As states are initiating docket proceedings related to smart meter privacy and passing privacy protection legislation to regulate utility providers utilizing smart meters, it is interesting to note how one utility provider has taken steps towards protecting consumer privacy. San Diego Gas & Electric (SDG&E) is a utility provider based in southern California. California has … Continue Reading
Last week, a group of eight House members sent letters to nine “major data brokerage companies,” seeking detailed information about “the business of data brokerage,” which the Congressmen described as “the collecting, assembling, maintaining and selling to third-parties of consumers’ personal information.” The letter appears to have been spurred by a June 16 New York … Continue Reading
According to a recent study released by the Future of Privacy Forum (FPF), the number of mobile apps with privacy policies has grown rapidly since September 2011. The study examined the top 25 free and 25 paid apps in the Apple iOS, Google Play, and Kindle Fire app stores, for a total of 150 apps. Of the apps reviewed, the study found … Continue Reading
The European Data Protection Supervisor (“EDPS”) has issued an opinion on Europe’s strategy for protecting children on the Internet. The European Commission consults with the EDPS on a variety of data protection issues. However, the opinions of the EDPS are not legally binding. Among other things, the EDPS expressed support for: The implementation of technical tools, such as … Continue Reading
In a surprise turn of events, Google has written today to the UK data protection authority (the “ICO”) and other regulators around the world stating that it still possesses some of the payload data collected by its Street View vehicles in 2010. This follows the ICO re-opening its probe into Google’s Street View activity last … Continue Reading
Yesterday, the Senate voted to move forward with a floor debate of the Cybersecurity Act of 2012 (“CSA2012”) (S. 3414), and the White House formally endorsed CSA2012, saying it will strengthen efforts to secure American networks against cyberattacks. As a result of yesterday’s procedural vote, the Senate is likely to consider the current version of … Continue Reading
Adding to a growing body of decisions considering federal preemption of the California Invasion of Privacy Act (“CIPA”), Judge Chen of the Northern District of California held yesterday that there is no complete preemption, either express or implied, by the federal Wiretap Act. As a result, Judge Chen granted plaintiff’s motion to remand one class … Continue Reading
Twitter has announced that it will appeal a New York state judge’s ruling that the company must hand over an Occupy Wall Street protestor’s tweets to the Manhattan district attorney. The defendant was charged with disorderly conduct for his participation in a protest march in October 1, 2011. Following that incident, the district attorney subpoenaed … Continue Reading
On July 19, 2012, Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV), Dianne Feinstein (D-CA), and Tom Carper (D-DE) introduced a revised version of the Cybersecurity Act of 2012 (“CSA2012”), which they initially introduced in February. The revision includes elements drawn from efforts by Senators Sheldon Whitehouse (D-RI) and Jon Kyl (R-AZ) to … Continue Reading
California Attorney General Kamala Harris yesterday announced the creation of a Privacy Enforcement and Protection Unit in her office that will focus on protecting consumer and individual privacy through civil prosecution of federal and state privacy laws. The Unit will be staffed by six prosecutors who will focus on privacy enforcement. Joanne McNabb, formerly of … Continue Reading
The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision. The rule will have significant consequences for companies in the consumer reporting industry. The final rule follows a proposed rule issued in February … Continue Reading
On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing. The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’” The guidance also … Continue Reading
On 12 July, 2012, the Justice Select Committee, the body tasked by the UK Parliament’s European Scrutiny Committee to give its opinion on the EU Commission’s proposals to reform EU data protection laws, launched a call for written evidence on the following questions: Will the proposed Regulation strike the right balance between the need, on … Continue Reading
Following up from our prior blog entry on the case of Friedman v. Maine Public Utilities Commission and Central Maine Power Company, the Maine Supreme Court issued its decision on July 12, 2012. The court rejected the petitioner’s privacy, trespassing and Fourth Amendment violation complaints over smart meter technology by affirming the decision of the Maine … Continue Reading
Yesterday, deeming LinkedIn’s motion to dismiss suitable for decision without oral argument, Judge Koh of the U.S. District Court for the Northern District of California dismissed all eight claims in Low v. LinkedIn with prejudice, ending this litigation. Covington successfully represented LinkedIn in this case, in which plaintiffs alleged that the purported transmittal to certain third … Continue Reading
Yesterday marked the inaugural Privacy Multistakeholder Meeting at the Department of Commerce, hosted by the National Telecommunication & Information Administration (“NTIA”). The meeting brought together representatives of technology companies, advertisers, consumer groups, and other stakeholders for a discussion of mobile application transparency and the process for future discussions and meetings. While the meeting did not … Continue Reading
Rep. Mary Bono Mack (R-CA) plans to introduce legislation to renew the Federal Trade Commission’s authority to take action against cross-border spam, spyware, and fraud. Among other provisions, the U.S. SAFE WEB Act of 2006 gave the FTC authority to share information with foreign law-enforcement agencies, to take action against foreign conduct that is unfair … Continue Reading
Mobile security firm Lookout has issued guidelines to help mobile ad providers and app developers standardize privacy practices for app-based mobile ads. According to Lookout Chief Technology Officer Kevin Mahaffey, the guidelines are intended to provide guidance about what constitutes “acceptable behavior” in the mobile ad ecosystem, and to “fix this problem before it gets … Continue Reading
On July 5, 2012, the U.N. Human Rights Council adopted a resolution on the promotion, protection, and enjoyment of human rights on the Internet. The U.N. General Assembly established the Human Rights Council in 2006 to replace the former U.N. Commission on Human Rights. The Council consists of 47 U.N. member states from all geographic … Continue Reading
A bank that required a commercial customer to answer “challenge questions” for virtually all online payments and that did not implement other common security measures failed to provide a commercially reasonable level of security, the U.S. Court of Appeals for the First Circuit ruled this week. The case arose when unknown hackers were able to … Continue Reading
On July 1st, 2012, the Article 29 Working Party (WP29), a group consisting of data protection authorities of all EU Member States, adopted a long-awaited opinion on cloud computing. While acknowledging the advantages of cloud computing, the opinion sets out a number of data protection issues that may arise from the wide-scale deployment of cloud … Continue Reading
China’s internet regulator, the Ministry of Industry and Information Technology (“MIIT”), has released two draft regulations that could significantly impact how mobile smart device manufacturers (such as smartphones) and internet information service providers (“IISPs”) handle users’ personal information in China.… Continue Reading
The New Jersey Attorney General and Division of Consumer Affairs have announced a settlement with 24x7digital, the developer of the “TeachMe” mobile apps for preschool through second-grade children, to resolve claims that the company violated the federal Children’s Online Privacy Protection Act (“COPPA”). The state alleged that children were encouraged to submit their full names, along with a photograph, … Continue Reading
South Korea's new comprehensive privacy law, the Personal Information Protection Act, promulgated on 29 March 2011, is now in effect. The Korean government allowed a grace period for companies to comply with the provisions of the new law and this came to an end on March 31st 2012. In relation to the private sector, the new legislation replaces some aspects of the Act on Promotion of Information and Communications Network Utilization and Information Protection (ICN Act). Described by privacy commentators as one of the strictest privacy laws in the world, the new legislation reflects the baseline standards of the OECD Privacy Guidelines and the APEC Privacy Framework (2004) to a large extent and also appears to exceed those requirements in several respects. This is an introduction to some of the core provisions of the new legislation:… Continue Reading
