California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.
Harris alleged that Delta Airlines violated the California Online Privacy Protection Act ("CalOPPA") by failing to include a privacy policy on its mobile app- The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004.
On Thursday, the district court granted Delta's motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state's claims. The ADA provides that "a State....may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier." Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is "related to price, route or service of an air carrier" and thus agreed with Delta's argument that the California AG's claim is pre-empted.… Continue Reading
The DOT announced today that the fourth in a series of public meetings of the Advisory Committee on Aviation Consumer Protection will focus on privacy issues. This DOT Committee has been working on various rulemaking and enforcement initiatives affecting consumer protection in air travel, but this will be the first time that privacy practices and use of data have been made the central topic of a Committee meeting. The DOT supervises airlines privacy practices because airlines are subject to sector-specific oversight (the FTC Act provides that air carriers are among the businesses excepted from the FTC's authority to regulate unfair or deceptive business practices).… Continue Reading
At a recent forum in New York, a team of Covington lawyers addressed the growing concern among companies that their most valuable assets could leave the building on a thumb drive in an employee’s pocket or be disclosed through an employee’s use of a social media site. Addressing this threat involves many disciplines beyond trade … Continue Reading
A bill titled the “Right to Know Act of 2013” (AB 1291), which was first introduced by Assembly Member Bonnie Lowenthal this past February, continues to gather momentum in the California legislature. The Right to Know Act would repeal and re-write Cal. Civ. Code § 1798.83 (often referred to as the California Shine the Light law) … Continue Reading
Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total. The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau. After identity theft, consumers filed the … Continue Reading
Politico is reporting that California Attorney General Kamala Harris will release a report containing privacy recommendations for key players in the mobile app ecosystem (including developers, advertisers, and others). The report could be released as early as this week. As we have noted elsewhere, Harris has made mobile privacy a key priority for her office. … Continue Reading
The Federal Trade Commission has released its revised final rule implementing the Children’s Online Privacy Protection Act (“COPPA”), which governs (1) operators of websites and online services that are directed to children under the age of 13 and (2) operators of general audience websites or online services that have actual knowledge that a user is … Continue Reading
The Federal Trade Commission released today its second report on mobile apps directed to children. The report, which follows up on an analysis that staff conducted in February 2012, examined the privacy disclosures of hundreds of kid-directed mobile apps and tested the apps’ practices against these disclosures to determine if the disclosures were accurate and complete. Staff found the results … Continue Reading
California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps. Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies … Continue Reading
On Thursday, the Federal Trade Commission (“FTC”) hosted a workshop to explore the practices and privacy implications of comprehensive data collection. The event gathered consumer protection groups, academics, privacy professionals, and business and industry representatives to examine the current state of comprehensive data collection, its risks and potential benefits, and what the future holds for … Continue Reading
On Thursday, November 15, 2012, Judge Robert S. Lasnick of the Western District of Washington dismissed Del Vecchio v. Amazon, stating that the parties had reached a settlement, the details of which were not disclosed. The suit had alleged (among other things) that Amazon used Flash cookies to backup and “respawn” browser cookies that plaintiffs … Continue Reading
California Attorney General Kamala Harris has formally warned 100 app developers that their apps are not in compliance with the California Online Privacy Protection Act (OPPA). Harris has given these developers 30 days to come into compliance by “conspicuously post[ing] a privacy policy within their app that informs users of what personally identifiable information about … Continue Reading
On October 26, 2012, the FTC finalized settlements with Georgia auto dealer Franklin Budget Car Sales, Inc. and Utah-based debt collector EPN Inc. over charges that each company illegally exposed sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems. The final settlements follow a notice-and-comment period … Continue Reading
In follow up to our previous blog entry on the subject, comment deadlines were set for additional petitions seeking to clarify TCPA provisions and related FCC rules. Comments on these Petitions are due on November 23, 2012, and reply comments are due on December 10, 2012. The Westfax Petition asks the FCC to clarify whether … Continue Reading
At the Wired for Change conference earlier this week, FTC Chairman Jon Leibowitz noted that the FTC is developing a “nutrition label” for data collection and use, modeled after the nutrition facts label for food and beverages. Leibowitz reportedly said that the agency’s chief technologist and the Bureau of Consumer Protection are working to identify … Continue Reading
A number of key developments affecting telemarketing emerged over the past week: 1. The distinction between informational and telemarketing calls was further defined. The 9th Circuit held that calls intended to impart information about a customer rewards program could be construed as “dual purpose” calls subject to federal and state telemarketing restrictions. See Chesbro v. … Continue Reading
A court in Texas recently dismissed a lawsuit it described as “an aspiring class action against a veritable who’s-who of social media companies.” The Plaintiffs in Opperman v. Path claimed that the Defendants improperly used their smartphone apps to copy, upload, and store Plaintiffs’ address book information without their consent. According to the court, the Plaintiffs’ … Continue Reading
Privacy stakeholders gathered today at NTIA to once again discuss how the group might move forward in developing a code of conduct for mobile app transparency. While no decisions were made, the group identified a number of topics that would be appropriate to tackle early in the process. There also appeared to be consensus among … Continue Reading
As states are initiating docket proceedings related to smart meter privacy and passing privacy protection legislation to regulate utility providers utilizing smart meters, it is interesting to note how one utility provider has taken steps towards protecting consumer privacy. San Diego Gas & Electric (SDG&E) is a utility provider based in southern California. California has … Continue Reading
According to a recent study released by the Future of Privacy Forum (FPF), the number of mobile apps with privacy policies has grown rapidly since September 2011. The study examined the top 25 free and 25 paid apps in the Apple iOS, Google Play, and Kindle Fire app stores, for a total of 150 apps. Of the apps reviewed, the study found … Continue Reading
Two reports have recently been released that look at consumer perceptions of online privacy issues and examine user tracking practices on popular websites. TRUSTe Privacy Index TRUSTe released its Privacy Index for the second quarter of 2012, which measures consumer confidence in their online privacy. The numbers show that consumers are concerned about web privacy … Continue Reading
The afternoon panels at yesterday’s FTC workshop focused on mobile issues, with the first focusing on mobile advertising disclosures and the second focusing on mobile privacy disclosures. Some themes were common to both panels. In particular, panelists in both sessions identified the unique challenges of designing disclosures that will effectively communicate with consumers who often … Continue Reading
This week, the U.K.-based GSM Association unveiled voluntary app privacy guidelines, which are being implemented by several major European mobile telephone service operators for their own branded applications. According to the GSM Association, the companies adopting these guidelines includes Deutsche Telekom, France Telecom – Orange, Telecom Italia, Telefónica, and Vodafone. This development follows last week’s announcement of an agreement by Amazon, Apple, Google, Hewlett-Packard, Microsoft, … Continue Reading
