On April 17, 2020, the UK’s Information Commissioner’s Office (“ICO”) issued an opinion on the recently announced Apple-Google initiative to develop a Bluetooth-based Contact Tracing Framework (“CTF”) to help prevent the spread of COVID-19.  The ICO opinion is generally supportive of the Apple-Google proposal and perceives it to be, at this early phase, aligned with principles of data protection by design and by default.  The ICO also cautions that since apps developed under the CTF could also be used to collect additional data using other techniques beyond those currently planned, developers of such apps must ensure compliance with data protection laws.

Continue Reading UK ICO Issues Opinion on Apple-Google Initiative for a Contact Tracing Framework

The Federal Trade Commission (“FTC”) recently announced a settlement with Apple, Inc. over allegations that the company billed parents and other account holders for children’s in-app activities without obtaining the account holders’ express and informed consent. The FTC’s complaint alleged that Apple’s failure to obtain express and informed consent prior to each in-app purchase constituted an unfair act or practice in violation of Section 5 of the FTC Act.

The FTC’s allegations stemmed from an App Store feature, disclosed in Apple’s Terms and Conditions, that allowed in-app purchases for up to fifteen minutes without requiring password re-entry after the user completed a password-requiring transaction. The FTC complaint alleged that this feature allowed children who were given possession of mobile devices after an initial password entry to incur charges for up to fifteen minutes without parental or accountholder knowledge.


Continue Reading FTC Announces $32.5M Settlement with Apple, Inc., May Be Seen as Expanding its “Unfairness” Authority

By Katherine Gasztonyi

Last week, Judge Robinson of the District of Delaware dismissed a multi-district lawsuit claiming that Google, Vibrant Media, Media Innovation Group, and WPP violated federal privacy and computer security laws by allegedly circumventing browser privacy settings in order to track users online.

This lawsuit stems from a February 17, 2012, Wall Street Journal article describing these companies’ use of a loophole in Safari’s privacy settings to set third-party tracking cookies even where the browser had been configured to block such cookies.  Lawsuits alleging violations of the federal Wiretap Act, Stored Communications Act, and Computer Fraud and Abuse Act (as well as various state laws) were filed in courts across the country, and ultimately were consolidated before Judge Robinson in Delaware.

Judge Robinson granted the defendants’ motions to dismiss all of the plaintiffs’ claims on the grounds that the plaintiffs had not adequately alleged standing to sue in federal court and, in any event, had failed to state a claim for relief under any of the statutes invoked in their complaint.


Continue Reading Court Tosses Claims Against Google and Others Based on Safari Hack

Nearly two years ago, the California Supreme Court held that requesting a customer’s ZIP code in connection with a credit card transaction violated the Song-Beverly Credit Card Act of 1971, a statute that prohibits businesses from recording a customer’s “personal identification information” (“PII”) as a condition of accepting a credit card payment.  On Wednesday, the

Today the Federal Trade Commission has announced its approval of a consent decree to settle charges that Google misrepresented to users of Apple’s Safari browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The decree requires Google to pay a

Yesterday California Attorney General Kamala D. Harris announced an agreement she forged among Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion to ensure that mobile device apps that collect personal information contain privacy policies.  The agreement is designed to ensure that mobile apps comply with the California Online Privacy Protection Act, which requires operators of

Yesterday, Judge Lucy Koh of the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss the consolidated, amended complaint in In re iPhone Application Litigation for lack of Article III standing, with leave to amend.  In finding lack of standing, the Court stated that plaintiffs’ allegations were “clearly insufficient” as plaintiffs did not allege “injury in fact to themselves” and “did not identify a concrete harm from the alleged collection and tracking of their personal information sufficient to create injury in fact.”  Further, the Court found that the plaintiffs had failed to allege any injury fairly traceable to Apple or any of the Mobile Industry Defendants.

In addition, the Court articulated specific deficiencies with respect to each of the causes of action, in the event plaintiffs choose to file an amended complaint.  These shortcomings include the fact that plaintiffs did not allege economic damages sufficient to meet the required threshold to state a civil claim under the Computer Fraud and Abuse Act.  The Court also found, as an increasing body of authority has held, that a plaintiff’s “personal information” does not constitute money or property under California’s Unfair Competition Law.


Continue Reading In re iPhone Application Litigation Dismissed

CNET reports that Rep. Jay Inslee (D-WA) is calling on the FTC to investigate Apple’s privacy practices, particularly with respect to location-based services.  In a letter to FTC Chairman John Leibowitz, Inslee expressed concern about users’ lack of awareness of “location-aware technology.”  He writes: 

“Citizens expect to be able to know the extent to which