With newly proposed legislation, the House has joined the Senate in introducing bipartisan legislation making changes to the Children’s Online Privacy Protection Act (COPPA). This pending legislation, when combined with the Federal Trade Commission’s (FTC) ongoing COPPA review and workshop, foreshadows expanded COPPA protections, especially for teenagers between 13 and 15 years of age. To … Continue Reading
New York Attorney General (AG) Letitia James has sued Dunkin’ Brands, Inc. (franchisor of Dunkin’ Donuts) over two data breaches in 2015 and 2018, accusing the company of mishandling a series of cyberattacks that together compromised more than 320,000 customer accounts. In the complaint filed last week, AG James accused Dunkin’ of engaging in fraudulent practices and … Continue Reading
On January 3, the city of Los Angeles accused TWC Product and Technology, LLC (“TWC”) (an International Business Machines Corporation subsidiary) of violating millions of American consumers’ privacy. In the civil lawsuit, Los Angeles City Attorney Michael Feuer alleged TWC misled users of its Weather Channel app to turn on precise location tracking by suggesting, … Continue Reading
Late last year, the Federal Trade Commission (“FTC”) settled another enforcement action over false claims under the EU-U.S. Privacy Shield framework (the “Privacy Shield”). The FTC alleges that Ready Tech Corporation, a provider of online and instructor led training (“Ready-Tech”), falsely claimed in its privacy policy on its website that it was in the process … Continue Reading
Effective January 1, 2019, a new Vermont law imposes data security and annual disclosure obligations on data brokerage companies (e.g., Acxiom, Experian, Epsilon). The law requires data brokers to register annually with the Vermont Attorney General and pay an annual registration fee. Data brokers must disclose annually to the State Attorney General, among other things, information … Continue Reading
In enacting the Children’s Online Privacy Protection Act, Congress determined that the safeguards built into the statute should apply only to children under 13. It sought to focus the restrictions on collection and use of personal information on younger children who are particularly vulnerable to marketing tactics because of their unfamiliarity with advertising and the … Continue Reading
The Association of National Advertisers (ANA) is working with the California Chamber of Commerce and a broad range of companies and industry groups to oppose a California ballot initiative that would drastically change how consumer information is collected and shared. The California Consumer Privacy Act of 2018 would apply to almost every company that conducts … Continue Reading
A 2015 lawsuit brought by Facebook users over the company’s alleged unauthorized collection of their facial features and other facial biometric data pursuant to the Illinois Biometric Information Privacy Act (“BIPA”) is slowly moving through the courts. The BIPA requires written notice and consent for the collection of biometric identifiers or biometric information of Illinois … Continue Reading
Suparossa Restaurant Group LLP, a Chicago-based restaurant company, has been served with a class action complaint alleging that the company has violated the Illinois Biometric Information Privacy Act (“BIPA”). The BIPA is an informed consent statute that establishes standards for employers that collect and store the biometric information of Illinois citizens. The act makes it … Continue Reading
Earlier this month, the National Institute of Standards and Technology (“NIST”) issued its fifth and latest draft of its “Security and Privacy Controls for Information Systems and Organizations” guidance document. The NIST guidance document expands on previous drafts that focused on privacy and security improvements for the federal government and now provides security and privacy … Continue Reading
The Federal Trade Commission has published a new guide that seeks to make compliance with the Children’s Online Privacy Protection Act (COPPA) as easy as 1, 2, 3, 4, 5, 6. Drawing from its detailed FAQs, the FTC has developed an even more stream-lined, six-step DIY instruction manual designed for busy businesses that want a … Continue Reading
By Leah Garner and Kimberly Chow on Posted in In the Courts
A class action lawsuit was recently filed against Darden Restaurants, Inc. (“Darden”), alleging that Darden violated the Fair and Accurate Credit Transactions Act (“FACTA”). Specifically, the plaintiffs alleged that Darden, which includes Olive Garden among its restaurant chains, violated FACTA by printing the full expiration date on credit card receipts, allowing potential identity thieves to … Continue Reading
