Archives: United States

Subscribe to United States RSS Feed

Commerce Releases Fact Sheet on the EU-U.S. Privacy Shield

As we reported yesterday, the United States and the European Commission have reached a political agreement on a new framework for transatlantic data flows, referred to as the EU-U.S. Privacy Shield.  The U.S. Department of Commerce (“Commerce”) released a fact sheet yesterday to coincide with the announcement of the agreement. The fact sheet includes a … Continue Reading

Article 29 Working Party Reacts to the U.S.-EU Privacy Shield Agreement

On February 3rd, the Article 29 Working Party, representing Europe’s data protection authorities, published its reaction to the announcement of a new “Privacy Shield” political agreement between the European Commission and the U.S. Government.  The Privacy Shield agreement, announced on February 2nd (and further described in our blog post here), is intended to replace the … Continue Reading

Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

By Dan Cooper, Phil Bradley-Schmieg and Joseph Jones Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union … Continue Reading

Judge Denies Neiman’s Motion to Dismiss Data Breach Class Action

A federal judge in the Northern District of Illinois has denied Neiman Marcus Group LLC’s (“Neiman”) motion to dismiss a consumer class action lawsuit arising from a December 2013 data breach at the retailer that exposed about 350,000 credit cards.  As we previously reported, the plaintiffs sued Neiman alleging various claims arising from fraudulent charges … Continue Reading

Senate Committee Passes Judicial Redress Act, May Assist Safe Harbor Negotiations

The Senate Judiciary Committee today successfully reported H.R. 1428, the Judicial Redress Act of 2015.  However, the bill included an amendment to the House-passed version that has the potential to influence current negotiations between the United States and the European Union to reach a new Safe Harbor agreement. As we previously reported, the Judicial Redress … Continue Reading

Senators Introduce Bill Requiring Cybersecurity Expertise Reports to SEC

On December 17, 2015, Senators Reed (D-RI) and Collins (R-ME) introduced the Cybersecurity Disclosure Act of 2015 (S. 2410), which has been referred to the Committee on Banking, Housing, and Urban Affairs.  According to the press release accompanying the bill, it “seeks to strengthen and prioritize cybersecurity at publicly traded companies by encouraging the disclosure … Continue Reading

HHS Issues Final Rule on HIPAA and Firearm Background Check Reporting

On January 6, as part of President Obama’s executive action to combat gun violence, HHS promulgated a final regulation modifying the HIPAA Privacy Rule to allow certain HIPAA covered entities to disclose limited information to the National Instant Criminal Background Check System (NICS).  We previously discussed the proposed rule here. Background:  The NICS, maintained by … Continue Reading

Scope of Preemption in Proposed Data Security Legislation is Uncertain

According to a recent analysis by the Congressional Research Service (“CRS”), the extent of state law preemption in recent federal legislative proposals relating to data security is unclear.  Several bills introduced in the 114th Congress would impose federal data security or breach notification requirements on covered entities, similar to existing requirements in nearly every state. … Continue Reading

FTC Releases Agenda for First-Ever PrivacyCon

On Tuesday, the FTC announced the agenda for PrivacyCon, which is being billed as a “first-of-its-kind event” that will facilitate discussions between researchers and academics about privacy and security.  The FTC also released abstracts for the research that will be presented at the conference, scheduled for January 14.  PrivacyCon follows a call from the FTC … Continue Reading

FTC Issues Policy Statement on Native Advertising

By Megan Rodgers The Federal Trade Commission today issued an Enforcement Policy Statement on Deceptively Formatted Advertisements.  The Policy Statement addresses occasions in which certain media outlets blur the traditional line between advertisements and editorial content, and seeks to clarify advertisers’ and publishers’ obligations regarding native advertising and social media. Native advertisements can take a … Continue Reading

Oracle Settles FTC Deception Charges

Yesterday, the FTC announced that Oracle has agreed to settle the Commission’s charges that it deceived consumers about the security provided by updates to its Java Platform, Standard Edition software (“Java SE”).  According to the FTC’s complaint, Oracle allegedly failed to adequately disclose that updating Java SE would not remove certain older iterations of the … Continue Reading

Congress Passes the Cybersecurity Act of 2015

The Cybersecurity Act of 2015 (the “Act”) was passed by Congress today as part of the 2016 omnibus spending package.  The Act is very similar to the Cybersecurity Information Sharing Act (“CISA,” S. 754), which passed the Senate on October 27 and was the subject of our previous analysis, although there are some important differences … Continue Reading

