading

FTC Reminds Mobile App Developers To Comply With Revised Children’s Privacy Requirements By July 1

Posted in Children's Privacy, Federal Trade Commission, Mobile, Privacy Policies, United States

The Federal Trade Commission has sent letters to more than 90 different companies who develop mobile apps that the FTC claims may be directed to children.  The letters emphasize that the FTC has not evaluated the apps or the companies’ practices to determine if they comply with the current or revised COPPA Rule.  Instead, the letters remind these… Continue Reading

Delta succeeds in dismissing California AG’s first CalOPPA case

Posted in Federal Trade Commission, Mobile, Privacy Policies, Social Media, State Legislatures, United States

California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.

Harris alleged that Delta Airlines violated the California Online Privacy Protection Act (“CalOPPA”) by failing to include a privacy policy on its mobile app- The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004.

On Thursday, the district court granted Delta’s motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state’s claims. The ADA provides that “a State….may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier.” Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is “related to price, route or service of an air carrier” and thus agreed with Delta’s argument that the California AG’s claim is pre-empted.

DOT shifts consumer protection focus to privacy

Posted in Privacy Policies, United States

The DOT announced today that the fourth in a series of public meetings of the Advisory Committee on Aviation Consumer Protection will focus on privacy issues. This DOT Committee has been working on various rulemaking and enforcement initiatives affecting consumer protection in air travel, but this will be the first time that privacy practices and use of data have been made the central topic of a Committee meeting. The DOT supervises airlines privacy practices because airlines are subject to sector-specific oversight (the FTC Act provides that air carriers are among the businesses excepted from the FTC’s authority to regulate unfair or deceptive business practices).

BYOD’s Rapid Growth Presents New Legal Challenges

Posted in Data Security, Emerging Technologies, Mobile, Privacy Policies, United States

Companies are increasingly allowing employees to access work email and apps on their personal devices, according to a new Gartner survey of chief information officers.  But employers confront many tough policy and legal questions when they adopt Bring Your Own Device (“BYOD”) programs. Thirty-eight percent of the CIOs said that their organizations will stop providing… Continue Reading

5 Privacy and Data Security Measures That Can Protect Your Company Against Trade Secret Theft

Posted in Data Security, Mobile, Privacy Policies, Social Media, United States

At a recent forum in New York, a team of Covington lawyers addressed the growing concern among companies that their most valuable assets could leave the building on a thumb drive in an employee’s pocket or be disclosed through an employee’s use of a social media site.  Addressing this threat involves many disciplines beyond trade… Continue Reading

Proposed California “Right to Know” Act Would Require Broad Disclosures To CA Residents

Posted in Privacy Policies, State Legislatures, United States

A bill titled the “Right to Know Act of 2013” (AB 1291), which was first introduced by Assembly Member Bonnie Lowenthal this past February, continues to gather momentum in the California legislature.  The Right to Know Act would repeal and re-write Cal. Civ. Code § 1798.83 (often referred to as the California Shine the Light law)… Continue Reading

FTC Annual Report Reveals Identity Theft — Not Privacy — Is Top Consumer Complaint

Posted in Advertising & Marketing, Federal Trade Commission, Privacy Policies, Social Media, United States

Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total.  The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau.  After identity theft, consumers filed the… Continue Reading

FTC Releases Mobile App Privacy Guidelines

Posted in Federal Trade Commission, Mobile, Privacy Policies, United States

As state and federal regulators increasingly focus on mobile apps, the Federal Trade Commission today released detailed recommendations for mobile privacy. In a 29-page staff report, the FTC suggests how mobile app platforms and developers should notify consumers of their privacy practices.  Although the guidelines are not binding law, they offer best practices that could… Continue Reading