Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: United States

Subscribe to United States RSS Feed

‘Video Rental Privacy Act’ Covers Magazines, Court Holds

Posted in Advertising & Marketing, State Legislatures

A federal court opinion released this week is a reminder that Michigan’s Video Rental Privacy Act (VRPA) may apply to far more than just videos. The Michigan VRPA restricts the disclosure of customers’ personal information by companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings,… Continue Reading

FTC Settlement Requires Fandango and Credit Karma to Establish Comprehensive Security Programs to Protect Consumers’ Sensitive Personal Information

Posted in Cybersecurity, Data Breaches, Data Security, Federal Trade Commission, Financial Privacy, Privacy Policies

The Federal Trade Commission (“FTC”) has approved final orders settling charges against Fandango and Credit Karma that the companies misrepresented the security of their mobile apps and failed to protect the transmission of consumers’ sensitive personal information.  The FTC specifically alleged that, although the companies made security promises to consumers that their information was adequately… Continue Reading

Court Grants in Part and Denies in Part Yahoo’s Motion to Dismiss ECPA Claims

Posted in Litigation, Privacy Policies, United States

On Tuesday, August 12, 2014, the Northern District of California’s Judge Lucy Koh issued an order granting in part and denying in part Yahoo’s motion to dismiss claims that it violated federal and California anti-wiretapping laws. The putative class action, In re Yahoo Mail Litig., alleges that Yahoo’s practice of intercepting, scanning, analyzing, collecting, and… Continue Reading

The FTC’s Agenda to Tackle Big Data and Discrimination

Posted in Advertising & Marketing, Emerging Technologies, Federal Trade Commission, Financial Institutions, Mobile, Online, United States

Last Friday, the FTC announced an agenda for its upcoming workshop, “Big Data: A Tool for Inclusion or Exclusion?” which will take place on Monday, Sept. 15, starting at 8:00 a.m.  As we’ve previously reported, the workshop will build on recent efforts by the FTC and other government agencies to understand how new technologies affect… Continue Reading

Federal Trade Commission Releases Report on Mobile Shopping Apps: Finds Insufficient Disclosures to Consumers

Posted in Data Security, Emerging Technologies, Federal Trade Commission, Financial Privacy, Privacy Policies, Technology Transactions

Today, the Federal Trade Commission (“FTC”) issued a staff report examining the consumer-protection implications of popular shopping apps.  These services are intended to ease and enhance the shopping experience by allowing consumers to, for example, compare prices in-store across retailers, collect and redeem deals, or pay for purchases while shopping in brick-and-mortar stores.  The FTC… Continue Reading

Federal Appellate Court to Consider FTC Data Security Authority

Posted in Data Security, Federal Trade Commission, United States

The U.S. Court of Appeals for the Third Circuit this week agreed to consider whether the Federal Trade Commission has the authority to regulate companies’ data security practices. On Tuesday, the Third Circuit granted Wyndham Hotel and Resorts’ petition for interlocutory review of Judge Esther Salas’s denial of a motion to dismiss a FTC lawsuit… Continue Reading

FTC Commissioner Argues for Balanced Approach to Unfairness Cases

Posted in Federal Trade Commission, United States

As the Federal Trade Commission takes an increasingly broad view of its authority to regulate privacy and consumer protection, one of the agency’s five commissioners is calling for a more cautious approach. In a speech today to TechFreedom and the International Center for Law and Economics in Washington, D.C., Commissioner Joshua D. Wright disagreed with… Continue Reading

New Version of USA Freedom Act Introduced

Posted in Congress, Uncategorized, United States

By David Fagan, Richard Hertling, and Kate Goodloe Senate Judiciary Chairman Patrick J. Leahy introduced a new version of the Uniting and Strengthening America by Fulfilling Rights and Ensuring Effective Discipline Over Monitoring Act of 2014 (the “USA FREEDOM Act” or “Act”) in the Senate on Tuesday, more than two months House of Representatives passed… Continue Reading

House of Representatives Passes Three Cybersecurity Bills

Posted in Congress, Cybersecurity, Uncategorized, United States

By David Fagan, Richard Hertling, and Sumon Dantiki On July 28, 2014, the U.S. House of Representatives (“House”) passed three cybersecurity bills, the National Cybersecurity and Critical Infrastructure Protection Act of 2014 (H.R. 3696) (“NCCIP Act”), the Critical Infrastructure Research and Development Advancement Act (H.R. 2952) (“CIRDA Act”), and the Homeland Security Cybersecurity Boots-on-the-Ground Act… Continue Reading

The Case for Not Overregulating Drones

Posted in Congress, United States

On the International Association of Privacy Professionals’ Privacy Perspectives blog, Covington privacy associate Jeff Kosseff shares his thoughts about the potential newsgathering uses of drones, and the dangers of overregulating them.

