Inside Privacy

Subscribe to all posts by Inside Privacy

FTC Reaches Settlement with Digital Health App, Requires First Notice of Privacy Action

In a new post on the Covington Digital Health blog, our colleagues discuss a recent settlement between the Federal Trade Commission (“FTC”) and Flo Health, Inc. (“Flo”), the developer of a popular menstrual cycle and fertility-tracking application.  The settlement resolves allegations that Flo shared app users’ health information with outside third parties after promising that … Continue Reading

What A New Administration Means for the FTC’s Data Privacy & Security Enforcement Agenda

With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC).  The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might … Continue Reading

FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.… Continue Reading

Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization

Washington State Hearing on Latest Privacy Bill Highlights Competing Interests For Best Practices and Data Minimization  On January 14, 2020, Washington’s State Senate Committee on Environment, Energy & Technology received public testimony about Senate Bill 5062, the “Washington Privacy Act.”  Representatives from trade associations, the Attorney General’s Office, and civil rights groups offered recommendations to … Continue Reading

HHS Announces Proposed Changes to HIPAA’s Privacy Rule

In a new post of the Covington Digital Health blog, our colleagues discuss the proposed rule issued by the Office for Civil Rights of the U.S. Department of Health and Human Services to modify the Privacy Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for … Continue Reading

California AG Settlement Suggests Privacy and Security Practices of Digital Health Apps May Provide Fertile Ground for Enforcement Activity

In a new post on the Covington Digital Health blog, our colleagues discuss California Attorney General Xavier Becerra’s recent settlement against Glow, Inc., resolving allegations that the fertility app had “expose[d] millions of women’s personal and medical information.” The post explains the allegations and settlement terms, as well as takeaways for providers of digital health … Continue Reading

FERC Requests Comments on Grid Cybersecurity Initiatives

In a new post on the Covington Energy & Environment Blog, our colleagues discuss the Federal Energy Regulatory Commission’s Notice of Inquiry on updating reliability standards related to cybersecurity, especially given the threat of a coordinated cyberattack targeting geographically distributed generation resources.  The Commission also issued a staff paper that suggests a framework for providing … Continue Reading

IoT Update: COVID-19 Drives Forward Connected and Automated Vehicle Legislative and Regulatory Efforts

In a new post on the Covington Inside Tech Media Blog, our colleagues discuss how the pandemic is driving connected and automated vehicle (CAV) initiatives at the federal and state levels.  At the federal level, NHTSA and Congress have recently expressed support for utilizing CAV technology to address pandemic-related challenges.  In California, a privacy bill … Continue Reading

HHS Announces Enforcement Discretion Over the Implementation of Interoperability Final Rules Due to COVID-19 Public Health Emergency

In a new post on the Covington Digital Health blog, our colleagues discuss the Department of Health and Human Services (“HHS”) announcement of enforcement discretion to “permit compliance flexibilities” for the implementation of the interoperability final rules issued on March 9th, 2020.  The final rules are intended to improve patient access to electronic health information … Continue Reading

HHS Finalizes Interoperability Rules

In a new post on the Covington Digital Health blog, our colleagues discuss two recent final rules aimed at improving patient access to electronic health information (EHI) and standardizing modes of exchange for EHI.  Among other things, the rules are intended to prevent so-called “information blocking” and to provide patients with greater control over their … Continue Reading

DoD Announces the Release of CMMC Version 1.0

Last Friday, the Department of Defense announced the release of Version 1.0 of its Cybersecurity Maturity Model Certification (“CMMC”), which sets forth the cybersecurity requirements that contractors and suppliers must meet to participate in the Department’s supply chain.  A new post on Covington’s Inside Government Contracts blog discusses the release of Version 1.0 of the … Continue Reading

Four Federal Privacy Trends to Watch in 2020

Heading into the new year, California Consumer Privacy Act (“CCPA”) readiness remains top of mind for many businesses, especially as continued developments, such as the California Attorney General’s forthcoming implementing regulations, may implicate compliance efforts.  State legislation will likely move forward in 2020.  At the same time, however, companies should not lose sight of legislative … Continue Reading

IAPP: ‘Sale’ Under CCPA May Not Be as Scary as You Think

As the effective date of the California Consumer Privacy Act looms closer, companies are grappling with the significance of the law and its definitions. One defined term in particular, “sale,” has sparked heated debate between industry and consumer advocates, and even within the legal profession. While much has been said about this term, more needs … Continue Reading

FTC Reaches Settlement with Developer of Tracking Apps

On October 22, 2019, the Federal Trade Commission reached a proposed settlement with the developer of three so-called “stalking” apps that enabled purchasers of the app to secretly monitor the mobile devices on which they were installed.  Developer Retina-X Studios, LLC and its owner James N. Johns marketed the three apps—MobileSpy, PhoneSheriff, and TeenShield—as a … Continue Reading

NIST Releases Preliminary Draft of Privacy Framework

The U.S. Department of Commerce’s National Institute of Standards and Technology (“NIST”) now has released the preliminary draft of the “NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management.”  NIST is seeking comments on the preliminary draft of the Privacy Framework and plans to use these comments to develop version 1.0 of … Continue Reading

UK Court upholds police use of automated facial recognition technology

R (on the application of Edward Bridges) v The Chief Constable of South Wales [2019] EWHC 2341 (Admin) Case Note Introduction In Bridges, an application for judicial review, the UK High Court (Lord Justice Haddon-Cave and Mr. Justice Swift) considered the lawfulness of policing operations conducted by the South Wales Police force (“SWP”) which utilised … Continue Reading

Business Roundtable Proposes Framework for Consumer Privacy Legislation

On September 10, 2019, 51 members of the Business Roundtable sent a letter to congressional leaders advocating principles for a national consumer data privacy law. The Business Roundtable’s Framework for Consumer Privacy Legislation offers a guide for potential federal legislation that would harmonize existing privacy regulations and preempt existing state and local data privacy laws. … Continue Reading

FTC Settles Enforcement Actions Relating to Privacy Shield Certifications

On September 3, 2019, the Federal Trade Commission (“FTC”) announced settlement agreements with five companies for alleged false claims of certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (collectively, “Privacy Shield”).  These settlements indicate that the FTC is continuing to actively enforce Privacy Shield commitments, as it has done with respect to several other … Continue Reading

Maine Enacts Broadband Privacy Law

Earlier this month, Maine’s legislature enacted a new statute granting broad privacy rights to internet users in the state. Hailed as “the strictest consumer privacy protections in the nation,” the statute places among the toughest burdens on regulated entities to protect the data of their consumers. The statute applies only to broadband internet service providers … Continue Reading

Washington State Lawmakers Reach Deadline Without Passing Privacy Act, But Reach Agreement on Amendments to Breach Notification Law

The Washington Privacy Act stalled this April in the state’s House of Representatives, and will likely not reappear again for discussion until the 2020 legislative session. The bill overwhelmingly passed the Senate, but failed to come to a floor vote in the House of Representatives before the April 17th deadline for state lawmakers to consider … Continue Reading
LexBlog