Photo of Nigel Howard

Nigel Howard’s practice focuses on technology, outsourcing, and intellectual property issues. He represents clients in complex technology transactions, including outsourcing, licensing, corporate partnering, and strategic alliance transactions. Mr. Howard also has experience representing clients during IP property purchases and sales, and in reviews of IP portfolios in relation to corporate financing and merger and acquisition transactions. His experience includes cross-border technology transfers, development and testing arrangements, distribution channels, technology deployment, and electronic commerce as well as privacy laws with regard to electronic databases and online services.

Airport tracking notice.jpgWhile online “tracking” using cookies, web beacons, and similar technologies has captured the attention of regulators and the plaintiffs’ bar over the last decade, recent articles in Forbes and the New York Times make clear that offline tracking is also evolving.  Using technological methods beyond the traditional loyalty program, this new offline tracking has potential privacy implications. 

The New York Times and other news organizations have devoted attention to offline tracking in shopping malls and other retail contexts, in which merchants attempt to get a better understanding of the traffic in their stores, consumers’ reactions to the display of merchandise and other shopping behaviors.  This post focuses on airports (increasingly a shopping venue, as well as transportation hub).  It appears that a number of airports have adopted offline tracking systems to enable the airport to understand passenger patterns and trends, improve capacity management, provide real-time information about the airport (e.g., wait times at security lines) and understand retail behavior.  These systems detect Bluetooth or WiFi signals emitted from smartphones and tablets to track passengers within the airport.  The systems do not “pair” with the device, and thus the only data that they collect is the unique device identifier (UDID).  One of the providers of these systems has informed me that their sensors use a one-way hash of the UDID, converting it at the sensor level to a string of numbers that would be difficult to convert back to the original UDID.   


Continue Reading New Offline Tracking Methods Come to Airports

Last week, Amadeus, which provides one of the three major global distribution systems to the travel industry, published a report on big data authored by Thomas Davenport (currently a visiting professor at the Harvard Business School).  Davenport identifies data privacy issues as a major challenge to the use of big data and suggests that proceeding with “permission, transparency and with delicacy” is key.  However, his summary and recommendations do not mention how the privacy challenge can be addressed.  In this post I will highlight some of the most interesting aspects of the report and will add my own recommendations for what companies in the travel industry should be considering in terms of privacy.  

  • Data scientists and machine learning.  Tom Davenport’s report identifies the increasing importance (and scarcity) of data scientists and how they are critical to understanding machine learning (one of the aspects of big data that is different from traditional forms of data analytics).  McKinsey made a similar point in their report on big data.  Less frequently discussed is the fact that data scientists will access a great deal of personal and sensitive data.  Because of this, background checks before hiring and post-hiring privacy training will be especially important.  Indeed, sensitivity to privacy issues should be considered a core competency of the data scientists. 


Continue Reading Recommendations for Big Data in the Travel Industry

Personalization of the shopping experience is a hot topic in the travel industry.  It has also prompted privacy regulators to consider the implications for the consumer.  For example, the Article 29 Data Protection Working Party in April issued a letter to the International Air Transportation Association (IATA) on this topic and a Department of Transportation committee recently

California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.

Harris alleged that Delta Airlines violated the California Online Privacy Protection Act (“CalOPPA”) by failing to include a privacy policy on its mobile app- The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004.

On Thursday, the district court granted Delta’s motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state’s claims. The ADA provides that “a State….may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier.” Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is “related to price, route or service of an air carrier” and thus agreed with Delta’s argument that the California AG’s claim is pre-empted.
Continue Reading Delta succeeds in dismissing California AG’s first CalOPPA case

On April 29, Craigslist was successful in fighting off a motion to dismiss filed by three screenscraping sites (3Taps, Padmapper and Lovely) in its pending litigation in the Northern District of California.   In Craigslist Inc. v. 3Taps Inc., No. CV 12-03816 (N.D. Cal.), Craigslist sued these sites, alleging that their scraping of Craigslist content

The DOT announced today that the fourth in a series of public meetings of the Advisory Committee on Aviation Consumer Protection will focus on privacy issues. This DOT Committee has been working on various rulemaking and enforcement initiatives affecting consumer protection in air travel, but this will be the first time that privacy practices and use of data have been made the central topic of a Committee meeting. The DOT supervises airlines privacy practices because airlines are subject to sector-specific oversight (the FTC Act provides that air carriers are among the businesses excepted from the FTC’s authority to regulate unfair or deceptive business practices).
Continue Reading DOT shifts consumer protection focus to privacy

California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps.  Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies

As states are initiating docket proceedings related to smart meter privacy and passing privacy protection legislation to regulate utility providers utilizing smart meters, it is interesting to note how one utility provider has taken steps towards protecting consumer privacy. 

San Diego Gas & Electric (SDG&E) is a utility provider based in southern California.  California has been one of the most active states in the country in proactively regulating the protection of smart grid consumer data.  So SDG&E has sought to address the regulatory and consumer concerns by adopting Privacy by Design with respect to its smart meter programs.

This blog has previously covered the FTC’s adoption of Privacy by Design as a central component of its recent privacy report.  The premise underlying Privacy by Design is that companies will better protect consumer data privacy if they fully incorporate safeguards and a culture of respecting privacy into the early stages of operations, rather than simply responding to legislation and regulations.


Continue Reading Privacy by Design for smart meters

Following up from our prior blog entry on the case of Friedman v. Maine Public Utilities Commission and Central Maine Power Company, the Maine Supreme Court issued its decision on July 12, 2012.  The court rejected the petitioner’s privacy, trespassing and Fourth Amendment violation complaints over smart meter technology by affirming the decision of the

Interesting questions are arising in relation to how to implement an “opt out” for smart meters. In many states, customer unease about the privacy and safety concerns associated with smart meters has resulted in new legislation or regulations that give customers the ability to decline the installation of a smart meter. However, smart meters enable energy efficiency and cost savings, so should customers that opt out have to pay more?

This question arose last month in the Maine Supreme Court in the case of Friedman v. Maine Public Utilities Commission and Central Maine Power Company. The court heard an appeal from the
Continue Reading Privacy at a cost? Recent smart meter litigation in Maine