Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Privacy Policies

Subscribe to Privacy Policies RSS Feed

Covington Selected to Lead Panel at #SXSW 2015

Posted in Privacy Policies

Covington has been selected to host a panel and privacy-by-design bootcamp at the 2015 South by Southwest (“SXSW”) Interactive Festival, which will take place next March 13-17.  The panel will be led by Covington associates Libbie Canter and Meena Harris, both members of the firm’s Privacy and Data-Security practice group.  With more than 4,500 entries… Continue Reading

CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions

Posted in Financial Institutions, Financial Privacy, Privacy Policies

By Ani Gevorkian On Monday, the Consumer Financial Protection Bureau (CFPB) finalized a rule that promotes more effective privacy disclosures and saves the financial services industry around $17 million dollars.  The new rule permits financial institutions that restrict data-sharing to post their annual privacy notices online rather than delivering them to customers individually.  The rule will… Continue Reading

Global App Review Finds 85% of Apps Have Privacy Shortcomings

Posted in European Union, Privacy Policies

By Monika Kuschewsky and Katherine Gasztonyi In May 2014, the Global Privacy Enforcement Network (“GPEN”) performed its second Global Privacy Sweep, in which 26 privacy enforcement authorities from 19 countries downloaded 1,211 mobile apps and assessed their privacy practices. On September 10, 2014, the Office of the Privacy Commissioner of Canada (“OPC”) published the results of the… Continue Reading

Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

Posted in Litigation, Privacy Policies, United States

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale. Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of… Continue Reading

FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission, Financial Privacy, Privacy Policies

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information.  The FTC specifically alleged that, although the companies made security promises to consumers that their information was adequately… Continue Reading

Court Grants in Part and Denies in Part Yahoo’s Motion to Dismiss ECPA Claims

Posted in Litigation, Privacy Policies, United States

On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws. The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and… Continue Reading

Federal Trade Commission Releases Report on Mobile Shopping Apps: Finds Insufficient Disclosures to Consumers

Posted in Data Security, Emerging Technologies, Federal Trade Commission, Financial Privacy, Privacy Policies, Technology Transactions

Today, the Federal Trade Commission (“FTC”) issued a staff report examining the consumer-protection implications of popular shopping apps.  These services are intended to ease and enhance the shopping experience by allowing consumers to, for example, compare prices in-store across retailers, collect and redeem deals, or pay for purchases while shopping in brick-and-mortar stores.  The FTC… Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

Posted in Privacy Policies, United States

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they… Continue Reading

Ten Key Take-Aways From the White House Big Data Report

Posted in Health Privacy, Privacy Policies, United States

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a… Continue Reading

Covington at #SXSW: If “Big Data Is the New Oil” Then “Privacy Is the New Green”

Posted in Emerging Technologies, Privacy Policies

South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there to cover privacy and big data’s big buzz, a topic which dominated much of the conference.  Among the events that took place last Friday were “Big Data Inverted: The Best Candy from Strangers?” and “Privacy Under the Covers: The Naked Truth.”  The… Continue Reading

FTC Announces $32.5M Settlement with Apple, Inc., May Be Seen as Expanding its “Unfairness” Authority

Posted in Federal Trade Commission, Privacy Policies

The Federal Trade Commission (“FTC”) recently announced a settlement with Apple, Inc. over allegations that the company billed parents and other account holders for children’s in-app activities without obtaining the account holders’ express and informed consent. The FTC’s complaint alleged that Apple’s failure to obtain express and informed consent prior to each in-app purchase constituted… Continue Reading

Google Fined by the CNIL for Privacy Breaches as European Regulators Continue Investigation

Posted in European Union, Privacy Policies, Uncategorized

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of… Continue Reading

Berlin Court Condemns Google, Strikes Provisions in Privacy Policy and Terms

Posted in European Union, International, Privacy Policies

On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv).  The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy.  In Germany, consumer associations have a… Continue Reading

European Regulators and the Eternal Cookie Debate

Posted in Advertising & Marketing, European Union, International, Online, Privacy Policies, United Kingdom

