Opt-Out

At its December 8 board meeting, the California Privacy Protection Agency (“CPPA”) voted to advance a legislative proposal that would require vendors of web browsers to include a feature that would allow consumers to exercise data subject rights through opt-out preference signals.  Regulations promulgated under the California Consumer Privacy Act, as amended by the California

The California Privacy Protection Agency (“CPPA”) held two informational hearings on March 29, 2022 and March 30, 2022, in anticipation of its upcoming rulemaking later this year.  While the CPPA Board was present throughout the hearings, its members did not present any views as part of the program.  The speakers covered the following topics of note:
Continue Reading California Privacy Protection Agency Holds Informational Hearings

On April 24, 2018, Senators Amy Klobuchar (D-MN) and John Kennedy (R-LA) introduced the Social Media Privacy and Consumer Rights Act of 2018.  The bill aims to protect consumers’ online data by increasing the transparency of data collection and tracking practices, and requiring companies to notify consumers of a privacy violation within 72 hours.

“Our bill gives consumers more control over their private data, requires user agreements to be written in plain English and requires companies to notify users of privacy violations,” Senator Kennedy explained. “These are just simple steps that online platforms should have implemented in the first place.”

Other features of the legislation include providing consumers a right of access to see what information about them has been collected and used, allowing consumers to opt out of data collection and tracking, and requiring online platforms to have a privacy program in place.  Senator Klobuchar explained that “[c]onsumers should have the right to control their personal data and that means allowing them to opt out of having their data collected and tracked and alerting them within 72 hours when a privacy violation occurs and their personal information may be compromised.” 
Continue Reading Senators Klobuchar and Kennedy Introduce Privacy Legislation

By Alyson Sandler

On April 10, Senators Richard Blumenthal (D-CT) and Ed Markey (D-MA) introduced new privacy legislation titled the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act.  In a statement published on his website, Senator Markey referred to the legislation as a “privacy bill of rights” and explained that “[t]he avalanche of privacy violations by Facebook and other online companies has reached a critical threshold, and we need legislation that makes consent the law of the land.”

The CONSENT Act directs the Federal Trade Commission (FTC) to “establish privacy protections for customers of online edge providers.”  These protections include requiring edge providers to notify customers about the collection and use of “sensitive customer proprietary information,” which the Act defines to include, among other things, financial and health information, the content of communications, and web browsing and application usage history.  Customers must also be notified about the types of sensitive customer proprietary information that the edge provider collects, how the information will be used and shared, and the types of entities the edge provider will share the information with.

The centerpiece of the CONSENT Act is its “opt-in” requirement for edge providers to obtain consent from customers for the use of “sensitive information.”  This differs from the model currently employed by most online companies, under which customers may opt out of data collection.  The Act also prohibits an edge provider from refusing to serve customers who do not consent to the use and sharing of their sensitive proprietary information for commercial purposes.
Continue Reading Senate Democrats Propose CONSENT Act

Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would  create new online privacy requirements.  The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of their privacy policies, obtain opt-in consent for sensitive data, and opt-out consent for non-sensitive data.  In its current form, the BROWSER Act would define sensitive data more broadly than in existing FTC guidelines—mirroring the since-repealed privacy rules that the FCC adopted last year for ISPs, but applying those standards to ISPs and edge providers alike.

The BROWSER Act defines “sensitive user information” to include financial information, health information, children’s data, social security numbers, precise geo-location information, contents of communications, and, most notably, web browsing or app usage histories.  ISPs and edge providers must obtain “opt-in approval” from users prior to using, disclosing, or permitting access to such sensitive information.  For “non-sensitive user information,” the BROWSER Act requires opt-out consent.  And companies may not condition the provision of services, or otherwise refuse services, based on the waiver of privacy rights under the BROWSER Act.
Continue Reading New Republican Privacy Bill Would Expand Scope of “Sensitive” Data

The FCC recently agreed to grant limited waivers for violations of its “opt out notice” rule for solicited faxes (i.e., faxes sent with the recipient’s prior express invitation or permission).  That rule requires that senders of faxes include opt-out notices on fax transmissions that contain advertisements or promotions.  The FCC initially promulgated its opt-out notice

The Federal Communications Commission has ruled that companies may send a one-time text message to confirm that a subscriber has opted out of receiving text messages without violating the Telephone Consumer Protection Act (TCPA).  In the FCC’s view, if a consumer has consented to receiving text messages and subsequently opts out, the consumer’s prior express

In the face of calls by the FTC for improved mobile privacy protections, as well as interest by members of Congress, mobile advertising companies are actively working on privacy initiatives.  Yesterday, a group of companies in the mobile advertising industry announced that they are working to create an industry standard for anonymous mobile device identification. 

Today, the Federal Communications Commission adopted new rules that strengthen its restrictions on autodialed or prerecorded telemarketing calls.  The FCC billed the new rules as an effort to maintain consistency with the Federal Trade Commission’s telemarketing sales rule, which also governs telemarketing calls, and to give consumers control over the calls that they receive.

Under