Inside Privacy

Contact:Email

In a new post on the Inside Class Actions blog, our colleagues discuss a new Illinois federal court decision, Gregg v. Cent. Transp. LLC, 2024 WL 4766297, at *3 (N.D. Ill. Nov. 13, 2024), which holds that the state’s recent amendment to its Biometric Information Privacy Act capping

Continue Reading Illinois Federal Court Rules BIPA Single-Violation Amendment Applies Retroactively

In a new post on the Inside Global Tech blog, our colleagues discuss the recently released draft of the Texas Responsible AI Governance Act (“TRAIGA”), which is expected to be introduced in the 2025 legislative session.  Modeled on the Colorado AI Act (SB 205) and the EU AI Act

Continue Reading Texas Legislature to Consider Sweeping AI Legislation in 2025

A new post on the Covington Inside Global Tech blog discusses key 1Q24 deadlines under the Biden administration’s October 2023 Executive Order on Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence. 

Several agencies are expected to satisfy milestones related to the Executive Order’s key requirements in the coming

Continue Reading Anticipated 1Q24 Actions Implementing the White House AI Executive Order

Late last week, the Seventh Circuit affirmed a trial court’s ruling granting dismissal at summary judgment of claims against FCA US LLC (“FCA,” formerly known as Chrysler) and Harman International Industries, Inc. (“Harman”) for lack of Article III standing.  See Flynn v. FCA US LLC, — F. 4th —-

Continue Reading Seventh Circuit Affirms Dismissal Of Class Claims Based Upon Speculative Hacking Risk

On 22 December 2021, the conference of German data protection supervisory authorities (“DSK”) published its Guidance for Providers of Telemedia Services (Orientierungshilfe für Anbieter von Telemedien).  Particularly relevant for providers of websites and mobile applications, the Guidance is largely devoted to the “cookie provision” of the German Telecommunication and Telemedia Privacy Act (TTDSG), which came into force on 1 December 2021.  The publication  focuses on the consent requirement for cookies and similar technologies, as well as relevant exceptions, introduced by the law.
Continue Reading German Regulators Publish Cookie Guidance

On September 29, 2021, the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “Protecting Consumer Privacy.”  The hearing centered on strengthening consumer privacy rights, including by increasing the FTC’s resources and creating a comprehensive federal privacy law.

To explore these issues, the Committee invited David Vladeck, Professor and Faculty Director of the Center on Privacy and Technology at Georgetown Law and former Director of the FTC Bureau of Consumer Protection; Morgan Reed, President of The App Association; Maureen Ohlhausen, Partner and Section Chair (Antitrust & Competition Law) at Baker Botts and former Acting Chairman of the FTC; and Ashkan Soltani, Independent Researcher and Technologist and former Chief Technologist of the FTC.
Continue Reading Consumer Privacy Hearing Focuses on Expanding FTC Resources, Creating Federal Privacy Law

Today, the Supreme Court issued its decision in Facebook v. Duguid, adopting a narrow interpretation of a key definitional term in the Telephone Consumer Protection Act (TCPA) and resolving the circuit split we previously described here and here.

In effect, the Supreme Court’s opinion means that to qualify as an “automatic telephone dialing system” (ATDS) under the TCPA, a device must use a random or sequential number generator; a device that calls a prescribed set of telephone numbers without using such a number generator would stand outside that definition and thus not be regulated by the TCPA.
Continue Reading Supreme Court Narrows Meaning of TCPA Autodialer Definition

Last week, a federal district court in San Francisco dismissed a claim under the California Consumer Privacy Act (“CCPA”).  The plaintiff alleged that Google had collected personal information without complying with the CCPA’s notice and consent requirements.  The court held that the CCPA’s private right of action does not extend to these provisions of the law.  It appears that this is the first time a court expressly reached this conclusion.  The case is McCoy v. Alphabet, No. 20‑cv‑05427 (N.D. Cal. Feb. 2, 2021).

For context, the plaintiff alleged that Google used an internal program called “Android Lockbox” on its Android operating system to monitor and collect data from Android users as they used non-Google apps on their phones.  The alleged data collection included when and how often these third-party apps were used and the amount of time users spent on the third-party apps.  Based on these allegations, the plaintiff asserted eleven different claims.  Among these was a claim that Google violated the CCPA by failing to comply with the law’s requirements related to notice and consent.
Continue Reading Court Dismisses CCPA Claim Against Google

In a new post on the Covington Digital Health blog, our colleagues discuss a recent settlement between the Federal Trade Commission (“FTC”) and Flo Health, Inc. (“Flo”), the developer of a popular menstrual cycle and fertility-tracking application.  The settlement resolves allegations that Flo shared app users’ health information with
Continue Reading FTC Reaches Settlement with Digital Health App, Requires First Notice of Privacy Action

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards