New York Attorney General (AG) Letitia James has sued Dunkin’ Brands, Inc. (franchisor of Dunkin’ Donuts) over two data breaches in 2015 and 2018, accusing the company of mishandling a series of cyberattacks that together compromised more than 320,000 customer accounts.

In the complaint filed last week, AG James accused Dunkin’ of engaging in fraudulent

Effective January 1, 2019, a new Vermont law imposes data security and annual disclosure obligations on data brokerage companies (e.g., Acxiom, Experian, Epsilon). The law requires data brokers to register annually with the Vermont Attorney General and pay an annual registration fee. Data brokers must disclose annually to the State Attorney General, among other things,

At the ANA’s March ANA Advertising Law & Public Policy Conference, a panel discussed how advertisers need to be on top of who has, or is, collecting advertiser data, what are they doing with it, how to access to it, and whether (or how) to use those data assets in data-driven transactions.

As a

The UK data protection watchdog, the Information Commissioner’s Office (ICO), has published its long-awaited guidance on the factors it will take into account when considering whether to initiate enforcement action for data protection breaches and what form any such action should take. Its Data Protection Regulatory Action Policy, comes in the wake of yet another 

The UK Information Commissioner’s Office (ICO) has received 169 complaints thus far about websites failing to comply with the cookie law that came into force on May 26. Operators of UK websites were given until that date to ensure that user consent for cookies is obtained prior to access to the website being granted, although

 The European Commission has proposed a review of the 1995 Data Protection Directive in a bid to keep up with fast paced technological development in the digital world. The Commission hopes new rules will strengthen online privacy, cut down burdensome administrative costs and reinforce consumer trust online. The Commission’s proposals will be passed to European

Governments across the world are increasingly under pressure from privacy advocates and some consumers to better regulate the use of personal data on line. Under Ed Vaizey’s proposed plan announced last week, Google and Facebook and other social media networks and search engines would be required to sign up to a new code under which consumers would be able to get redress if they feel their privacy has been invaded.

The UK government is in discussions with the ICO, Information Commissioners Office, about how to develop such a code. What this will mean for advertisers using social media is as yet unclear though Ed Vaizey likened this idea to the mediation service offered by the Press Complaints Commission, which is both worrying and perhaps reassuring since the PCC is not renowned as particularly effective means of redress for consumers but is totally self regulated by the newspaper industry. Thus we might be led to assume that the search engines are being asked to run their own such self regulatory body. Given the lack of funds in the public purse one can assume this to be the case. No doubt Google will argue that it already has means for consumers to complain and seek redress. The cost of establishing and maintaining an independent body offering a complaints and mediation service would be colossal and without funding it seems unlikely this idea will take off in the immediate future.

What would it mean though for website owners and major brands?

Continue Reading An Internet Bill of Rights?