FTC Settles COPPA Charges With Two App Developers

Two app developers, LAI Systems, LLC and Retro Dreamer, have settled charges with the Federal Trade Commission (FTC) alleging that the companies shared children’s personal information with third-party advertising networks in violation of the Children’s Online Privacy Protection Act (COPPA) Rule. These cases are the first in which the FTC alleged that companies allowed ad … Continue Reading

FTC Obtains Record $100 Million Settlement with LifeLock

By Megan Rodgers The FTC announced that the identity theft protection firm LifeLock will pay $100 million to resolve allegations that the company made false statements about its services and failed to safeguard consumer data.  This settlement represents the largest of its kind in an FTC order enforcement action. The FTC first sued LifeLock in … Continue Reading

Wyndham Settles FTC Charges

Wyndham Hotels and Resorts has agreed to settle the FTC’s charges that its corporate data security practices were deficient under the unfairness prong of Section 5 of the FTC Act.  Assuming the district court approves the proposed stipulated consent order, this concludes the litigation between Wyndham and the FTC.  Under the terms of the twenty-year … Continue Reading

Senators Introduce Online Terrorist Activity Reporting Bill

Senators Feinstein (D-CA) and Burr (R-NC) introduced legislation today that would impose reporting duties on entities that “obtain[] actual knowledge of any terrorist activity.”  The bill applies to entities “engaged in providing an electronic communication service or a remote computing service to the public,” which includes social media companies.  Those entities are required to report … Continue Reading

FTC Appeals Dismissal of Data Security Complaint Against LabMD

Last Wednesday, the FTC took the next step in its ongoing Section 5 enforcement proceedings against LabMD, filing a formal notice seeking an appeal of Administrative Law Judge Chappell’s initial decision before the full Commission.  Judge Chappell’s initial decision, announced on November 13, dismissed the FTC’s complaint against LabMD, finding that the FTC failed to … Continue Reading

FTC Approves New “Selfie” Verifiable Parental Consent Mechanism Under COPPA 

Under the Children’s Online Privacy Protection Act (COPPA), operators of certain websites, mobile applications, and other online services must provide parents notice and obtain verifiable parental consent before collecting, using, or disclosing personal information from children under the age of 13 online.  The FTC has approved a new facial-recognition based method to comply with COPPA, … Continue Reading

FTC Hosts Cross-Device Tracking Workshop

The FTC’s cross-device tracking workshop on Monday focused on the benefits and challenges of cross-device tracking.  FTC Chairwoman Edith Ramirez emphasized that regardless of the specific technology employed, companies should continue working to address issues of transparency, notice, and choice in this area.  She also highlighted the self-regulatory efforts of the advertising industry on cross-device … Continue Reading

Administrative Law Judge Dismisses FTC’s LabMD Complaint, Finding Insufficient Evidence of “Substantial Injury” to Consumers

On Friday, November 13, Federal Trade Commission (FTC) Chief Administrative Law Judge Chappell issued an Initial Decision dismissing the FTC’s complaint against LabMD, on the ground that the Commission’s staff had failed to carry its burden of demonstrating a “likely substantial injury” to consumers resulting from LabMD’s allegedly “unfair” data security practices. While Judge Chappell’s … Continue Reading

Third Circuit Resurrects State Law Claims Against Google in Safari Cookie Tracking Lawsuit

Last week, the Third Circuit revived a multi-district privacy lawsuit against Google, finding that the trial court erred in dismissing the plaintiffs’ privacy claims under California state law.  The case centers around the plaintiffs’ allegations that Google violated state and federal law by circumventing the Safari browser’s default “cookie blocker” settings to track users’ online … Continue Reading

FCC Says It Will Not Require Websites to Honor ‘Do Not Track’

Last Friday, the Federal Communications Commission (“FCC”) rejected a petition from consumer advocates asking the FCC to extend its Open Internet Order by requiring edge providers such as Facebook and Amazon to follow the privacy regulations of Section 222 and to require those edge providers to honor “Do Not Track” requests from consumers.  The FCC … Continue Reading

A Closer Look at CISA’s Cybersecurity Information-Sharing Provisions

As we reported on October 27, the U.S. Senate passed the Cybersecurity Information Sharing Act (“CISA,” S. 754).  If enacted into law, CISA would, among other things, establish a voluntary framework for the sharing of cybersecurity threat information between and among the federal government and private entities.  CISA must now be reconciled with two similar … Continue Reading
LexBlog