San Francisco’s public transportation agency and the creator of the agency’s suspicious activity reporting smart phone application have been accused of illegally collecting, tracking, and storing users’ personal information and location data without their consent, in violation of California statutory and constitutional protections. A putative class action complaint, which was filed this week in a … Continue Reading
CarSure, LLC, a Texas-based aftermarket automotive warranty seller, faces a lawsuit brought by a group of Wisconsin car owners who claim that the company violated the Driver’s Privacy Protection Act (“DPPA”) by purchasing the motor vehicle records of Wisconsin car owners from third-party data suppliers. According to the suit, CarSure purchased data from a third-party … Continue Reading
A recent class action lawsuit is alleging that cell phone manufacturer Blu Products, Inc. (“Blu”) and firmware providers Shanghai Adups Technology Co., Ltd. and Adups USA LLC (“Adups”) violated several federal privacy laws by selling cell phones containing firmware that collected user’s sensitive personal information and transmitted that information to servers in China. This complaint … Continue Reading
Michigan Attorney General Bill Schuette filed a brief this week intervening in a federal lawsuit between a subscriber of Consumer Reports magazine and publisher Consumers Union of the United States (“Consumers Union”) to defend the constitutionality of the Michigan Preservation of Personal Privacy Act. The Act prohibits businesses “engaged in the business of selling at … Continue Reading
Data breaches are increasingly posing massive risks to brands. On Tuesday, September 16 at 1:00 p.m. EDT, Mark Melodia, head of our firm's Global Data Security, Privacy & Management Group will be presenting a webinar, hosted by the ANA, to discuss strategies companies must implement to mitigate risk and damage to brands. He will examine the crucial ways for brands to work effectively with outside counsel - from initial indications and preparedness to litigation, reporting and resolution. Mark also will touch upon effective management of external support vendors to maintain privilege and confidentiality and, as appropriate, how to interface with law enforcement (including the FTC), state attorneys general and others.… Continue Reading
There has been a proliferation of wearable devices hitting the market, such as Google Glass, Fitbit and others, all with the ability to collect data and track behavior. These "wearables" have begun to receive some scrutiny by senators and regulators, including New York's senior senator Chuck Schumer, who recently urged the FTC to push fitness device and app companies to provide users with a clear opportunity to "opt-out", since personal information may be potentially sold to third parties without the users' knowledge or consent. For additional information on this story, please read the latest post on our firm's Global Regulatory Enforcement Law Blog.… Continue Reading
Last month, Snapchat reached a settlement with the Maryland Attorney General over alleged deceptive trade practices regarding Snapchat's marketing claims that user "snaps" disappear forever. In addition, the Attorney General alleged that Snapchat had violated the Children's Online Privacy Protection Act (COPPA). This settlement follows a similar settlement between Snapchat and the Federal Trade Commission, which we reported on previously.
After announcing the settlement, Attorney General Douglas F. Gansler said that "despite Snapchat's marketing claims to the contrary, no company can fully prevent content you send to someone else from being copied, shared or posted online[.]" Attorney General Gansler went on to state that companies operating online or through mobile devices have a responsibility to safeguard user privacy and to be transparent about the information they collect. According to Attorney General Gansler, Snapchat misrepresented to consumers that pictures and video messages sent using the Snapchat mobile application are only viewable temporarily, when in fact they can be captured by the recipient for future viewing or circulation. As a result of these representations, some Snapchat mobile application users may have sent pictures or video messages they would not have sent were these risks adequately disclosed. The Attorney General further alleged that Snapchat secretly collected information from users' contact lists without their consent, and that Snapchat failed to comply with COPPA by knowingly collecting the personal information of children under the age of 13 without verifiable parental consent.… Continue Reading
The FTC released its report "Data Brokers: A Call for Transparency and Accountability", which calls for more transparency and accountability from the companies that collect, resell or share consumers' personal information, generally known as data brokers. While the report mentions some of the benefits of these companies, it strongly emphasizes their associated risks, noting that data brokers often store delicate consumer information, potentially exposing consumers to fraud, theft, and other types of consumer harm. One of the FTC's key findings was that consumers have little access or control over their information once it is provided to data brokers, sparking a call for legislative action for increased transparency and accountability. For more information on this issue, please read the latest post on our Global Regulatory Enforcement blog.… Continue Reading
On May 13, the Court of Justice of the European Union delivered a groundbreaking ruling on the so-called "right to be forgotten" and the territorial application of the Data Protection Directive 95/46/EC. The Court ruled on key issues under what circumstances search engines must block certain information in the search results of the name of an individual.… Continue Reading
Last Thursday, the Federal Trade Commission (FTC) announced that messaging app Snapchat agreed to settle charges that it deceived consumers with promises about the disappearing nature of messages sent through the app. The FTC case also alleged that the company deceived consumers over the amount of personal data the app collected, and the security measures taken to protect that data from misuse and unauthorized disclosure. The case alleged that Snapchat's failure to secure its Find Friends feature resulted in a security breach that enabled attackers to compile a database of 4.6 million Snapchat usernames and phone numbers.… Continue Reading
Please join us for a teleseminar this Wednesday, April 23 at 12 Noon ET on what you need to know about the Heartbleed security bug, presented by Khurram Nasir Gore and Timothy J. Nagle of Reed Smith's Data Privacy, Security, and Management group, and leading internet security company, IID.
