Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Privacy Policies

Subscribe to Privacy Policies RSS Feed

Multistakeholder Group Seeks Comment on Draft Framework for IoT Device Manufactures

Posted in Advertising & Marketing, Data Security, Emerging Technologies, Mobile Online, Privacy Policies

Earlier this week, the Online Trust Alliance released a draft framework of best practices for Internet of Things device manufacturers and developers, such as connected home devices and wearable fitness and health technologies.  The OTA is seeking comments on its draft framework by September 14. The framework acknowledges that not all requirements may be applicable… Continue Reading

White House Privacy Bill: A Deeper Dive

Posted in Advertising & Marketing, Congress, Mobile, Online, Privacy Policies, United States

As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and… Continue Reading

China’s Internet Gatekeeper Announces Legislation to Enhance Personal Information Protection

Posted in China, Privacy Policies, Uncategorized

China’s principal internet regulator, the Cyberspace Administration of China (“CAC”), announced this week that China will move forward new legislation to combat the improper collection, use, and sale of personal information. The new legislation, announced during an interview of a senior CAC official by state-owned Xinhua News, is reportedly being drafted by CAC, the Ministry… Continue Reading

China Clarifies Requirements for Companies Regarding Consumers’ Personal Information

Posted in China, Privacy Policies, Technology Transactions

New consumer protection provisions that clarify how companies may collect, use, and protect personal information of consumers will come into effect in China on March 15, 2015. On January 5, 2015, China’s State Administration of Industry and Commerce (“SAIC”) issued measures to implement China’s Consumer Rights Protection Law (“CRPL”), which was amended effective March 2014… Continue Reading

Carnegie Mellon Grades Privacy of Android Apps

Posted in Privacy Policies

Researchers at Carnegie Mellon University have designed a website that doles out grades to Android apps based on their privacy practices. The website, privacygrade.org, assigns grades based on a model that measures the gap between people’s expectations of an app’s behavior and how the app actually behaves. The grades range from A+, representing no privacy… Continue Reading

Recent Ninth Circuit Decisions Address Whether Consumers Must Explicitly Agree to User Terms

Posted in Litigation, Privacy Policies, United States

The Ninth Circuit recently issued two opinions addressing whether companies should require customers to explicitly agree to key provisions of user terms and other policies. On Monday, a unanimous three-judge panel issued an opinion in Knutson v. Sirius XM Radio.  In this case, the plaintiff purchased a Toyota that included a trial subscription to Sirius. … Continue Reading

Covington Selected to Lead Panel at #SXSW 2015

Posted in Privacy Policies

Covington has been selected to host a panel and privacy-by-design bootcamp at the 2015 South by Southwest (“SXSW”) Interactive Festival, which will take place next March 13-17.  The panel will be led by Covington associates Libbie Canter and Meena Harris, both members of the firm’s Privacy and Data-Security practice group.  With more than 4,500 entries… Continue Reading

CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions

Posted in Financial Institutions, Financial Privacy, Privacy Policies

By Ani Gevorkian On Monday, the Consumer Financial Protection Bureau (CFPB) finalized a rule that promotes more effective privacy disclosures and saves the financial services industry around $17 million dollars.  The new rule permits financial institutions that restrict data-sharing to post their annual privacy notices online rather than delivering them to customers individually.  The rule will… Continue Reading

Global App Review Finds 85% of Apps Have Privacy Shortcomings

Posted in European Union, Privacy Policies

By Monika Kuschewsky and Katherine Gasztonyi In May 2014, the Global Privacy Enforcement Network (“GPEN”) performed its second Global Privacy Sweep, in which 26 privacy enforcement authorities from 19 countries downloaded 1,211 mobile apps and assessed their privacy practices. On September 10, 2014, the Office of the Privacy Commissioner of Canada (“OPC”) published the results of the… Continue Reading

Forever 21 Faces Point-of-Sale Data Collection Class Action Lawsuit

Posted in Litigation, Privacy Policies, United States

Fast fashion retailer Forever 21 Retail Inc. faces a putative class action lawsuit alleging that the retailer violated California law by requesting and recording shoppers’ credit card numbers and personal identification information at the point-of-sale. Forever 21 shopper Tamar Estanboulian filed the lawsuit on September 7 in U.S. District Court for the Central District of… Continue Reading

FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission, Financial Privacy, Privacy Policies

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information.  The FTC specifically alleged that, although the companies made security promises to consumers that their information was adequately… Continue Reading

