Archives: Online Privacy

CPRA Rulemaking Begins with an Invitation by the New California Privacy Protection Agency

By Justin Yedor, Stanton Burke, and Jeewon K. Serrato For businesses awaiting guidance on how to comply with the California Privacy Rights Act (the “CPRA”), the new California Privacy Protection Agency (“CPPA”) began the rulemaking process on September 22, 2021 with an Invitation for Preliminary Comments on Proposed Rulemaking (the “Invitation for Comment”). In the … Continue Reading

Privacy Shield Update: Commission Report, Ombudsperson Deadline, Brexit Guidance

By Melinda L. McLellan, Emily R. Fedeles and Kyle R. Fath on January 2, 2019 Posted in EU-U.S. Privacy Shield Framework, International Privacy Law, Online Privacy, Privacy Litigation

The end of 2018 saw heightened activity surrounding the EU-U.S. Privacy Shield Framework. This blog post provides a news roundup on the following developments: • The European Commission’s (the “Commission”) December 19th report (the “Report”) summarizing the second annual joint review that was held in October 2018. • The Report’s February 28, 2019 deadline for … Continue Reading

New FTC Provides Insights Into Its Plan for a Balanced Approach to Data Privacy and Security

By Alan L. Friel, John Busch and Carolina Alonso on December 19, 2018 Posted in Federal Legislation, GDPR, Online Privacy

This year brought unprecedented focus on consumer privacy – the rollout of the European Union General Data Protection Regulation (GDPR), the Cambridge Analytica controversy and Congressional hearings, a GDPR-light law coming out of California, more and bigger security incidents, and multiple proposals for an omnibus federal data protection law. The Federal Trade Commission (FTC or … Continue Reading

Cookies and Consent Under the EU GDPR

By David M. Brown on November 29, 2018 Posted in Enforcement, GDPR, Online Privacy

According to a recent story published by The Register, the U.K. data privacy watchdog, the Information Commissioner’s Office (ICO) has issued a warning to the U.S.-based newspaper The Washington Post (WaPo) about obtaining consent under the EU General Data Protection Regulation (GDPR) and allowing its readers to switch off tracking and cookies. Article 6(1) of … Continue Reading

California Passes Law Protecting Consumers’ Online Privacy

By Alan L. Friel and Niloufar Massachi on June 29, 2018 Posted in Online Privacy

On June 28, 2018, California lawmakers passed Assembly Bill 375 and Gov. Jerry Brown signed it into law as the California Consumer Privacy Act of 2018, a privacy law that grants consumers a range of rights with respect to their personal information online. This marks the advent of a new era of consumer privacy protection … Continue Reading

California Legislative Effort to Avert Privacy Ballot Initiative a Race Against the Clock

By Alan L. Friel and Niloufar Massachi on June 26, 2018 Posted in Advertising, Behavioral Advertising, Online Privacy, Retail Industry, State Legislation

On Thursday, June 22, 2018, a previously dead California Assembly bill, AB 375, was revised as a proposed alternative to the ballot initiative known as the California Consumer Privacy Act of 2018 (CCPA),[1] which is expected to be on the November ballot. It was read a third time and amended on June 25 and re-referred to … Continue Reading

California Legislature Working Feverishly To Avert Privacy Ballot Initiative

By Alan L. Friel on June 22, 2018 Posted in Advertising, Behavioral Advertising, Online Privacy, Retail Industry, State Legislation

We have previously reported a ballot initiative known as the California Consumer Privacy Act of 2018 (“CCPA”), that is expected to be on the November ballot. If passed, it would make sweeping changes to consumer privacy protection rights for Californians, likely creating a new national standard. On June 21st, the California Assembly amended AB- 375, … Continue Reading

The Weekly Privacy Rewind

By John Busch and Aaron Lancaster on June 5, 2018 Posted in Data Breaches, GDPR, Online Privacy, Privacy Class Actions, State Legislation

Canada Canadian Banks Notify 90,000 Following Breach • Bank of Montreal and Canadian Imperial Bank of Commerce announced that they were contacted by hackers and informed that nearly 90,000 customers’ personal information was accessed. • The banks will notify customers of the breach and indicate they believe they have fixed the vulnerabilities that led to … Continue Reading

U.S. Senate Duo and California Ballot Initiative Propose to Radically Alter U.S. Consumer Internet Privacy and Upend Digital Advertising

By Alan L. Friel and Njeri Chasseau on April 19, 2018 Posted in Advertising, Internet of Things, Online Privacy

Amid growing concerns over the improper use of user information and data breaches, and in the same week as the Senate examines the Cambridge Analytica controversy, a duo of U.S. senators who have long advocated for federal consumer privacy legislation seized the moment to propose a bill that would give the Federal Trade Commission (FTC … Continue Reading

The Video Privacy Protection Act: Watching the Courts Through Crossed Eyes

By Carolina Alonso, Alan L. Friel and Niloufar Massachi on March 7, 2018 Posted in Advertising, Behavioral Advertising, Children’s Privacy, Geolocation, Information Governance, Information Security, Marketing, Online Privacy, Privacy Class Actions

The Video Privacy Protection Act (VPPA), passed by Congress in 1988, is intended to prevent a “video tape service provider” from “knowingly” disclosing an individual’s “personally identifiable information” (PII) to third parties where that individual “requested or obtained … video materials,” such as “prerecorded video cassette tapes or similar audio visual materials.” At the time … Continue Reading

From the Mouths of Babes: FTC Issues COPPA Enforcement Policy Regarding Voice Recordings

By Carolina Alonso, Alan L. Friel and Melinda L. McLellan on November 7, 2017 Posted in Children’s Privacy, Enforcement, Internet of Things, Online Privacy