Date and Time:
Wednesday, April 23, 2014
12:00 p.m. ET / 11:00 a.m. CT / 9:00 a.m. PT
Rod Rasmussen, President and Chief Technology Officer, IID
Khurram Nasir Gore, Reed Smith LLP, New York
Timothy J. Nagle, Reed Smith LLP, Washington, D.C.
On April 7, 2014, the Heartbleed bug came to light as a massive blow to the security of the Internet, and all things connected. The Heartbleed bug is not a virus, but a security vulnerability caused by an error in the software writing of OpenSSL, an open-source implementation of the SSL and TLS protocols. Preliminary analyses indicate that up to two-thirds of all web servers were exposed to this security vulnerability. While the first response clearly should be to update all affected corporate systems, corporate counsel and information security officers will also have an opportunity to step back and consider the sufficiency of their incident-response procedures and configuration-management processes.… Continue Reading
We invite you to participate in a webinar hosted by the Association of National Advertisers (ANA) along with Timothy J. Nagle and Christine Nielsen Czuprynski of Reed Smith's Data Security, Privacy & Management Group, titled Navigating the TCPA Minefield, on Tuesday, January 14, 2014 at 1 p.m. EST. The session will provide participants a valuable update on the Telephone Consumer Protection Act and what marketers need to know when distributing text message promotions.
Among the topics that will be discussed are:
- The current state of the TCPA
- Recommendations for conducting compliant text messaging campaigns
- Best practices for avoiding class action scrutiny
This session is part of a new webinar series hosted by the ANA's Government Relations group, focusing on current legal and regulatory issues affecting the marketing and advertising community. For additional information, visit the ANA Webinars page at http://www.ana.net/webinars/index.… Continue Reading
California is once again seeking to set the trend in privacy legislation, having recently passed three bills related to data privacy. One of those bills, AB 370, would mandate operators of websites and mobile apps to include disclosures in their privacy policies on how they respond to “do not track” signals or other consumer choice … Continue Reading
Back in June, FTC Commissioner Julie Brill unveiled an initiative called, "Reclaim Your Name" at the Computer Freedom and Privacy Conference. Her proposed initiative is directed to the big data industry and calls on data brokers to give consumers more control over their personal data. According to Commissioner Brill, Reclaim Your Name would "empower the consumer to find out how brokers are collecting and using data; give her access to information that data brokers have amassed about her; allow her to opt-out if she learns a data broker is selling her information for marketing purposes; and provide her the opportunity to correct errors in information used for substantive decisions - like credit, insurance, employment, and other benefits."
