July 2012

As states are initiating docket proceedings related to smart meter privacy and passing privacy protection legislation to regulate utility providers utilizing smart meters, it is interesting to note how one utility provider has taken steps towards protecting consumer privacy. 

San Diego Gas & Electric (SDG&E) is a utility provider based in southern California.  California has been one of the most active states in the country in proactively regulating the protection of smart grid consumer data.  So SDG&E has sought to address the regulatory and consumer concerns by adopting Privacy by Design with respect to its smart meter programs.

This blog has previously covered the FTC’s adoption of Privacy by Design as a central component of its recent privacy report.  The premise underlying Privacy by Design is that companies will better protect consumer data privacy if they fully incorporate safeguards and a culture of respecting privacy into the early stages of operations, rather than simply responding to legislation and regulations.Continue Reading Privacy by Design for smart meters

Last week, a group of eight House members sent letters to nine “major data brokerage companies,” seeking detailed information about “the business of data brokerage,” which the Congressmen described as “the collecting, assembling, maintaining and selling to third-parties of consumers’ personal information.”  The letter appears to have been
Continue Reading Congressmen Seek Information from Leading “Data Brokers”

According to a recent study released by the Future of Privacy Forum (FPF), the number of mobile apps with privacy policies has grown rapidly since September 2011. The study examined the top 25 free and 25 paid apps in the Apple iOS, Google Play, and Kindle Fire app stores, for a total of 150 apps. 

Of the

Continue Reading Study Finds Top Mobile Apps More Transparent About Privacy Practices

The European Data Protection Supervisor (“EDPS”) has issued an opinion on Europe’s strategy for protecting children on the Internet.  The European Commission consults with the EDPS on a variety of data protection issues.  However, the opinions of the EDPS are not legally binding. 

Among other things, the EDPS expressed support for: 

  • The implementation of technical tools, such as age-appropriate default privacy settings, to enhance the privacy of children online.     
  • Clear notice about the impact a change to a default setting would have on a child’s privacy and the potential harm it may cause. In particular, the EDPS suggested that in some circumstances a child might not be permitted to change the default settings, or might change the defaults only with parental consent, stating that the “extent to which a child may change the default privacy settings should also be linked to the age and level of maturity of the child.  It should be explored to what extent, and within which age group, parental consent would be required to validate a change of privacy settings.” 
  • A requirement that service providers inform children about the level of sensitivity of each piece of information they provide when creating an online profile and about the potential risks or harms they may encounter when such information is disclosed to a defined group of people or to the public. 
  • A restriction on industry’s ability to create online behavioral advertising segments that target children.
  • A legal mandate for industry to deploy an EU-wide reporting tool for content that is harmful to children.

Continue Reading European Data Protection Supervisor Issues Opinion on Children’s Privacy

In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010.  This follows the ICO re-opening its probe into

Continue Reading Google Contacts ICO Stating That It Still Holds Some Street View Payload Data

Yesterday, the Senate voted to move forward with a floor debate of the Cybersecurity Act of 2012 (“CSA2012”) (S. 3414), and the White House formally endorsed CSA2012, saying it will strengthen efforts to secure American networks against cyberattacks.  As a result of yesterday’s procedural vote, the Senate is likely

Continue Reading Senate Scheduled To Consider Cybersecurity Legislation

Adding to a growing body of decisions considering federal preemption of the California Invasion of Privacy Act (“CIPA”), Judge Chen of the Northern District of California held yesterday that there is no complete preemption, either express or implied, by the federal Wiretap Act.  As a result, Judge Chen granted plaintiff’s

Continue Reading New Holding That CIPA Not Preempted By Federal Wiretap Act

Twitter has announced that it will appeal a New York state judge’s ruling that the company must hand over an Occupy Wall Street protestor’s tweets to the Manhattan district attorney.  The defendant was charged with disorderly conduct for his participation in a protest march in October 1, 2011.  Following that incident, the district attorney subpoenaed Twitter for the defendant’s tweets over several months in the fall of 2011.  The defendant unsuccessfully challenged the subpoena in trial court, and Twitter is taking up the appeal.    

The trial court judge found that the Fourth Amendment did not apply to the government’s subpoena.  The defendant had no privacy interests in his tweets, the judge held, because of the public nature of the Twitter platform.  Pointing out that the “very nature and purpose of Twitter” is to share messages with a broad online audience, the judge concluded that the “defendant’s contention that he has privacy interests in his Tweets . . . [is] without merit.”Continue Reading Twitter to Appeal NY Ruling that It Must Hand over Occupy Protestor’s Tweets

On July 19, 2012, Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV), Dianne Feinstein (D-CA), and Tom Carper (D-DE) introduced a revised version of the Cybersecurity Act of 2012 (“CSA2012”), which they initially introduced in February. The revision includes elements drawn from efforts by Senators Sheldon Whitehouse (D-RI) and Jon Kyl (R-AZ) to reconcile the CSA2012 with the Republican-sponsored SECURE IT Act (S. 3342).

The new CSA2012 (S. 3414) takes a different approach than the original version to cybersecurity of critical infrastructure. The original bill would have given the Department of Homeland Security (“DHS”) authority to designate “systems or assets” as covered critical infrastructure and to require owners and operators of designated critical infrastructure to meet cybersecurity performance requirements, established by DHS. The new CSA2012, on the other hand, would rely on voluntary private sector compliance with cybersecurity standards. As Senator Lieberman explained, the revised bill relies on “carrots instead of sticks.”Continue Reading Senators Introduce Revised Cybersecurity Act of 2012

California Attorney General Kamala Harris yesterday announced the creation of a Privacy Enforcement and Protection Unit in her office that will focus on protecting consumer and individual privacy through civil prosecution of federal and state privacy laws.  The Unit will be staffed by six prosecutors who will focus on privacy

Continue Reading California AG Creates New Privacy Enforcement and Protection Unit