Court Grants in Part and Denies in Part Yahoo’s Motion to Dismiss ECPA Claims

Posted in Litigation, Privacy Policies, United States

On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws. The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and… Continue Reading

Federal Trade Commission Releases Report on Mobile Shopping Apps: Finds Insufficient Disclosures to Consumers

Posted in Data Security, Emerging Technologies, Federal Trade Commission, Financial Privacy, Privacy Policies, Technology Transactions

Today, the Federal Trade Commission (“FTC”) issued a staff report examining the consumer-protection implications of popular shopping apps.  These services are intended to ease and enhance the shopping experience by allowing consumers to, for example, compare prices in-store across retailers, collect and redeem deals, or pay for purchases while shopping in brick-and-mortar stores.  The FTC… Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

Posted in Privacy Policies, United States

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they… Continue Reading

Ten Key Take-Aways From the White House Big Data Report

Posted in Health Privacy, Privacy Policies, United States

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a… Continue Reading

Covington at #SXSW: If “Big Data Is the New Oil” Then “Privacy Is the New Green”

Posted in Emerging Technologies, Privacy Policies

South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there to cover privacy and big data’s big buzz, a topic which dominated much of the conference.  Among the events that took place last Friday were “Big Data Inverted: The Best Candy from Strangers?” and “Privacy Under the Covers: The Naked Truth.”  The… Continue Reading

FTC Announces $32.5M Settlement with Apple, Inc., May Be Seen as Expanding its “Unfairness” Authority

Posted in Federal Trade Commission, Privacy Policies

The Federal Trade Commission (“FTC”) recently announced a settlement with Apple, Inc. over allegations that the company billed parents and other account holders for children’s in-app activities without obtaining the account holders’ express and informed consent. The FTC’s complaint alleged that Apple’s failure to obtain express and informed consent prior to each in-app purchase constituted… Continue Reading

Google Fined by the CNIL for Privacy Breaches as European Regulators Continue Investigation

Posted in European Union, Privacy Policies, Uncategorized

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period of… Continue Reading

Berlin Court Condemns Google, Strikes Provisions in Privacy Policy and Terms

Posted in European Union, International, Privacy Policies

On Tuesday, 19 November, the Regional Court of Berlin ruled against Google in a case brought by the Federation of German Consumer Associations (vzbv).  The vzbv had initiated an action for injunction against Google, requesting it to stop using certain clauses in its Terms of Use and Privacy Policy.  In Germany, consumer associations have a… Continue Reading

European Regulators and the Eternal Cookie Debate

Posted in Advertising & Marketing, European Union, International, Online, Privacy Policies, United Kingdom

By Dan Cooper, Mark Young and Maria-Martina Yalamova This week, the Article 29 Working Party (the “WP29”) released an opinion paper on what constitutes “consent” for purposes of complying with the EU’s “cookie” rules — rules that were revised to include a consent requirement nearly four years ago.  The paper will be relevant to website… Continue Reading

DAA to Website Operators: Provide “Enhanced Notice” of OBA by January 1

Posted in Advertising & Marketing, Online, Privacy Policies, United States

Earlier this week, the organization that enforces the Digital Advertising Alliance’s Self-Regulatory Principles for Online Behavioral Advertising issued a “Compliance Warning” to website operators, advising them to provide “enhanced notice” on every web page where data is being collected or used for online behavioral advertising (“OBA”) by January 1, 2014.  The DAA defines OBA as… Continue Reading

Revised OECD Privacy Guidelines Strengthen Accountability Principle

Posted in European Union, International, Privacy Policies

The Organization for Economic Cooperation and Development (“OECD”) has revised its Guidelines governing the Protection of Privacy and Transborder Flows of Personal Data. The revision has been triggered by changes in personal data usage as well as new approaches to privacy protection since the adoption of the first Guidelines back in 1980, which were the… Continue Reading

World Wide Web Consortium Tracking Protection Working Group Names Two New Chairs

Posted in Advertising & Marketing, Privacy Policies

The World Wide Web Consortium (“W3C”) Tracking Protection Working Group (“TPWG”) on Wednesday announced the addition of two new chairs to spearhead its efforts to craft an online tracking mechanism. The new chairs, Center for Democracy and Technology Director Justin Brookman, and Adobe Systems, Inc. Carl Cargill will be joining Intel Corp.’s Matthias Schunter in… Continue Reading