As we approach the May 2018 effective date of the EU General Data Protection Regulation (“GDPR”), there have been a number of global developments over the last few months with respect to the so-called “right to be forgotten,” which will be codified under Article 17 of the GDPR. European Developments In the EU, we previously … Continue Reading
By Hannah Lepow Maryland is poised to become the second state in the country to ban businesses from contractually prohibiting customers from posting bad reviews online. The Nondisparagement Clauses in Consumer Contracts bill passed the state House on February 19 by an overwhelming majority and now goes on to the state Senate. Maryland’s law substantially … Continue Reading
By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law a trio of bills that is intended to clarify key elements of the state’s data-breach notification statute and provide guidance to persons, businesses, and state and local agencies that deal with electronically stored personal information. The bills, which were passed together … Continue Reading
By Brandon Johnson On October 6, 2015, California Governor Jerry Brown signed into law Assembly Bill 1116 (A.B. 1116), which regulates the manner in which smart TVs must notify users of voice-recognition technology and may use recorded voice commands. The bill, which was passed unanimously by both houses of the California legislature earlier this year, … Continue Reading
State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.… Continue Reading
By Randall Friedland California Attorney General Kamala D. Harris yesterday released the second annual California Data Breach Report. The report provided statistics and analysis related to data breaches that were reported to the Attorney General’s office in 2013. The report also outlined suggested best practices and provided recommendations on ways to improve data security. Statistics … Continue Reading
Continuing our coverage of the flurry of bills signed into law by California Governor Jerry Brown last week, we turn now to AB 1710, an amendment to California’s data breach legislation. The data breach amendment makes three notable changes to existing laws regarding personal information privacy: 1. Requires Companies that Maintain Personal Information to Implement … Continue Reading
Last week, California enacted bills SB 1177 and AB 1584, strengthening student privacy protections in the State. SB 1177 prohibits operators of online sites or mobile apps who know that their services are used primarily for K-12 school purposes and whose services designed and marketed as such (“operators”) from using K-12 student data in four … Continue Reading
On Tuesday, September 30th, California Governor Jerry Brown signed into law 8 bills his office says were designed to “strengthen privacy [ ] protections.” Among the bills is AB 2306, which prevents the attempt to capture an image or sound recording in an offensive manner through the use of any technological device. Among other things, … Continue Reading
Last Friday, Florida’s governor signed into law the Florida Information Protection Act of 2014 (“FIPA”), a bill repealing Florida’s existing data security breach notice law and replacing it with what will be one of the nation’s most stringent breach notice laws. This post summarizes the key aspects of the new law, which becomes effective July … Continue Reading
Last week, the governor of Connecticut signed into law a new requirement that extends compliance with the state’s existing Do-Not-Call registry to promotional text messages (SMS). Specifically, the law amends the definition of a “telephonic sales call” to include a “text or media message sent by or on behalf of a telephone solicitor,” thereby prohibiting … Continue Reading
On Monday, the International Association of Privacy Professionals (IAPP) hosted a discussion that featured state and federal privacy regulators. The panel included Maneesha Mithal, Associate Director for the Division of Privacy and Identity Theft at the Federal Trade Commission; Marty Jackley, Attorney General of South Dakota; and Bill Sorrell, Attorney General of Vermont. The panel … Continue Reading
The California legislature has enacted a flurry of privacy-related laws over the past few months. Still more bills are pending. This post provides a brief overview of new privacy laws enacted in California in 2013, including measures that will become effective on January 1, 2014. For a more detailed look at some of these key … Continue Reading
Earlier this month, we blogged about the California Senate’s passage of the bill titled “Privacy Rights for California Minors in the Digital World”, which prohibits certain targeted advertising to California minors and requires that minors be allowed to delete materials they have posted online. Yesterday, California Governor Jerry Brown signed the legislation, and it will … Continue Reading
Continuing a flurry of recent legislative activity (see posts here and here), the California legislature on Tuesday passed a bill requiring that California law enforcement agencies obtain a search warrant to compel the production of communications content (e.g., emails and social media messages) from providers of electronic communication services. A service provider may provide stored content … Continue Reading
Last Friday the California Senate unanimously passed legislation titled, “Privacy Rights for California Minors in the Digital World,” which prohibits certain types of marketing to minors (defined as a natural person under the age of 18 residing in California) and allows minors to delete materials they have posted online. The bill, which already cleared the … Continue Reading
Last week the California Senate unanimously approved a bill requiring that operators of commercial websites and online services that collect personal information disclose how they respond to “do-not-track” signals from web browsers and whether they allow third parties to engage in online tracking. The legislation, which was introduced by Assemblyman Al Muratsuchi, has been sponsored … Continue Reading
On Monday, California Attorney General Kamala Harris for the first time released a data breach report; the report details 131 data breaches reported to the CA AG’s office, which collectively exposed the personal information of 2.5 million Californians. 56% of the breaches involved Social Security numbers, a category of information disclosure which creates a heightened … Continue Reading
California Attorney General Kamala Harris failed in her first attempt to sue a company for failing to post a privacy policy on a mobile app.
Harris alleged that Delta Airlines violated the California Online Privacy Protection Act ("CalOPPA") by failing to include a privacy policy on its mobile app- The lawsuit, in the California Superior Court in San Francisco, was the first enforcement action under CalOPPA since it came into force in 2004.
On Thursday, the district court granted Delta's motion to dismiss the complaint, concluding that the Airline Deregulation Act (ADA) pre-empts the state's claims. The ADA provides that "a State....may not enact or enforce a law, regulation, or other provision having the force and effect of law related to a price, route, or service of an air carrier." Courts have construed the scope of preemption by the ADA broadly, and the majority of courts which have considered the issue have held that the ADA preempts the application of state consumer protection laws to airlines. See Morales v. Trans World Airlines, 504 U.S. 374 (1992). The judge decided that the operation of a mobile app for air travel services is "related to price, route or service of an air carrier" and thus agreed with Delta's argument that the California AG's claim is pre-empted.… Continue Reading
After gaining prominence in 2012, state legislation restricting access to personal social media accounts by employers and schools has remained active. Three more states have enacted their own restrictions thus far in 2013, and bills are pending in more than two dozen other states, according to the National Conference of State Legislatures. In 2012, Illinois … Continue Reading
A bill titled the “Right to Know Act of 2013” (AB 1291), which was first introduced by Assembly Member Bonnie Lowenthal this past February, continues to gather momentum in the California legislature. The Right to Know Act would repeal and re-write Cal. Civ. Code § 1798.83 (often referred to as the California Shine the Light law) … Continue Reading
On Monday, the California Supreme Court, by a slim 4-3 majority, held that California’s Song-Beverly Credit Card Act of 1971 (“Song-Beverly”) does not apply to online purchases in which a product is downloaded electronically, finding that Apple was not liable under the statute for collecting plaintiff Krescent’s telephone number and address in order to complete … Continue Reading
New Jersey earlier this month became the latest state to bar college and university officials from demanding access to students’ or applicants’ personal online accounts. Gov. Chris Christie signed the law, which takes effect immediately, on Dec. 3. Under the new law, which applies to public and private higher-education institutions, schools cannot require a student or … Continue Reading
California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps. Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies … Continue Reading
