Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

FTC Hosts Cross-Device Tracking Workshop

Posted in Advertising & Marketing, Federal Trade Commission

The FTC’s cross-device tracking workshop on Monday focused on the benefits and challenges of cross-device tracking.  FTC Chairwoman Edith Ramirez emphasized that regardless of the specific technology employed, companies should continue working to address issues of transparency, notice, and choice in this area.  She also highlighted the self-regulatory efforts of the advertising industry on cross-device… Continue Reading

Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers

Posted in Federal Trade Commission

On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s… Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Posted in Litigation

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online… Continue Reading

FCC Says It Will Not Require Websites to Honor ‘Do Not Track’

Posted in Federal Communications Commission, United States

Last Friday, the Federal Communications Commission (“FCC”) rejected a petition from consumer advocates asking the FCC to extend its Open Internet Order by requiring edge providers such as Facebook and Amazon to follow the privacy regulations of Section 222 and to require those edge providers to honor “Do Not Track” requests from consumers.  The FCC… Continue Reading

A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions

Posted in Congress, Cybersecurity

As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754).  If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities.  CISA must now be reconciled with two similar… Continue Reading

Cox Communications to Pay $595,000 in Data Breach Settlement

Posted in Data Breaches, Data Security, Federal Communications Commission, United States

By Hannah Lepow Yesterday the FCC announced that it has entered into a $595,000 settlement agreement with Cox Communications to resolve an investigation into whether the company failed to protect its customers’ personal information when it suffered a data breach in 2014.  This is the first privacy  and data security enforcement action the FCC Enforcement… Continue Reading

FTC Announces Final Agenda for Cross-Device Tracking Workshop

Posted in Advertising & Marketing, Federal Trade Commission

The FTC has announced the final agenda for its November 16 cross-device tracking workshop.  According to today’s press release, the workshop “will examine the practice of collecting data through these devices and the potential wide-ranging effects on consumer privacy.” Opening remarks will be provided by FTC Chairwoman Edith Ramirez, followed by a presentation from Justin… Continue Reading

California AG Issues Guidance for Consumers on Managing Mobile Location Privacy

Posted in Mobile, United States

By Hannah Lepow Yesterday California Attorney General Kamala D. Harris released guidance on how smartphone and tablet users can manage GPS and other location tracking functions on their mobile devices. The brief information sheet, designed for consumers, details how Android and iOS users can control different types of location information on their devices, including location… Continue Reading

Senate Passes Cybersecurity Information Sharing Legislation

Posted in Congress, Cybersecurity

The U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754) today.  In material part, the bill: establishes a voluntary framework for real-time information sharing of “cyber threat indicators” and “defensive measures” between private organizations (defined to also include state and local governments) and the federal government; with respect to information sharing among private… Continue Reading

Third Circuit: TCPA Suit By Roommate Who Answered Prerecorded Call Can Proceed

Posted in Litigation, United States

A man who alleges he received an unauthorized prerecorded call on the landline he shared with his roommate has standing to proceed with his lawsuit under the Telephone Consumer Protection Act (“TCPA”), the U.S. Court of Appeals for the Third Circuit ruled. Mark Leyse’s lawsuit against Bank of America alleges that a telemarketer advertising Bank… Continue Reading

House Passes Bill Expanding Privacy Rights of EU Citizens in Wake of Schrems Ruling

Posted in Congress, European Union, International, United States

By Hannah Lepow On October 20, the U.S. House of Representatives passed a bill that would expand the privacy rights of citizens of the European Union in the United States. The bill, known as the Judicial Redress Act of 2015, would allow EU citizens and citizens of other allied nations limited rights to file suit… Continue Reading

FTC to Hold Workshop on Cross-Device Tracking

Posted in Advertising & Marketing, Federal Trade Commission

The Federal Trade Commission will hold a workshop on November 16 to address cross-device tracking.  The FTC’s announcement highlights two forms of cross-device tracking: “deterministic” tracking, which requires that a user log in to the same service across multiple devices, and “probabilistic” tracking, which collects data about users to create a digital fingerprint that links a… Continue Reading

Article 29 WP On the Schrems Ruling (Safe Harbor) − Latest Developments and Next Steps

Posted in European Union, United States

The Article 29 Data Protection Working Party (“Article 29 WP”), an EU advisory body on data protection composed of representatives of the national data protection authorities (“DPAs”), the European Data Protection Supervisor and the European Commission, met in plenary on Thursday, October 15, to discuss the first consequences of the judgment of the Court of… Continue Reading

