privacy policies

Regulators and courts in the EU are increasingly vigilant in relation to privacy practices and policies of large online companies.  In recent years and months, the pressure increases not only through privacy-specific regulations and enforcement, but also through the application of consumer legislation.  As the below examples from France and Germany show, some courts or regulators assess privacy practices and policies against the rules on unfair or abusive trade practices — in some countries, the legislator is even proposing new laws to that end.  This is a worrying trend, as it could trigger the application of an additional set of rules to privacy policies, and implies that EU consumer protection authorities may acquire competence in relation to online privacy policies, in addition to the EU data protection regulators.


Continue Reading European Consumer Legislation and Online Privacy Policies: Opening Pandora’s Box?

Following the Guardian’s recent exposé on Whisper’s consumer-privacy practices, alleging that the social-media app that supposedly allows people “to anonymously share [their] thoughts with the world . . . in a community built around trust and honesty,” in fact tracks the geolocation of users who opted out of such data collection, Chairman of the Senate

Last weekend at South by Southwest (“SXSW”) Interactive, a panel promoted the notion that it is in fact possible to harmonize innovation with kids’ privacy in the app space, but that doing so involves “a lot of work.”  In particular, the panel suggested that it takes a conscious desire on the part of app developers to create brands and interfaces that build in transparency, with the specific purpose of inspiring parent trust.  The panel featured Lorraine Akemann, Co-Founder of Moms with Apps; Elana Zeide, Privacy Research Fellow at New York University’s Information Law Institute; and moderator Sara Kloek, Director of Outreach at the Association for Competitive Technology.  It was one of the few privacy events at SXSW Interactive focused on children.

Continue Reading Covington at #SXSW: Can Innovation and Kids’ Privacy Coexist?

On January 8, 2014, the French data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), announced that it was imposing a fine of €150,000 on Google, as well as a requirement that Google, within eight days of the decision, publicize the fine on its own website (at www.google.fr) for a period

Yesterday the FTC released its annual report of consumer complaints, highlighting identity theft as the leading category of complaints, with 18% of the total.  The 2012 report analyzes complaints received by the FTC, certain other federal agencies, state law enforcement agencies, and non-governmental organizations such as the Better Business Bureau.  After identity theft, consumers filed the

California Attorney General Kamala Harris has made good on her promise to get tough with mobile app makers that fail to provide privacy policies in their apps.  Yesterday, her office sued Delta Airlines for violating the California Online Privacy Protection Act (“CalOPPA”), which requires providers of websites and “online services” to conspicuously post privacy policies

On Thursday, the Federal Trade Commission (“FTC”) hosted a workshop to explore the practices and privacy implications of comprehensive data collection. The event gathered consumer protection groups, academics, privacy professionals, and business and industry representatives to examine the current state of comprehensive data collection, its risks and potential benefits, and what the future holds for consumers and their choices.

In her opening remarks, FTC Commissioner Julie Brill indicated the agency was open to revising its consumer privacy framework if comprehensive data collection warranted heightened restrictions or enhanced consent to protect and inform users: “We know that comprehensive data collection allows for greater personalization and other benefits, but there may be other contexts in which it does not lead to desirable results.”

The workshop was one of five main action items adopted by the FTC as part of its March 2012 report, Protecting Consumer Privacy In an Era of Rapid Change.  In the report, the commission told companies that consent was not required for the collection and use of information that was consistent with a particular transaction or the company’s relationship with the consumer. But the agency said it needed more information to determine how this principle applied to technologies that could capture large amounts of consumer information, such as deep packet inspection (DPI).

Continue Reading FTC Hosts Workshop to Examine Comprehensive Data Collection