In a new post on the Covington Digital Health blog, our colleagues discuss a recent settlement between the Federal Trade Commission (“FTC”) and Flo Health, Inc. (“Flo”), the developer of a popular menstrual cycle and fertility-tracking application. The settlement resolves allegations that Flo shared app users’ health information with outside third parties after promising that … Continue Reading
With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC). The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might … Continue Reading
On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications. According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.… Continue Reading
Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.” Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to … Continue Reading
In a new post of the Covington Digital Health blog, our colleagues discuss the proposed rule issued by the Office for Civil Rights of the U.S. Department of Health and Human Services to modify the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for … Continue Reading
In a new post on the Covington Digital Health blog, our colleagues discuss California Attorney General Xavier Becerra’s recent settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” The post explains the allegations and settlement terms, as well as takeaways for providers of digital health … Continue Reading
What guidance has the FTC recently provided on the use of AI and algorithms? Our colleagues, former FTC Commissioner, Terrell McSweeny, and AI Initiative Co-Chair, Lee Tiedrich, explain in The Journal of Robotics, Artificial Intelligence and Law.… Continue Reading
In a new post on the Covington Energy & Environment Blog, our colleagues discuss the Federal Energy Regulatory Commission’s Notice of Inquiry on updating reliability standards related to cybersecurity, especially given the threat of a coordinated cyberattack targeting geographically distributed generation resources. The Commission also issued a staff paper that suggests a framework for providing … Continue Reading
In a new post on the Covington Inside Tech Media Blog, our colleagues discuss how the pandemic is driving connected and automated vehicle (CAV) initiatives at the federal and state levels. At the federal level, NHTSA and Congress have recently expressed support for utilizing CAV technology to address pandemic-related challenges. In California, a privacy bill … Continue Reading
In a new post on the Covington Digital Health blog, our colleagues discuss the Department of Health and Human Services (“HHS”) announcement of enforcement discretion to “permit compliance flexibilities” for the implementation of the interoperability final rules issued on March 9th, 2020. The final rules are intended to improve patient access to electronic health information … Continue Reading
The Brazil Senate unanimously approved a bill today that would delay implementation of the Brazil General Law for Data Protection, or LGPD, until January 1, 2021 and enforcement of fines and penalties until August 1, 2021. The LGPD is currently scheduled to take effect on August 15, 2020. The draft bill — one of four … Continue Reading
In a new post on the Covington Digital Health blog, our colleagues discuss two recent final rules aimed at improving patient access to electronic health information (EHI) and standardizing modes of exchange for EHI. Among other things, the rules are intended to prevent so-called “information blocking” and to provide patients with greater control over their … Continue Reading
Last Friday, the Department of Defense announced the release of Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”), which sets forth the cybersecurity requirements that contractors and suppliers must meet to participate in the Department’s supply chain. A new post on Covington’s Inside Government Contracts blog discusses the release of Version 1.0 of the … Continue Reading
Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts. State legislation will likely move forward in 2020. At the same time, however, companies should not lose sight of legislative … Continue Reading
As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs … Continue Reading
On October 22, 2019, the Federal Trade Commission reached a proposed settlement with the developer of three so-called “stalking” apps that enabled purchasers of the app to secretly monitor the mobile devices on which they were installed. Developer Retina-X Studios, LLC and its owner James N. Johns marketed the three apps—MobileSpy, PhoneSheriff, and TeenShield—as a … Continue Reading
On October 17, Senator Ron Wyden introduced in the Senate a privacy bill that would expand the FTC’s authority to regulate data collection and use, allow consumers to opt out of data sharing, and create civil and criminal penalties for certain violations of the Act. The Mind Your Own Business Act of 2019 is the … Continue Reading
The U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) now has released the preliminary draft of the “NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.” NIST is seeking comments on the preliminary draft of the Privacy Framework and plans to use these comments to develop version 1.0 of … Continue Reading
R (on the application of Edward Bridges) v The Chief Constable of South Wales [2019] EWHC 2341 (Admin) Case Note Introduction In Bridges, an application for judicial review, the UK High Court (Lord Justice Haddon-Cave and Mr. Justice Swift) considered the lawfulness of policing operations conducted by the South Wales Police force (“SWP”) which utilised … Continue Reading
On September 10, 2019, 51 members of the Business Roundtable sent a letter to congressional leaders advocating principles for a national consumer data privacy law. The Business Roundtable’s Framework for Consumer Privacy Legislation offers a guide for potential federal legislation that would harmonize existing privacy regulations and preempt existing state and local data privacy laws. … Continue Reading
On September 3, 2019, the Federal Trade Commission (“FTC”) announced settlement agreements with five companies for alleged false claims of certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (collectively, “Privacy Shield”). These settlements indicate that the FTC is continuing to actively enforce Privacy Shield commitments, as it has done with respect to several other … Continue Reading
Earlier this month, Maine’s legislature enacted a new statute granting broad privacy rights to internet users in the state. Hailed as “the strictest consumer privacy protections in the nation,” the statute places among the toughest burdens on regulated entities to protect the data of their consumers. The statute applies only to broadband internet service providers … Continue Reading
On May 27, 2019, the Thai government published the Personal Data Protection Act B.E. 2562 (2019) (the “PDPA”) in its official gazette, meaning the law now takes effect and companies have a 1-year period to bring their practices into compliance by May 27, 2020. Notably, the PDPA adopts a broad definition of “personal data” (essentially, … Continue Reading
The Washington Privacy Act stalled this April in the state’s House of Representatives, and will likely not reappear again for discussion until the 2020 legislative session. The bill overwhelmingly passed the Senate, but failed to come to a floor vote in the House of Representatives before the April 17th deadline for state lawmakers to consider … Continue Reading