FTC Releases Agenda for November 5th “Start with Security” Conference

Posted in Cybersecurity, Data Security, Federal Trade Commission, United States

By Megan L. Rodgers The FTC has announced its agenda and panelists for its conference on data security, which will be held on November 5th, 2015, at the University of Texas, in Austin. This is the second in a series of conferences aimed at helping small- to medium-sized businesses protect consumers’ information.  The first conference… Continue Reading

Free Cartoon Network App User Not a “Subscriber” Under VPPA, Rules Eleventh Circuit

Posted in Litigation, United States

On October 9, the Eleventh Circuit affirmed in Ellis v. Cartoon Network, Inc. that a person who downloads and uses a free mobile application to view freely available content is not, without more, a “subscriber” under the Video Privacy Protection Act (“VPPA”). Cartoon Network offers a free mobile app that people can download to watch… Continue Reading

HHS Launches Portal Seeking Questions from Mobile Health Application Developers

Posted in Department of Health and Human Services, Health Privacy, Mobile Online, Uncategorized

A new post on Covington’s Inside Medical Devices blog discusses a new portal recently launched by HHS seeking questions from mobile health application developers.  The platform allows for individuals to both submit and review questions on the HIPAA implications of these mobile health applications.  To read the post, click here.

California Requires a Warrant To Search Electronic Communications

Posted in State Legislatures, United States

On Thursday, October 8, California Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (“CalECPA”), which requires law enforcement officials in California to obtain a warrant to access digital records, including emails and text messages. The new law was supported by privacy rights advocates and technology companies, many of which are pushing… Continue Reading

Three-Bill Package Makes Revisions to California’s Data-Breach Notification Statute

Posted in Data Breaches, Data Security, State Legislatures, United States

By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law a trio of bills that is intended to clarify key elements of the state’s data-breach notification statute and provide guidance to persons, businesses, and state and local agencies that deal with electronically stored personal information.  The bills, which were passed together… Continue Reading

New California Law Regulates Voice Recognition Technology in Smart TVs

Posted in Advertising & Marketing, State Legislatures, United States

By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law Assembly Bill 1116 (A.B. 1116), which regulates the manner in which smart TVs must notify users of voice-recognition technology and may use recorded voice commands.  The bill, which was passed unanimously by both houses of the California legislature earlier this year,… Continue Reading

Company Agrees to Establish Chief Privacy Officer to Settle Cal. AG’s Call-Recording Allegations

Posted in United States

By Ethan Forrest For the first time, California Attorney General Kamala Harris has announced a privacy breach settlement that requires the defendant company to create a “chief privacy officer” position to oversee compliance with privacy laws. The company in question is Houzz Inc., a popular online platform for home design and décor.  Attorney General Harris… Continue Reading

EU-U.S. Safe Harbor: Judgment in the Schrems Case Scheduled For October 6

Posted in European Union, United States

The Court of Justice of the European Union (“CJEU”) in Luxembourg will render its judgment in the Schrems case (C-362/14 Maximilian Schrems v Data Protection Commissioner) on October 6, at 9:30 am CET (see here). For details on the case and its potential implications for the U.S.-EU Safe Harbor, see our earlier blog post (here)… Continue Reading

Advocate General Considers EU-U.S. Safe Harbor to be Invalid

Posted in European Union, United States

By Jetty Tielemans, Mark Young and Joseph Jones This morning (September 23, 2015), EU Advocate General (“AG”) Bot issued an Opinion in Case C-362/14 Maximilian Schrems v Data Protection Commissioner (see our earlier post on the hearing here).  The AG Opinion has gone further than expected, covering not just the power of national data protection… Continue Reading

Start With Security: Key Takeaways from the FTC’s Data Security Conference

Posted in Data Security, Emerging Technologies, Federal Trade Commission

By Lindsey Tonsager and Megan Rodgers The FTC held its “Start with Security” conference in San Francisco, California, last week, launching an initiative to provide companies with practical resources for implementing effective data security strategies. The event was targeted at tech start-ups and small- and medium-sized businesses, but the panelists included representatives from companies with… Continue Reading

Following TCPA Omnibus Order, Court Reaffirms Prior Ruling in Dismissing TCPA Text Message Lawsuit Against AOL

Posted in Litigation

In one of the first decisions evaluating Telephone Consumer Protection Act (TCPA) claims under the FCC’s recent omnibus TCPA order, the Northern District of California dismissed a putative class action lawsuit alleging that AOL violated the TCPA when users of its Instant Messenger service (AIM) sent text messages to incorrect recipients.  After the court dismissed… Continue Reading