Category Archives: Privacy

Sealed: Three IT Companies Settle FTC Deceptive APEC Privacy Claims

By Sheila Millar and Tracy Marshall on March 1, 2017 Posted in Advertising, Privacy

If a business advertises it is a member of a privacy program, even a voluntary one, it had better be, according to the Federal Trade Commission (FTC). In separate but related complaints, the FTC alleged that three businesses – software provider Sentinel Labs Inc., private messaging app developer SpyChatter Inc., and cybersecurity software company Vir2us… Continue Reading

Smart TV Tracking Without Permission? Not So Clever

By Sheila Millar and Tracy Marshall on February 8, 2017 Posted in Privacy

Have you ever had the niggling suspicion your television was watching you? Apparently, if it was made by smart technology manufacturer VIZIO, it very well may have been. In a $2.2 million settlement with the Federal Trade Commission (FTC) and the New Jersey Attorney General, VIZIO acknowledged that it collected and sold data from 11… Continue Reading

Turn, Inc. Settles with FTC Over Deceptive Consumer Tracking

By Sheila Millar and Tracy Marshall on December 23, 2016 Posted in Privacy

In 2015, Verizon found itself in hot water over charges it was using a “super cookie” that continued to operate even when users believed they had opted out of mobile phone data tracking. Verizon allegedly then sent the data obtained to a third party for targeted advertising purposes without its customers’ consent. Verizon settled with… Continue Reading

Another State AG Weighs in on Children’s Privacy

By Sheila Millar and Tracy Marshall on October 6, 2016 Posted in Privacy

Texas Attorney General (AG) Ken Paxton announced a settlement with an app developer over concerns that the developer’s apps infringed children’s privacy. The developer, Juxta Labs, Inc., offers a range of mobile apps and games. According to the AG’s press release, the company’s apps and social media were easy for children of any age to… Continue Reading

FCC Grants TCPA Relief to Energy Utilities and Schools

By Tracy Marshall on August 5, 2016 Posted in Data Security, Privacy

On August 4, 2016, the Federal Communications Commission (FCC) released a Declaratory Ruling granting in part two separate petitions that were filed last year – one by the Edison Electric Institute and American Gas Association, and another by Blackboard, Inc. – regarding application of the Telephone Consumer Protection Act of 1991 (TCPA) to certain types… Continue Reading

Shielded: EU Approves Privacy Pact with the U.S., Fee Schedule Proposed

By Sheila Millar and Tracy Marshall on July 26, 2016 Posted in Cybersecurity, Privacy

The European Commission (EC) approved the EU–U.S. Privacy Shield on Tuesday, July 12, after European Union member states, through the Article 31 committee, approved the pact the previous week (more on the draft adequacy decision back in March here and the earlier agreement laying out the Privacy Shield here). The decision will allow U.S. companies that… Continue Reading

State Data Breach Notification Laws – Overview of Requirements for Responding to a Data Breach (Updated June 2016)

By Sheila Millar and Tracy Marshall on June 23, 2016 Posted in Data Security, Privacy, Regulations

We have updated our summary of state data breach notification laws in light of recent amendments to some of the laws since our last update in September 2015. Notably, Tennessee amended its data breach notification law, the Identity Theft Deterrence Act, effective July 1, 2016, by eliminating an encryption safe harbor and requiring that affected… Continue Reading

Supreme Court Requires Plaintiffs to Show Harm or Risk of Harm, Not Bare Procedural Violation, to Get Statutory Damages

By Sheila Millar, Douglas Behr and Tracy Marshall on June 2, 2016 Posted in Cybersecurity, Data Security, Litigation, Privacy

Joe Ravi | CC-BY-SA 3.0 Last year, we noted that the Supreme Court had granted certiorari in a case that could limit the ability of plaintiffs to sue defendants over bare statutory violations without the showing of actual injury. The case implicates a wide variety of statutes that grant monetary awards to successful plaintiffs on… Continue Reading

GDPR Publication Starts Countdown to May 2018 Compliance Date for New Privacy Rules

By Sheila Millar and Tracy Marshall on May 9, 2016 Posted in Legislation, Privacy, Regulations

The new General Data Protection Regulation (GDPR) (Regulation 2016/69, Apr. 27, 2016), approved by the European Parliament and the Council of the European Union, was formally published in the Official Journal of the European Union on May 4, 2016, and will replace the Data Protection Directive (Directive 95/46/EC) effective May 28, 2018. This new set… Continue Reading

Millar to Lead Toy Marketing Panel at CARU

By Keller and Heckman on May 9, 2016 Posted in Events, Privacy

Even as advertising to kids gets more complicated, the basic principles remain the same. This week, Children’s Advertising Review Unit (CARU), an independent self-regulatory organization within the Council of Better Business Bureaus (CBBB) which monitors children’s advertising and helps marketers vet ads and campaigns, is hosting its annual conference, “Reimagining Children’s Advertising: Getting it Right… Continue Reading

