The Federal Trade Commission on Feb. 24 announced it had approved a new safe-harbor program for online services that are subject to the Children’s Online Privacy Protection Act (COPPA), a federal law that regulates the online collection of personal information from children under 13. Under COPPA and the FTC’s implementing rule, online services that comply … Continue Reading
Last week, Judge Ware of the Northern District of California denied a motion to amend his November 2011 dismissal, with prejudice, in In re Facebook Privacy Litigation, a case in which plaintiffs had argued that Facebook improperly transmitted users’ personal information, including User ID numbers or usernames, to third party advertisers. In his most recent … Continue Reading
An action brought by the Electronic Privacy Information Center (“EPIC”) asking that the FTC be compelled to enforce its Google Buzz consent order (previously described, here) was dismissed by Judge Amy Berman Jackson of the United States District Court for the District of Columbia, who held that “enforcement decisions are committed to agency discretion and … Continue Reading
As we have previously posted, on January 25, 2012, the European Commission proposed comprehensive measures to reform the European data protection framework. Among other things, the proposal would impose restrictions on the processing of personal data relating to children; create a breach notification requirement in the EU; require organizations employing 250 or more persons to … Continue Reading
In a judgment laid down on 16 February 2012 in the Case 360/10 Sabam v. Netlog, the Court of Justice of the European Union (CJEU) ruled that EU national courts cannot issue injunctions forcing social networks to monitor their sites for illegal file-sharing because such injunctions would not strike a fair balance between the rights of intellectual … Continue Reading
The White House released a report today containing its “Consumer Privacy Bill of Rights,” referring to the new privacy framework as a “comprehensive blueprint to protect individual privacy rights and give users more control over how their information is handled.” The report is entitled “Consumer Data Privacy in a Networked World: A Framework for Protecting … Continue Reading
Judge Mary McLaughlin of the Eastern District of Pennsylvania recently dismissed a class action complaint brought against CVS Pharmacy and CVS Caremark for selling information provided by prescription drug purchasers. Notably, in its decision in Steinberg v. CVS Caremark Corp., the court found that information on a customer’s prescription drug and medical history “carries with … Continue Reading
Yesterday California Attorney General Kamala D. Harris announced an agreement she forged among Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion to ensure that mobile device apps that collect personal information contain privacy policies. The agreement is designed to ensure that mobile apps comply with the California Online Privacy Protection Act, which requires operators of commercial … Continue Reading
Last month, the Minnesota Attorney General filed a lawsuit in federal court against Accretive Health, Inc. alleging that the company violated various provisions of HIPAA as well as Minnesota consumer privacy and protection law. Although HIPAA-covered entities have been the subject of enforcement actions by state AGs and the Department of Health and Human Services, … Continue Reading
By David Fagan Yesterday, the Senate Committee on Homeland Security and Governmental Affairs held a hearing on the “Cybersecurity Act of 2012.” Senator Joseph Lieberman (I-CT) introduced the bill, S. 2105, on Tuesday with co-sponsors Senators Susan Collins (R-ME), Dianne Feinstein (D-CA), and John D. Rockefeller, IV (D-WV). S. 2105 builds on prior cybersecurity bills … Continue Reading
The Network Advertising Initiative (“NAI”), a coalition of more than 80 online advertising companies committed to self-regulation, released a report this week finding that there is a high degree of compliance with the NAI’s Self-Regulatory Code of Conduct, which governs the use of consumer data for purposes of online behavioral advertising. In particular, the report concludes that NAI’s … Continue Reading
The FTC staff released a report today calling for participants in the mobile app ecosystem — including app developers, app stores, and third parties who collect data through mobile apps — to provide better privacy notices to parents about mobile apps directed to children, and warning that over the next six months, staff will be conducting additional reviews … Continue Reading
Newly-appointed chairman of the PCI Security Standards Council, Michael Mitchell, recently reiterated the importance of data security for mobile payments technology and the Council’s priority in studying and advising the industry on such technology. Chairman Mitchell pointed out the sharp increase in mobile payments but also a lag in security technology protecting such payments. “The adoption of … Continue Reading
Today, the Federal Communications Commission adopted new rules that strengthen its restrictions on autodialed or prerecorded telemarketing calls. The FCC billed the new rules as an effort to maintain consistency with the Federal Trade Commission’s telemarketing sales rule, which also governs telemarketing calls, and to give consumers control over the calls that they receive. Under … Continue Reading
On February 7, 2012, the Federal Trade Commission sent letters to six marketers of mobile applications that provide background screening services. The applications, including “Police Records,” “Criminal Pages,” and “Locate Anyone,” provide criminal record histories that, if used for employment or other Fair Credit Reporting Act (FCRA)-related purposes, may subject the marketers to treatment as … Continue Reading
The Korean Herald reports that the Korea’s Communications Commission (KCC) has opened an investigation into Google’s rollout of its new privacy policy in that country. The investigation reportedly will focus on whether the company has received sufficient consent to the changes to Google’s existing policy and whether Google is collecting more data than is required … Continue Reading
Last week, the American Bar Association adopted a rule calling on U.S. courts to “consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign . . . with regard to data sought in discovery in civil litigation.” In an extensive report accompanying the new rule, the ABA detailed the … Continue Reading
