Businesses that rely on standard contractual clauses (SSCs) to transfer personal data outside the European Economic Area (EEA) just got good news. The long-awaited decision from the EU Advocate General (AG) is here: SCCs are valid. The AG’s opinion, although non-binding, is significant for the case brought by Austrian privacy activist Max Schrems against Facebook,
You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).
In the two decades following the enactment of the Children’s Online Privacy Protection (COPPA) Rule, technological developments have changed the online landscape considerably. Recognizing this, the Federal Trade Commission (FTC) held a public workshop on October 7, 2019, to discuss whether, given the proliferation of smart devices, video games, online channels, and EdTech, the Rule,
The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700
Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over
The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in
After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,
The European Data Protection Board (EDPB) has weighed in on the interplay between the General Data Protection Regulation (GDPR) and the ePrivacy Directive in response to questions from the Belgian Data Protection Authority (DPA). Addressing how and when each set of rules applies to processing data, the EDPB stated that “these questions concern a matter
As expected, 2019 is shaping up to be the year for privacy reforms, including possible amendments to the 20-year old Children’s Online Privacy Protection Act (COPPA). Senators Edward Markey (D-Mass) and Josh Hawley (R-MO) have introduced legislation that would expand COPPA’s scope to offer new protections to minors age 13-15, establish new limitations on collecting
The California Consumer Privacy Act of 2018 (CCPA) gives California residents new rights and imposes new obligations on companies doing business in California, effective January 1, 2020. Keller and Heckman LLP Privacy and Security Partners Sheila Millar and Tracy Marshall have provided an overview to help businesses understand the new requirements.
Since publication of the