The Ninth Circuit reversed the district court’s approval of a class action settlement last Monday in Nachshin v. AOL, remanding the two-year old case back to the district court for a new round of settlement negotiation and approval. No. 10-55129 (9th Cir. Nov. 21, 2011). The class action was brought in 2009, alleging that the … Continue Reading
An amendment to a discussion tabled in the House of Lords relating to the Protection of Freedoms Bill 2010 – 2011 has called for the creation of a dedicated Privacy Commissioner. The proposed establishment of a single Privacy Commissioner seeks to correct the existing proliferation of UK commissioners with strictly circumscribed powers and create an … Continue Reading
On 24 November 2011, the EU Court of Justice decided that ISPs cannot be forced to filter Internet traffic to fight intellectual property violations. In 2007, the Brussels Court of First Instance obliged the ISP Scarlet to filter all internet traffic and to block traffic involving violations of intellectual property rights, in particular in … Continue Reading
by David Fagan and Alex Berengaut On November 10, 2011, Judge Liam O’Grady of the United States District Court for the Eastern District of Virginia issued a 60-page memorandum opinion in a dispute over the validity of a special court order issued to Twitter for non-content records for certain users connected to the government’s Wikileaks … Continue Reading
Judge Koh of the District Court for the Northern District of California recently granted LinkedIn’s motion to dismiss with leave to amend in Low v. LinkedIn. Covington represents LinkedIn in this case, in which Plaintiff alleges that he suffered injury by virtue of LinkedIn’s purported transmittal of a unique UserID to certain third parties as … Continue Reading
Government officials must seek a warrant to compel the disclosure of cell phone location data, a federal district court ruled, holding that a federal law allowing the government to obtain some information without a warrant violates the Fourth Amendment. In a one-page order upholding a magistrate judge’s decision, U.S. District Judge Lynn N. Hughes, of … Continue Reading
The group that develops technical standards and guidelines for the World Wide Web released a set of draft standards on Monday that are intended to allow consumers to limit and control how they are tracked online. The standards, developed by the World Wide Web Consortium (known as the “W3C”), would allow consumers to set a … Continue Reading
In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC. Weitzner emphasized that … Continue Reading
This past week, officials from the Asia-Pacific Economic Cooperative’s 21 member nations met in Honolulu to discuss a range of policy issues affecting the Asia-Pacific region. One development coming out of the meeting was the adoption by APEC of the Honolulu Declaration, which includes an endorsement of a self-regulatory, cross-border privacy program to promote what … Continue Reading
On October 26, 2011, the French Data Protection Authority, the CNIL, published guidance on the implementation of the new cookie rules arising from the amendments to the EU e-Privacy Directive 2002/58/EC (the “Directive”). The new cookie rules have been implemented into French national law via the ordinance of August 24, 2011, relating to electronic communications … Continue Reading
Online advertiser ScanScout has entered into a consent agreement with the Federal Trade Commission in connection with claims it made that consumers could opt out of receiving targeted ads by changing their computer’s web browser settings to block cookies. According to the FTC, these claims were deceptive with respect to the use of so-called “Flash … Continue Reading
Earlier this week, the industry self-regulatory program set up by online advertisers to deal with reported privacy problems released decisions in its first six compliance cases. The Online Internet-Based Advertising Accountability Program, which was established in August, determines whether reported businesses are complying with the self-regulatory principles for online behavioral advertising. The Better Business Bureau … Continue Reading
Yesterday, the Digital Advertising Alliance (DAA) announced the release of new “Self-Regulatory Principles for Multi-Site Data,” voluntary self-regulatory standards to govern the collection, use, and sharing of data concerning user activity across non-affiliated websites. The DAA, an umbrella organization for advertising trade groups, already maintains self-regulatory principles for online behavioral advertising (OBA). Notably, while the … Continue Reading
The Office of the National Coordinator for Health Information Technology (ONC) is proposing to conduct a nationwide survey regarding consumer attitudes toward the privacy and security aspects of electronic health records (EHR) and electronic health information exchange, according to a notice in last Thursday’s Federal Register. ONC’s plan is to use computer-assisted telephone interviews to … Continue Reading
Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies. The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and facilitate … Continue Reading
Government agencies maintain large quantities of information about individuals, covering everything from physical description to the person’s family life, property, political activity, employment history, criminal records, and health condition. In a light of a recent finding that reports of information-security incidents at federal agencies have increased more than 650 percent over the past five years, … Continue Reading
Sen. John Rockefeller (D-WV), chair of the Senate Commerce Committee, is still working to reach consensus on the data security bill that he and Sen. Mark Pryor (D-AR) introduced in June. A scheduled markup was canceled in September, and the committee decided not to consider the bill at yesterday’s executive session. Nonetheless, a spokesman for … Continue Reading
On Tuesday, the Payment Card Industry Security Standards Council announced that it was opening the formal feedback period for versions 2.0 of the Payment Card Industry Data Security Standard (“PCI-DSS”) and Payment Application Data Security Standard (“PA-DSS”), which were issued in October 2010 and will become effective exclusively when versions 1.2.1 are officially retired on December … Continue Reading
In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual. Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as certain … Continue Reading
On October 27, 2011, Senator John D. Rockefeller, chairman of the Senate Commerce, Science, and Transportation Committee, sent letters to Visa and Mastercard requesting information regarding the companies’ data collection and aggregation practices and proposals. An October 25, 2011, Wall Street Journal article outlined various initiatives from the two companies pertaining to online behavioral advertising. Senator … Continue Reading
Last week, the California Attorney General brought its first suit under California’s environmental marketing law, which restricts the labeling of plastic food or beverage containers as “biodegradable.” The Attorney General claims that a plastics company’s statements that its microbial additive results in the “first truly biodegradable and recyclable” plastic bottle and that the bottle will break down … Continue Reading
Recently, the Swedish Data Protection Authority (“DPA”) published a review of the use of cloud services, informed by the practices of three Swedish municipalities’ use of services from leading cloud providers. Based on the study, the DPA has published guidelines (currently only available in Swedish) that clarify the requirements of Swedish data protection law with … Continue Reading
