Inside Privacy

Subscribe to all posts by Inside Privacy

NIST Releases Preliminary Draft of Privacy Framework

The U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) now has released the preliminary draft of the “NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.”  NIST is seeking comments on the preliminary draft of the Privacy Framework and plans to use these comments to develop version 1.0 of … Continue Reading

Business Roundtable Proposes Framework for Consumer Privacy Legislation

On September 10, 2019, 51 members of the Business Roundtable sent a letter to congressional leaders advocating principles for a national consumer data privacy law. The Business Roundtable’s Framework for Consumer Privacy Legislation offers a guide for potential federal legislation that would harmonize existing privacy regulations and preempt existing state and local data privacy laws. … Continue Reading

FTC Settles Enforcement Actions Relating to Privacy Shield Certifications

On September 3, 2019, the Federal Trade Commission (“FTC”) announced settlement agreements with five companies for alleged false claims of certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (collectively, “Privacy Shield”).  These settlements indicate that the FTC is continuing to actively enforce Privacy Shield commitments, as it has done with respect to several other … Continue Reading

Maine Enacts Broadband Privacy Law

Earlier this month, Maine’s legislature enacted a new statute granting broad privacy rights to internet users in the state. Hailed as “the strictest consumer privacy protections in the nation,” the statute places among the toughest burdens on regulated entities to protect the data of their consumers. The statute applies only to broadband internet service providers … Continue Reading

Washington State Lawmakers Reach Deadline Without Passing Privacy Act, But Reach Agreement on Amendments to Breach Notification Law

The Washington Privacy Act stalled this April in the state’s House of Representatives, and will likely not reappear again for discussion until the 2020 legislative session. The bill overwhelmingly passed the Senate, but failed to come to a floor vote in the House of Representatives before the April 17th deadline for state lawmakers to consider … Continue Reading

Democratic Senators Introduce Privacy Bill Seeking to Impose “Fiduciary” Duties on Online Providers

On December 12, 2018, Senator Brian Schatz (D-HI) led a group of fifteen Democratic senators in introducing the “Data Care Act of 2018,” which would impose duties of care, loyalty, and confidentiality on online service providers with respect to processing and securing user data.  The bill would also provide the FTC with rulemaking authority and … Continue Reading

FTC Settles with PR Firm and Publisher Over Social Media Endorsements

Just before the Thanksgiving holiday, the Federal Trade Commission (“FTC”) announced the issuance of consent orders involving Creaxion Corporation and Inside Publications, LLC to settle allegations that the companies misrepresented paid endorsements as independent opinions, and misrepresented paid commercial advertising as independent editorial content.  As a result, these companies and their principals are now prohibited … Continue Reading

Right to be forgotten controversially introduced into Maltese law

A recent press release from November 16, 2018 revealed that Malta’s Justice Minister introduced the right to be forgotten through a ministerial decree.  Since 2013, 86 out of 131 judgments have either been anonymized or removed from the courts’ public database.  The information came as a surprise to Malta’s legal community, as there had been … Continue Reading

NTIA Publishes Stakeholder Comments on Consumer Privacy Proposal

Last week, the National Telecommunications and Information Administration (“NTIA”) released submissions it had received from the Federal Trade Commission (“FTC”) staff and many other parties on NTIA’s proposed framework for advancing consumer privacy while protecting innovation.  Although NTIA did not request comments on a possible federal privacy bill, most submissions took the opportunity to inform … Continue Reading

NIST Begins Developing a Voluntary Online Privacy Framework

The Department of Commerce’s National Institute of Standards and Technology (“NIST”) announced in early September intention to create a Privacy Framework.  This Privacy Framework would provide voluntary guidelines that assist organizations in managing privacy risks.  The NIST announcement recognized that the Privacy Framework is timely because disruptive technologies, such as artificial intelligence and the internet … Continue Reading

IoT Update: The UK publishes a final version of its Code of Practice for Consumer IoT Security