Commissioner Brill followed up her remarks at the Conference with an op-ed piece in the Washington Post earlier this month, again demanding transparency from data brokers. In her op-ed, Commissioner Brill likened the efforts of data brokers who collect data on surfing habits and app usage to the type of information the NSA was collecting. She also opined that "personal data could be -- and probably are -- used by firms making decisions that aren't regulated by the FCRA but still affect users' lives profoundly" and that these decisions include whether consumers are too risky to do business with or aren't right for certain clubs, dating services, schools or other programs.… Continue Reading
The Digital Advertising Alliance ("DAA"), a self-regulatory group that represents marketing and media organizations, released new guidance this week for advertisers in the mobile space. Entitled "Application of Self-Regulatory Principles to the Mobile Environment," the guidance builds on well-known principles such as notice (or transparency) and choice (or control), and tailors them to the unique challenges that face the mobile environment.… Continue Reading
Earlier this week, FTC Chairwoman Edith Ramirez spoke to members of the ad industry, urging them to provide “effective and meaningful privacy protection” to consumers with respect to online tracking. Chairwoman Ramirez’s position reportedly surprised, and even frustrated, some attendees by implying that the Digital Advertising Alliance’s self-regulatory program does not do enough in the … Continue Reading
On February 15, Chris Olsen of the FTC’s Division of Privacy and Identity Protection spoke at the National Telecommunications and Information Administration (NTIA) stakeholders’ meeting in Washington, D.C. to address its recently released Mobile Privacy Disclosures Guidance. For a full list of the meeting’s highlights, please read the latest post on our sister blog, Global … Continue Reading
On February 1, the FTC announced its largest settlement to date with a mobile app developer – an $800,000 penalty – in conjunction with the release of guidance on mobile app best practices for app platforms, app developers, third parties and app trade associations. The guidance document and the enforcement action together demonstrate the need … Continue Reading
FTC Chairman Leibowitz has followed though on his commitment to finalize the new COPPA rule by the end of the year. Earlier today, at a press conference, the Chairman, alongside Senator Jay Rockefeller, announced the agency’s update to the rule. The new rule expands the application of the rule to new categories of “personal information” … Continue Reading
Apparently, a lot of people want to know, according to the Federal Trade Commission Chairman Jon Leibowitz and Jeff Chester, Executive Director of the Center for Digital Democracy. To learn more why, read our Global Regulatory Enforcement Law Blog covering the latest complaint filed against a mobile game-maker for alleged COPPA violations.… Continue Reading
One is hard-pressed to think of something more important than protecting the privacy of our children. Front and center in this debate is how such privacy concerns need to be addressed in mobile platforms like smartphones. As the saying goes, "There's an app for that", and such is certainly true in offerings directed to children. The Federal Trade Commission has now issued its second staff report on the privacy practices of mobile apps for children, "Mobile Apps for Kids: Disclosures Still Not Making the Grade."… Continue Reading
David Vladeck, FTC Director of the Bureau of Consumer Protection, made comments Tuesday, citing the U.S. District Court's approval of a $22.5 million civil fine against Google for violating a consent order as "a clear victory for consumers and privacy," and demonstrating that the Commission "will continue to ensure that its orders are obeyed, and that consumers' privacy is protected." The consent order settled charges that Google misrepresented privacy assurances to users of Apple's Safari Internet browser in violation of a previous FTC settlement Order.… Continue Reading
Earlier this year, we analyzed some privacy considerations with a class action lawsuit against Facebook accusing the social media giant of violating the rights of users through its "Sponsored Stories" advertising program. Per the Complaint, Facebook would not only display such ads, but would also use the "names, photographs, likenesses, and identities" of Facebook users to help promote the product to friends of those users. The Complaint alleged that a user would be associated with a product by choosing to click a "Like" button, and would then be automatically associated with the corresponding ad campaign, without compensation and allegedly without the user's consent.… Continue Reading
The issue of data collection is an important one in online privacy, particularly as it applies to ad networks. This issue is especially contentious in the context of Do Not Track mechanisms. A number of browsers - such as Safari, Internet Explorer, and Firefox - have mechanisms that permit consumers to instruct websites not to track their activities across the web. The FTC has said on numerous occasions, though, that an effective Do Not Track system should go beyond opting consumers out of receiving targeted advertisements; it should opt them out of the collection of behavioral data for all purposes, unless the purpose is consistent with the context of the interaction (e.g., to prevent click-fraud). Such sentiments were expressed in the FTC's Privacy Report, as well as its testimony before Congress.… Continue Reading