By Dan Cooper, Mark Young and Maria-Martina Yalamova This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website… Continue Reading

DAA to Website Operators: Provide “Enhanced Notice” of OBA by January 1

Posted in Advertising & Marketing, Online, Privacy Policies, United States

Earlier this week, the organization that enforces the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising issued a “Compliance Warning” to website operators, advising them to provide “enhanced notice” on every web page where data is being collected or used for online behavioral advertising (“OBA”) by January 1, 2014.  The DAA defines OBA as… Continue Reading

Revised OECD Privacy Guidelines Strengthen Accountability Principle

Posted in European Union, International, Privacy Policies

The Organization for Economic Cooperation and Development (“OECD”) has revised its Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data. The revision has been triggered by changes in personal data usage as well as new approaches to privacy protection since the adoption of the first Guidelines back in 1980, which were the… Continue Reading

World Wide Web Consortium Tracking Protection Working Group Names Two New Chairs

Posted in Advertising & Marketing, Privacy Policies

The World Wide Web Consortium (“W3C”) Tracking Protection Working Group (“TPWG”) on Wednesday announced the addition of two new chairs to spearhead its efforts to craft an online tracking mechanism. The new chairs, Center for Democracy and Technology Director Justin Brookman, and Adobe Systems, Inc. Carl Cargill will be joining Intel Corp.’s Matthias Schunter in… Continue Reading

Digital Advertising Alliance Leaves Do Not Track Group

Posted in Advertising & Marketing, Privacy Policies

The Digital Advertising Alliance (“DAA”) on Tuesday announced that it will withdraw from the World Wide Web Consortium (“W3C”) tracking protection working group (“TPWG”), saying that the TPWG has “reached the end of its useful life.” In a letter to the TPWG (full text available here), DAA Managing Director Lou Mastria explained that: “After more… Continue Reading

Bill Adding Do-Not-Track Disclosures to CalOPPA Passes California Senate

Posted in Online, Privacy Policies, State Legislatures, United States

Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking.  The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored… Continue Reading

Article Reports on Practice of Tracking Merchandise Returns and Associated Privacy Issues

Posted in Federal Trade Commission, Privacy Policies, United States

Earlier this week, the Huffington Post’s Jennifer Kerr reported on the practice of tracking of merchandise returns by retailers.  According to the article, some retailers track merchandise returns to identify “chronic returners or gangs of thieves trying to make off with high-end products that are returned later for store credit.”  The article notes that many… Continue Reading

Korea Strengthens Protection for ‘Resident Registration Numbers’ (RRNs): Leaks May Face a Fine of up to 0.5 Billion Korean Won

Posted in International, Korea, Privacy Policies

On July 30, 2013, the Korean Ministry of Security and Public Administration (MOSPA) announced several amendments to the Personal Information Protection Act (PIPA) concerning collection and use of ‘Resident Registration Numbers’ (RRNs) – Korea’s national identification numbers. The PIPA is a general legal framework for personal information protection and is complemented by several sector-specific laws…. Continue Reading

Korea Strengthens Protection for ‘Resident Registration Numbers’ (RRNs): Leaks May Face a Fine of up to 0.5 Billion Korean Won

Posted in International, Korea, Privacy Policies

On July 30, 2013, the Korean Ministry of Security and Public Administration (MOSPA) announced several amendments to the Personal Information Protection Act (PIPA) concerning collection and use of ‘Resident Registration Numbers’ (RRNs) – Korea’s national identification numbers. The PIPA is a general legal framework for personal information protection and is complemented by several sector-specific laws…. Continue Reading

FTC Reminds Mobile App Developers To Comply With Revised Children’s Privacy Requirements By July 1

Posted in Children's Privacy, Federal Trade Commission, Mobile, Privacy Policies, United States

The Federal Trade Commission has sent letters to more than 90 different companies who develop mobile apps that the FTC claims may be directed to children.  The letters emphasize that the FTC has not evaluated the apps or the companies’ practices to determine if they comply with the current or revised COPPA Rule.  Instead, the letters remind these… Continue Reading