On June 28, 2018, California enacted the California Consumer Privacy Act of 2018 (“CCPA”), which is aimed at strengthening consumer privacy rights and data security protections. The CCPA takes effect on January 1, 2020 and is considered the most stringent privacy law in the country. The CCPA applies to for-profit entities that conduct business in … Continue Reading
Earlier today, the Federal Trade Commission (“FTC”) announced that it will host a series of public hearings on whether “broad-based changes in the economy, evolving business practices, new technologies, or international developments might require adjustments to competition and consumer protection enforcement law, enforcement priorities, and policy.” FTC Chairman Joe Simons noted that “important and significant … Continue Reading
The Eleventh Circuit has issued its decision in LabMD v. FTC, a closely watched case in which LabMD challenged the Federal Trade Commission’s authority to regulate the data security practices of private companies. The Court of Appeals declined to decide that issue, instead finding that the FTC’s order requiring LabMD to implement certain data security … Continue Reading
This spring has seen significant legislative activity with regards to state data breach notification laws, ranging from new laws in Alabama and South Dakota to amendments to existing laws in Oregon, Arizona, and elsewhere. Continuing this trend, three states recently passed legislation to amend their existing data breach notification laws. Legislation recently passed in Colorado … Continue Reading
Earlier this week, the National Telecommunications and Information Administration (NTIA), the executive branch agency responsible for telecommunications and information policy, released a Notice of Inquiry requesting that any interested party—including the private sector, technical experts, academics, and civil society—help the agency determine its international internet policy priorities. In particular, NTIA is seeking comments and recommendations … Continue Reading
This past week, Mary Meeker presented her annual Internet Trends report for 2018 at the Code Conference. A copy of the slide deck is available here. The report is widely respected by industry experts, and this year’s presentation included a number of insights that industry stakeholders will find relevant regarding data privacy and technology more … Continue Reading
A class-action lawsuit filed last month alleges that Wal-Mart’s video recording technology at its self-service checkout kiosks collects “personal identification information” in violation of the California Song-Beverly Act Credit Card Act of 1971 (“Song-Beverly Act”). The Song-Beverly Act, like analogous statutes in several other states, generally prohibits businesses from recording customers’ “personal identification information” as … Continue Reading
In both the Senate and the House, a bipartisan group of lawmakers has reintroduced a bill to update the Children’s Online Privacy Protection Act of 1998 (COPPA). Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn) and Reps. Joe Barton (R-Texas) and Bobby Rush (D-Ill.) have introduced the Do Not Track Kids Act. The bill would … Continue Reading
By Melanie Ramey Yesterday, the Federal Communications Commission (“FCC”) released a Public Notice seeking comment on a range of issues relevant to its interpretation of the Telephone Consumer Protection Act (“TCPA”), including how the FCC should interpret what constitutes an “automatic telephone dialing system” in the wake of a recent decision by the U.S. Court … Continue Reading
As policymakers weigh the many policy implications associated with the Internet of Things (“IoT”), U.S. lawmakers have put forward a variety of proposals for studying—and regulating—IoT devices. Although the likelihood of current proposals becoming law this term remain uncertain at best, existing legislative proposals provide important context and insight into the ways that lawmakers view … Continue Reading
By Katie Bies The Virginia Supreme Court held that license plate images taken by law enforcement agencies constitute “personal information,” reviving a challenge to the police storage of license plate data. Automatic license plate readers (“ALPRs”) are used by police departments across the country to take thousands of photos of license plates per hour. Officers … Continue Reading
By Melanie Ramey Mobile phone manufacturer BLU Products, Inc. entered into a settlement agreement with the FTC last week to resolve allegations that one of BLU’s China-based vendors collected personal information about its consumers without proper consent. The settlement agreement, which took the form of a consent order, applies not only to BLU but also … Continue Reading
On Tuesday, Joseph Simons was sworn in as the new Chairman of the Federal Trade Commission. The five-member Commission will soon be at full strength, as Simons is set to be joined by four other new FTC Commissioners, each of which were confirmed for seven-year terms by the Senate on April 26: Democrats Rebecca Kelly … Continue Reading
Earlier this week, the Fourth Circuit Court of Appeals affirmed a lower court decision to dismiss a Telephone Consumer Protection Act (“TCPA”) lawsuit against General Dynamics Information Technology, Inc. (“GDIT”), on the basis that GDIT was immune from suit as a government contractor under what is known as the “Yearsley doctrine.” Craig Cunningham v. GDIT, … Continue Reading
On April 24, 2018, Senators Amy Klobuchar (D-MN) and John Kennedy (R-LA) introduced the Social Media Privacy and Consumer Rights Act of 2018. The bill aims to protect consumers’ online data by increasing the transparency of data collection and tracking practices, and requiring companies to notify consumers of a privacy violation within 72 hours. “Our … Continue Reading
Last summer, Marcus Hutchins, the security researcher who stopped the “WannaCry” malware attack, was arrested and charged for his role in allegedly creating and conspiring to sell a different piece of malware, known as Kronos. As we have previously discussed on this blog, however, the indictment was notable for its lack of allegations connecting Hutchins … Continue Reading
By Alyson Sandler On April 10, Senators Richard Blumenthal (D-CT) and Ed Markey (D-MA) introduced new privacy legislation titled the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. In a statement published on his website, Senator Markey referred to the legislation as a “privacy bill of rights” and explained that “[t]he avalanche of … Continue Reading
[This article was originally published in Law360] Last week, South Dakota became the 49th U.S. state to enact a data breach notification law with the passage of S.B. 62, which sets forth requirements for notifying state residents, the state attorney general, and major consumer reporting agencies in the event of a breach. The law, which … Continue Reading
On March 23, 2018, Congress passed, and President Trump signed into law, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which creates a new framework for government access to data held by technology companies worldwide. The CLOUD Act, enacted as part of the Consolidated Appropriations Act, has two components. Part I: Extraterritorial Reach of … Continue Reading
The U.S. Court of Appeals for the D.C. Circuit on Friday issued a long-awaited ruling in a lawsuit challenging the Federal Communications Commission’s interpretations of key terms under the Telephone Consumer Protection Act of 1991 (“TCPA”), holding that the FCC in 2015 had adopted an unreasonably broad definition of the type of calling equipment subject … Continue Reading
This week, the Federal Trade Commission (“FTC”) granted Sears Holdings Management’s (“Sears”) petition to reopen and modify a 2009 consent order regarding the tracking of personal information on Sears’ software apps. We analyzed Sears’ petition last fall, which sought to modify the definition of “tracking application,” which triggered heightened notice and consent requirements under the … Continue Reading
On February 28, 2018, the Federal Trade Commission (“FTC”) issued a report discussing security updates for mobile devices. The report stems from information the FTC collected from eight mobile device manufacturers — Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung — and from information the Federal Communications Commission (“FCC”) collected from mobile carriers in … Continue Reading
On the heels of the Federal Trade Commission’s (“FTC”) third annual “PrivacyCon,” the Future of Privacy Forum hosted its eighth annual “Privacy Papers for Policymakers” event on Capitol Hill—a gathering in which academics present their original scholarly works on privacy-related topics to D.C. policy wonks who may have a hand in shaping laws and regulations … Continue Reading
In a ruling with implications for both net neutrality and privacy, the Ninth Circuit ruled en banc today that the common carrier exemption in Section 5 of the FTC Act is activity-based, reversing a 2016 panel ruling that the exemption was status-based. Today’s decision bolsters the FTC’s authority to bring consumer protection (including privacy) and … Continue Reading
