Earlier this month, Maine’s legislature enacted a new statute granting broad privacy rights to internet users in the state. Hailed as “the strictest consumer privacy protections in the nation,” the statute places among the toughest burdens on regulated entities to protect the data of their consumers. The statute applies only to broadband internet service providers … Continue Reading
On June 20, 2019, Keith Krach was confirmed by the U.S. Senate to become the Trump administration’s first permanent Privacy Shield Ombudsperson at the State Department. The role of the Privacy Shield Ombudsperson is to act as an additional redress avenue for all EU data subjects whose data is transferred from the EU or Switzerland … Continue Reading
As policymakers weigh the implications of artificial intelligence (“AI”) and the Internet of Things (“IoT”), members of Congress have introduced a handful of measures focusing on Government support for and adoption of these emerging technologies. In May, Senators Deb Fischer (R-NE), Brian Schatz (D-HI), Cory Gardner (R-CO), and Cory Booker (D-NJ) reintroduced the Developing and … Continue Reading
On May 29, 2019, the Governor of Nevada signed into law Senate Bill 220 (“SB 220”), an act relating to Internet privacy and amending Nevada’s existing law requiring websites and online services to post a privacy notice. In short, Nevada’s law will require operators of Internet websites and online services to follow a consumer’s direction … Continue Reading
On May 8, 2019, the Federal Trade Commission (FTC) announced its first three cases that exclusively enforce the Consumer Review Fairness Act (CRFA). Enacted in December 2016 to protect consumers’ ability to share their honest reviews, the CRFA prohibits companies from using form contracts that bar consumers from writing negative reviews or threaten them with … Continue Reading
On April 19, 2019, the Department of Health and Human Services (HHS) announced a 30-day extension, until June 3, 2019, to the comment period for two rules proposed by the Centers for Medicare & Medicaid Services (CMS) and the Office of the National Coordinator for Health Information Technology (ONC). The CMS proposed rule aims to … Continue Reading
On Friday, April 19, 2019, the Office for Civil Rights of the U.S. Department of Health and Human Services (HHS) explained in an FAQ the circumstances under which electronic health record (EHR) systems may be subject to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) liability for an app’s impermissible use or disclosure … Continue Reading
On March 26, 2019, the Senate Armed Services’ Subcommittee on Cybersecurity held a hearing to receive testimony assessing how the Department of Defense’s (“DOD”) cybersecurity policies and regulations have affected the Defense Industrial Base (“DIB”). To gain a better understanding of the DIB’s cybersecurity concerns, the Subcommittee invited William LaPlante, Senior Vice President and General … Continue Reading
On March 5, 2019 the Federal Trade Commission (“FTC”) published requests for comment on proposed amendments to two key rules under the Gramm-Leach-Bliley Act (“GLBA”). Most significantly, the FTC is proposing to add more detailed requirements to the Safeguards Rule, which governs the information security programs financial institutions must implement to protect customer data. In … Continue Reading
The U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that 2018 was an all-time record year for Health Insurance Portability and Accountability Act (“HIPAA”) enforcement activity. Enforcement actions in 2018 resulted in the assessment of $28.7 million in civil money penalties. Enforcement activity focused primarily on breaches of electronic protected … Continue Reading
One week from today, Covington will host its first webinar in a series on connected and automated vehicles (“CAVs”). The webinar will take place on February 27 from 12 to 1 p.m. Eastern Time. During the webinar, Covington’s regulatory and legislative experts will cover developments in U.S. law and regulations relating to CAVs. Those topics … Continue Reading
On January 24, the European Data Protection Board (“EDPB”) adopted a report (“Report”) regarding the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). In a press release accompanying the Report, the EDPB welcomed efforts by EU and U.S. authorities to implement the Privacy Shield, including in particular the recent appointment of a permanent … Continue Reading
Vermont and the District of Columbia recently joined the growing list of states that have enacted automatic renewal statutes. Automatic renewal clauses (“auto-renewals”) allow providers of goods or services to bill consumers periodically without obtaining express consent before each billing cycle. These clauses are becoming increasingly common for a variety of goods and services. Regulators … Continue Reading
Last week, a California magistrate judge denied federal prosecutors’ application for a search warrant on the grounds that law enforcement cannot force people to unlock their phones using biometric features, such as fingerprints and facial recognition.… Continue Reading
Earlier this week, the European Commission (“Commission”) published its Report on the second annual review of the EU-U.S. Privacy Shield (“Privacy Shield”) (the Report is accompanied by a Staff Working Document). The Report concludes that the Privacy Shield “continues to ensure an adequate level of protection” for personal data transferred from the EU to the … Continue Reading
Last month in In the Matter of 1-800 Contacts, Inc., the Federal Trade Commission (“FTC”) provided insight into the circumstances under which retail price competition may take place in the 21st century internet economy. In the Opinion authored by Chairman Joseph J. Simons (“Commission’s Opinion”) the Commission decided that 1-800 Contacts, the country’s largest online … Continue Reading
On December 4, 2018, the Federal Trade Commission (“FTC”) announced that it is accepting public comments regarding its Identity Theft Detection Rules, 16 C.F.R. Part 681 (the “Rules”), as part of a systematic review of the Commission’s regulations and guidelines. The review of the Rules is particularly noteworthy because identity theft is among the top … Continue Reading
Yesterday, the Supreme Court granted certiorari in Carlton & Harris Chiropractic, Inc. v. PDR Network, LLC, No. 17-1705. The case began when Carlton & Harris sued PDR Network for alleged violations of the commercial fax provisions of the Telephone Consumer Protection Act (“TCPA”). The Fourth Circuit ruled in Carlton & Harris’s favor, relying on an interpretation … Continue Reading
Senator Ron Wyden last week released a discussion draft of a federal privacy bill that would amend Section 5 of the Federal Trade Commission Act to expand the FTC’s authority, create significant civil fines, and enforce certain provisions through criminal penalties. The draft Consumer Data Protection Act is among a growing number of proposals for … Continue Reading
[This article also was published in Law360.] In March 2017, Rep. Tom Graves, R-Ga., introduced a draft bill titled the Active Cyber Defense Certainty Act. The bill would amend the Computer Fraud and Abuse Act to enable victims of cyberattacks to employ “limited defensive measures that exceed the boundaries of one’s network in order to … Continue Reading
On October 10, the Senate Committee on Commerce, Science, and Transportation held second hearing on data privacy that invited advocates and experts to discuss a federal privacy law. The panelists included Andrea Jelinek, director of the European Data Protection Board; Alastair Mactaggart, chair of Californians for Consumer Privacy; Laura Moy, executive director of the Georgetown … Continue Reading
Yesterday, the FCC released a Public Notice seeking comment on a recent decision issued by the U.S. Court of Appeals for the Ninth Circuit in Marks v. Crunch San Diego, LLC, No. 14-56834 (Sept. 20, 2018). The Public Notice, issued in the context of the FCC’s Telephone Consumer Protection Act (TCPA) reform proceeding, seeks comment … Continue Reading
Less than three months ago, California enacted the California Consumer Privacy Act of 2018 (“CCPA”). Industry and privacy watch groups alike have scrutinized the law. This summer saw fierce negotiations all in the name of improving the CCPA. Last Friday, on August 31, 2018, the California legislature passed SB 1121 to amend the CCPA. The … Continue Reading
On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.” NTIA’s Office of International Affairs (“OIA”) had requested comments and … Continue Reading