By Grace Kim and Siobhan Kahmann Following an informal consultation earlier this year – as covered by our previous IoT Update here – the UK’s Department for Digital, Culture, Media and Sport (“DCMS”) published the final version of its Code of Practice for Consumer IoT Security (“Code”) on October 14, 2018. This was developed by … Continue Reading

Senate Discusses a Federal Privacy Law with Privacy Experts: Examining Lessons From the European Union’s General Data Protection Regulation and the California Consumer Privacy Act

On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy; Laura Moy, executive director of the Georgetown … Continue Reading

Senate Examines Potential for Federal Data Privacy Legislation

On September 26th, the Senate Committee on Commerce, Science, and Transportation held a hearing on data privacy, focusing in part on the potential for federal privacy regulation. The discussion centered on two issues: (1) the potential for Congress to pass a federal privacy law, including the scope and model for any such law, and (2) … Continue Reading

UK “No-Deal Brexit” Technical Notice Sets Out Plans on EU – UK Data Flows

By Grace Kim and Ezra Steinhardt On September 13, 2018, the UK government published a series of technical notices on how to prepare for a scenario in which the UK leaves the EU without agreement on March 29, 2019 (“no-deal Brexit”).  The government stressed that a no-deal Brexit “remains unlikely given the mutual interests of … Continue Reading

Key Provisions in India’s Draft Personal Data Bill

Key Provisions in India’s Draft Personal Data Bill This post is a follow-up to our earlier post on the release of India’s draft personal data protection bill. In this post, we go into greater detail about the bill’s provisions and flag issues for companies worldwide that may process data in India or provide goods or … Continue Reading

French Supervisory Authority Issues 2 GDPR Warnings

By Kristof Van Quathem and Anna Sophia Oberschelp de Meneses  Exactly one month after the GDPR started applying, the French Supervisory Authority (“CNIL”) issued a formal warning to two companies in relation to their processing of localization data for targeted advertising (see here).  The CNIL found that the consent on which both companies relied did … Continue Reading

FCC Seeking Comment on Key TCPA Reform Issues in Wake of DC Circuit Ruling

By Melanie Ramey Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court … Continue Reading

Supreme Court Unanimously Holds that Unauthorized Driver Has Reasonable Expectation of Privacy in Rental Car

By Lauren Moxley Today, the Supreme Court released its decision in Byrd v. United States.  The Court held that under the Fourth Amendment, a driver of a rental vehicle can challenge a search of the vehicle even if he is not listed as an authorized driver on the rental agreement. The case began in September … Continue Reading

Virginia Supreme Court Holds that Police License Plate Readers Collect Personal Information

The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour.  Officers check these numbers … Continue Reading

Mobile Phone Manufacturer Settles with FTC Over Allegations that Its Vendor Collected Personal Data without Consent

By Melanie Ramey Mobile phone manufacturer BLU Products, Inc. entered into a settlement agreement with the FTC last week to resolve allegations that one of BLU’s China-based vendors collected personal information about its consumers without proper consent. The settlement agreement, which took the form of a consent order, applies not only to BLU but also … Continue Reading

Interactive Advertising Bureau Europe Opens Registration for Transparency and Consent Framework

IAB Europe opened the registration process for vendors and consent management providers (“CMPs”) to apply for approved status under IAB Europe’s Transparency and Consent Framework (“Framework”). The Framework intends to provide publishers that have decided that the interest-based advertising products available on their platforms require user consent to deploy a standardized framework to (1) disclose … Continue Reading

Senate Democrats Propose CONSENT Act

By Alyson Sandler On April 10, Senators Richard Blumenthal (D-CT) and Ed Markey (D-MA) introduced new privacy legislation titled the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.  In a statement published on his website, Senator Markey referred to the legislation as a “privacy bill of rights” and explained that “[t]he avalanche of … Continue Reading
LexBlog