Executive Order on Drone Privacy

Posted in United States

By Gabriel Slater and Kurt Wimmer As reported in the press, President Obama plans to issue an Executive Order authorizing the Commerce Department’s National Telecommunications and Information Administration (“NTIA”) to coordinate the development of privacy guidelines for commercial drone operations. More specifically, we understand that NTIA would coordinate a “multi-stakeholder process” — a procedure used… Continue Reading

FTC Staff Updates COPPA FAQs on Verifiable Parental Consent Methods

Posted in Children's Privacy, Federal Trade Commission, Uncategorized, United States

The FTC staff has posted revisions to three Frequently Asked Questions (“FAQs”) related to obtaining verifiable parental consent under its COPPA Rule. For a comparison of the old and new FAQs, click here. Although the changes (which include a new FAQ H.16) may appear substantial, they mostly reaffirm the FTC’s longstanding position that the agency’s… Continue Reading

FTC Sues Amazon Over Allegedly Unauthorized In-App Purchases

Posted in Federal Trade Commission, Uncategorized

By: Nora Diamond The Federal Trade Commission (“FTC”) brought suit last week against Amazon.com for allegedly collecting unauthorized in-app charges in connection with children’s apps. The FTC alleges that, by failing to require the account holder to enter a password before allowing a charge, Amazon unfairly billed parents for millions of dollars in unauthorized purchases…. Continue Reading

Court Denies Company’s Request for Identity of Online Commenter

Posted in Litigation, United States

A New York state trial court last week rejected a publicly traded company’s request to obtain the identity of an individual who anonymously wrote negative comments about the company on an online financial bulletin board. In February 2014, an individual with the pseudonym “Pump Terminator” posted an article about Nanoviricides, Inc. on www.seekingalpha.com, a financial… Continue Reading

Florida Enacts Stringent Breach Notice Law

Posted in Data Breaches, Data Security, State Legislatures, United States

Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws.  This post summarizes the key aspects of the new law, which becomes effective July… Continue Reading

Wyndham Data Breach Ruling Cleared for Potential Appeal to Third Circuit

Posted in Federal Trade Commission, Litigation

U.S. District Court Judge Esther Salas ruled on Monday that the U.S. Court of Appeals for the Third Circuit can review her conclusion that Section 5 of the Federal Trade Commission Act provides the FTC with authority to bring actions arising from companies’ data security violations. In April of this year, Judge Salas denied Wyndham… Continue Reading

Eleventh Circuit: Warrant Required to Obtain Cell Site Location Information

Posted in Litigation, United States

The Eleventh Circuit ruled on June 11 that cell site location information—which can reveal the location of a cell phone user, based on his proximity to cell phone towers—is protected by the Fourth Amendment and can only be obtained with a warrant.  That ruling sets the stage for continued battles over Fourth Amendment protections for… Continue Reading

Senate Subcommittee Examines “Stalking Apps” Bill

Posted in Federal Trade Commission, Uncategorized

This week, the Senate Judiciary Subcommittee on Privacy, Technology and the Law held a hearing to discuss the Location Privacy Protection Act of 2014, a bill reintroduced in March by Senator Al Franken (D-MN).  Most concerned with the potential for misuse and abuse of location data for purposes of stalking and perpetrating domestic violence, Senator… Continue Reading

New Connecticut Law Adds Promotional SMS to State “Do Not Call” Registry Rules; Prohibits Promotional SMS to Numbers Not on State Registry Absent “Prior Express Written Consent”

Posted in Federal Communications Commission, State Legislatures

Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS).  Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of a telephone solicitor,” thereby prohibiting… Continue Reading

A Public Advocate for Privacy

Posted in Congress, United States

Since 1979, the United States Government has made at least 35,651 applications to the Foreign Intelligence Surveillance Court (FISC) for authority to conduct electronic surveillance and physical searches of individuals.[1]  Of those requests, only 12 have been denied; 532 requests have been formally modified.  According to one judge on the FISC, a substantially higher number… Continue Reading

FTC Data Broker Report Calls for More Transparency and Consumer Control

Posted in Federal Trade Commission, Uncategorized

The Federal Trade Commission (“FTC”) recently released a report on the data broker industry that summarizes the FTC’s findings from an investigation of nine data brokers.  The report, Data Brokers: A Call for Transparency and Accountability, recommends that Congress consider enacting legislation that promotes transparency and consumer access to information held by data brokers, and… Continue Reading

Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

Posted in Litigation, Mobile, United States

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile… Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

Posted in Privacy Policies, United States

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they… Continue Reading

FCC Obtains Record $7.5 Million Settlement With Sprint for Alleged Do-Not-Call Violations

Posted in Federal Communications Commission, Federal Trade Commission

Earlier this week, the FCC announced that mobile wireless company Sprint will pay $7.5 million to resolve allegations that the company failed to honor consumer requests to be placed on Sprint’s entity-specific Do-Not-Call list.  The settlement represents the largest of its kind between the FCC and a carrier. Through this settlement agreement, which follows a… Continue Reading