NTIA Steps into IoT Debate

By Sheila Millar and Tracy Marshall on April 21, 2016 Posted in Cybersecurity, Privacy

Continuing its tradition of active involvement in digital economy questions, the Department of Commerce’s (DOC) National Telecommunications and Information Administration (NTIA) issued a request for public comment on questions posed by the growth of the Internet of Things (IoT). The explosive growth of connected products, anticipated to reach 25 billion by 2020, is one reason… Continue Reading

Appeals Court Agrees That Health Solutions Provider’s Insurance Requires Defense in Data Disclosure Class Action

By Douglas Behr and Sheila Millar on April 13, 2016 Posted in Data Security, Litigation, Privacy

Availability of insurance is often among the first questions that arises when a company encounters a data breach or other Internet-related problem involving company records, even where the company lacks a cyberinsurance policy. The federal Fourth Circuit Court of Appeals recently affirmed a ruling by a District Court that required insurance coverage for an inadvertent… Continue Reading

FCC Adopts Broadband Privacy NPRM

By Sheila Millar and Tracy Marshall on April 1, 2016 Posted in Privacy, Regulations

At its Open Meeting yesterday, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that would apply the privacy protections in Section 222 of the Communications Act to broadband Internet Service Providers (ISPs). The text of the NPRM, which reportedly seeks public comment on more than 500 questions relating to privacy and… Continue Reading

The FCC Continues Privacy Push with Draft Proposal Regulating ISP Customers’ Data

By Sheila Millar and Tracy Marshall on March 11, 2016 Posted in Data Security, Privacy, Regulations

On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to broadband Internet access services. Wheeler’s proposal will be voted on at the… Continue Reading

FCC Settles Probe into Verizon’s Use of “Supercookies”

By Sheila Millar and Tracy Marshall on March 8, 2016 Posted in Privacy, Regulations

On March 7, 2016, the Enforcement Bureau of the Federal Communications Commission (FCC) entered into a Consent Decree with Verizon Wireless relating to the company’s use of Unique Identifier Headers (UIDH) for targeted advertising purposes. UIDH are commonly referred to as “supercookies” because they cannot be deleted. This concludes the FCC’s investigation into whether Verizon… Continue Reading

European Commission Releases Draft Text of Adequacy Decision on EU-U.S. Privacy Shield

By Sheila Millar and Tracy Marshall on March 2, 2016 Posted in Data Security, Privacy

On February 29, 2016, the European Commission’s (EC) released a much anticipated draft adequacy decision on the EU–U.S. Privacy Shield. With this and enactment of the Judicial Redress Act last week (see our post here), the European Union came yet another step closer to finalizing the agreement between the EU and the U.S. to enable… Continue Reading

Obama Signs Judicial Redress Act—Will It Move EU–U.S. Privacy Shield Forward?

By Sheila Millar and Tracy Marshall on February 26, 2016 Posted in Legislation, Privacy

President Barack Obama signed the Judicial Redress Act on Wednesday, February 24, 2016, which will eventually enable European Union citizens to seek remedies for alleged privacy violations by the federal government in U.S. courts. The Act gives the U.S. Department of Justice (DOJ) authority to designate countries or international organizations that (1) have appropriate privacy… Continue Reading

Two App Developers Agree on COPPA Settlement with FTC

By Sheila Millar and Tracy Marshall on December 18, 2015 Posted in Advertising, Privacy

Two app developers have settled complaints from the Federal Trade Commission (FTC) that they allowed third parties to collect information, including persistent identifiers, through their apps, and allowed third parties to serve advertising to children, in violation of the Children’s Online Privacy Protection Act (COPPA). The FTC’s announcement was released the same day it announced… Continue Reading

Agreement Reached on Landmark EU Data Protection Reform

By Sheila Millar and Tracy Marshall on December 18, 2015 Posted in Data Security, Privacy

On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal. The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal Justice… Continue Reading

False Advertising Contempt Suit Costs LifeLock $100 Million

By Sheila Millar and Tracy Marshall on December 17, 2015 Posted in Data Security, Litigation, Privacy

On December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and… Continue Reading

Life After the U.S.–EU Safe Harbor

By Sheila Millar and Tracy Marshall on November 3, 2015 Posted in Data Security, Privacy

We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015… Continue Reading

Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review

By Sheila Millar and Tracy Marshall on October 16, 2015 Posted in Data Security, Litigation, Privacy

The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for… Continue Reading

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

By Sheila Millar and Tracy Marshall on September 23, 2015 Posted in Data Security, Privacy

A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is… Continue Reading