On October 23, the Federal Trade Commission (FTC) released new guidance on how the Children’s Online Privacy Protection Act (COPPA) Rule may apply to audio recordings of children’s voices collected by websites and online services. Reflecting the FTC’s recent focus on privacy and security concerns related to the Internet of Things (IoT), the nonbinding Enforcement … Continue Reading

Deception and Unfair Practices Come Preinstalled

By Benjamin Barnes and Alan L. Friel on October 23, 2017 Posted in Internet of Things, Online Privacy

Lenovo, a manufacturer of personal computers, recently agreed, among other things, to implement a software security program in a settlement with the Federal Trade Commission (FTC) over issues with third-party software preinstalled on some laptops. The software was later found to have significant security vulnerabilities that put consumers’ personal information at risk. The software created … Continue Reading

Nevada Enacts Online Privacy Policy Law; Illinois ‘Right to Know’ Bill Carried Over

By David Kitchen, Alan L. Friel and Melinda L. McLellan on July 25, 2017 Posted in Enforcement, Online Privacy, State Legislation

Nevada recently became the latest state to pass a law requiring operators of websites and online services to post a public notice regarding their privacy practices. California was the first state to pass such a law in 2004, and Delaware enacted a similar law effective January 1, 2016. Similar to its predecessors, the new Nevada … Continue Reading

Be Compromise Ready: Go Back to the Basics

By Theodore J. Kobus III and Craig A. Hoffman on April 13, 2017 Posted in Cybersecurity, Mobile Privacy, Online Privacy, Ransomware

We are excited to release our third annual BakerHostetler Data Security Incident Response Report. This report analyzes the more than 450 data security incidents we led clients through in 2016. Companies continued to experience incidents at a record pace, and we expect this will continue through 2017. We have received more calls to our breach … Continue Reading

FTC Nets $500,000 Settlement for Alleged Consent Order Violation Related to Online Data Collection Practices

By Melinda L. McLellan and Kathryn Mellinger on April 3, 2017 Posted in Big Data, Enforcement, Online Privacy

On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading

FCC Broadband Privacy Rule On Hold, Likely Dead

By Alan L. Friel and Stephanie Lucas on March 2, 2017 Posted in Online Privacy

The new Federal Communications Commission (FCC) Privacy and Data Security Rule for broadband internet access service (BIAS) providers (Privacy Rule) was set to start phased implementation on March 2, 2017. We have previously detailed what the Privacy Rule would require and when in prior blog posts available here and here. However, on March 1, 2017, … Continue Reading

FTC’s $2.2m Smart TV Settlement Signals Continued IoT Enforcement Focus

By Alan L. Friel and Melinda L. McLellan on March 1, 2017 Posted in Behavioral Advertising, Big Data, Enforcement, Information Security, Internet of Things, Marketing, Online Privacy

On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading

Revisit privacy notices in the new year

By Alan L. Friel on January 3, 2017 Posted in Online Privacy

Companies are required to accurately disclose their material consumer data practices in clear, conspicuous and understandable privacy notices. As 2016 came to a close, the Federal Trade Commission (FTC) reminded companies of this in an enforcement action settlement concerning a privacy notice that did not accurately describe interest-based advertising practices and related consumer choice options, … Continue Reading

FTC Settles with Ad Tech Company Over Deceptive Online Tracking Practices

By Melinda L. McLellan and Robyn M. Feldstein on December 27, 2016 Posted in Behavioral Advertising, Enforcement, Marketing, Mobile Privacy, Online Privacy

On December 20, 2016, the Federal Trade Commission (FTC) announced that Turn Inc. agreed to settle charges that it misled consumers about its online tracking activities and failed to honor consumer opt-outs as described in its privacy policy. Background Turn is a digital advertising company that facilitates targeted marketing by commercial brands and ad agencies … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

By David M. Brown on August 24, 2016 Posted in Cybersecurity, Data Breaches, Enforcement, Online Privacy, Retail Industry

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

By Will R. Daugherty and David M. Brown on August 18, 2016 Posted in Cybersecurity, Enforcement, Medical Privacy, Online Privacy

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

Deeper Dive: When it Comes to Data Breaches, Size Matters

By M. Scott Koller on June 21, 2016 Posted in Data Breaches, Online Privacy

As part of our ongoing series analyzing the 2016 BakerHostetler Data Security Incident Response Report, this article takes a closer look at the factors that play a role in whether an entity will face a regulatory investigation or litigation as a result of a data breach. As the title suggests, the size of breach is … Continue Reading

Balancing Innovation With Privacy Concerns: The FTC Provides Comment on the Internet of Things

By Kathryn Mellinger on June 10, 2016 Posted in Big Data, Online Privacy

On June 3, 2016, the Federal Trade Commission (FTC) responded to a Request for Comments issued by the Department of Commerce, National Telecommunications and Information Administration (NTIA) regarding the Internet of Things (IoT). The NTIA, which issued its Request for Comments on April 5, 2016, stated that it will use commentary to expand on its … Continue Reading

Concrete and Particularized: What the Supreme Court’s Spokeo Ruling May Mean for Privacy Class Actions and Big Data – the First in a Series

By Tanya Forsheit on May 16, 2016 Posted in Online Privacy, Privacy Class Actions

This morning, the Supreme Court of the United States issued its decision in Robins v. Spokeo, No. 13–1339, 578 U. S. ____ (2016), putting to rest months of speculation as to whether the Court could come to a meaningful decision (that would be anything other than 4-4) in the aftermath of Justice Scalia’s passing in … Continue Reading