device identifiers

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that:

“we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.”

The post (which reiterates Ms. Rich’s remarks at the Network Advertising Initiative’s April meeting) suggests a shift in the FTC’s treatment of IP addresses and other numbers that identify a browser or device.   The FTC previously has taken the position that browser and device identifiers are deserving of privacy protections, but the FTC generally has avoided classifying these identifiers as equivalent to personally identifiable information (such as name, email, and address) except in the narrow context of children’s privacy.  (The FTC’s rule implementing the Children’s Online Privacy Protection Act defines “personal information” to include a “persistent identifier that can be used to recognize a user over time and across different Web sites or online services.”)
Continue Reading FTC’s Jessica Rich Argues IP Addresses and Other Persistent Identifiers Are “Personally Identifiable”

As the FTC continues to explore the Internet of Things (“IoT”) and IoT devices, today the agency announced that it will host a workshop in November on the topic of cross-device tracking.  Recognizing that today’s typical consumer daily uses a variety of connected devices while simultaneously interacting with numerous platforms,
Continue Reading FTC Announces November Workshop on Cross-Device Tracking

By Caleb Skeath

As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February.  The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the “Do Not Track Kids Act of 2015,” which proposes substantial revisions to the Children’s Online Privacy Protection Act (COPPA).  As with the White House proposal, the Privacy Rights Act would implement a comprehensive regime of substantive privacy requirements.  Our analysis of the Commercial Privacy Rights Act is below, and we will separately post further analysis of the data breach provisions as well as the Do Not Track Kids Act.
Continue Reading Congressional Privacy Bill: Commercial Privacy Rights Act of 2015

By Caleb Skeath

The House and Senate versions of the Consumer Privacy Bill of Rights have been released, following the release of the White House’s legislative proposal at the end of February.  We are reviewing the contents of both bills and will post an update shortly with a more in-depth
Continue Reading House and Senate Versions of “Privacy Bill of Rights” Released