A class action filed this month alleges that car warranty company NRRM LLC used information obtained from Department of Motor Vehicles (“DMV”) records to market to consumers in violation of the Driver’s Privacy Protection Act (“DPPA”). The complaint alleges that NRRM’s third-party data suppliers provide it with personal information about drivers and their cars that … Continue Reading
Upromise found itself in front of the Federal Trade Commission answering very tough questions earlier this month. The inquiry was related to a 2012 order requiring that Upromise include disclosures about data collection practices and conduct third-party assessments about Upromise’s data security safeguards. The FTC alleged that Upromise failed to comply with the terms of … Continue Reading
The advocacy group Cause of Action has stepped in to help defend electronics maker D-Link in a suit brought by the Federal Trade Commission over the company’s purportedly insufficient protection of customers’ privacy. The FTC is targeting D-Link for making representations that its products, including wireless routers and Internet protocol cameras, feature strong security, even … Continue Reading
On October 27, 2016, the FCC adopted a new set of privacy and data security regulations applicable to “broadband service providers and other telecommunications carriers.” The rules place new restrictions on internet service providers’ (“ISPs”) ability to use and share their customers’ data. The Commission established two data classifications: (1) sensitive information, and (2) non-sensitive … Continue Reading
In 2007, Google bought online ad network DoubleClick, which uses cookies to collect and store data about Google users from their browsing history, to best place clients’ ads. This past June, Google revised its privacy policy to state that users’ activities on other sites tracked by DoubleClick “may be associated with [their] personal information.” This … Continue Reading
Last week, the Office of Management and Budget created a new dedicated position for privacy within the Office of Information and Regulatory Affairs (“OIRA”). The privacy position will streamline the United States Government’s privacy practices, including: Leading efforts to develop and implement consistent, comprehensive and forward-looking Federal privacy policies, strategies and practices across agencies; Collaborating … Continue Reading
Earlier this week, a putative class action was brought against the NBA’s Golden State Warriors concerning the team’s mobile application. According to the complaint, the free app provides an interactive experience for fans by delivering scores, news and other information relevant to the Golden State Warriors. The plaintiffs allege that the app contains certain Bluetooth beacon software … Continue Reading
Yesterday, the Electronic Privacy Information Center (“EPIC”) and the Center for Digital Democracy (“CDD”) filed a complaint with the Federal Trade Commission against WhatsApp, Inc. According to the complaint, WhatsApp posted an entry on its company blog on August 25, 2016 announcing an update to its Terms of Service and Privacy Policy. The updated Privacy … Continue Reading
On May 21, 2014, Oklahoma enacted H.B. 2372, following the trend outlined in our earlier article on the growing number of states prohibiting employers from requesting employee or applicant social media account passwords. H.B. 2372 prohibits employers from requesting or requiring the user name and password of employees' or applicants' personal social media accounts or demanding employees or applicants to access the accounts in front of the employer. The law also prohibits employers from firing, disciplining, or denying employment to employees or applicants who refuse to provide the requested information.… Continue Reading
On May 15, 2014, Maneesha Mithal, Associate Director of the Division of Privacy and Identity Protection at the Federal Trade Commission ("FTC" or "Commission") testified, on behalf of the FTC, before the U.S. Senate Committee on Homeland Security and Governmental Affairs addressing the Commission's work regarding three consumer protection issues affecting online advertising: (1) privacy, (2) malware and (3) data security. Below is a summary of the Commission's testimony regarding these three key areas and the Commission's advice for additional steps to protect consumers.… Continue Reading
States continue to focus their investigation and enforcement efforts on privacy issues, with no sign that the focus will shift anytime soon. The most recent example is a $17 million settlement between 37 states (and D.C.) and Google related to Google’s use of tracking cookies on Safari browsers. For more information about this case and … Continue Reading
Sci-fi fans will be familiar with the interactive ads featured in the world of the film Minority Report, starring Tom Cruise, where upon entering a shopping mall, shoppers’ eyes were scanned to allow the shops to specifically target ads based on a particular shopper’s previous habits, e.g. "Good afternoon, Mr. Yakamoto. How did you like … Continue Reading
