Online Privacy

Subscribe to Online Privacy via RSS

Key Takeaways:

  • The Ninth Circuit court of appeals reviewed three separate proposed class actions against Papa John’s International Inc., Converse Inc., and Bloomingdale’s, all centered on whether certain website tracking activities violated the California Invasion of Privacy Act (CIPA).
  • The plaintiffs in these cases alleged that companies unlawfully used technologies like “session replay” software and chatbots to monitor website visitors’ interactions, intercepting their information and transmitting it to third parties without consent, thereby violating CIPA Section 631.
  • The court assessed how CIPA, an older wiretapping law, applies to modern website tracking like session replay and chatbots, focusing on definitions of “interception” and “contents.”

Key Takeaways:

  • Ed tech company PowerSchool’s recent breach exposed the data of approximately 60 million students and 10 million educators.
  • Hacker gained access via a compromised employee password and remained undetected for nine days.
  • Sensitive personal data, including Social Security numbers and medical histories, was potentially compromised, raising a number of legal and regulatory concerns.
  • The breach underscores the urgent need for stronger third-party oversight and security requirements.

On August 29, 2024, the Office for Civil Rights of the United States Department of Health and Human Services (“HHS-OCR”) withdrew its appeal of an order by the United States District Court for the Northern District of Texas’ (“District Court”) declaring unlawful and vacating a portion of an HHS-OCR Bulletin

A federal judge in the Northern District of California delivered a blow to a potential class action lawsuit against Google over its ad auction practices. The lawsuit, which allegedly involved tens of millions of Google account holders, claimed Google’s practices in its real-time bidding (RTB) auctions violated users’ privacy rights. But U.S. District Judge Yvonne Gonzalez Rogers declined to certify the class of consumers, pointing to deficiencies in the plaintiffs’ proposed class definition. 

On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile

During a much anticipated Open Commission Meeting announced by Commission Chair Lina M. Khan, the Federal Trade Commission (“FTC”) voted in favor of issuing one new policy statement and one new report to Congress.

First, the Commission unanimously voted in favor of issuing a policy statement on FTC initiatives

The California Privacy Protection Agency (the “Agency”) released draft regulations to the California Privacy Rights Act (“CPRA”) on May 31, 2022 (the “Proposed Regulations”). The Proposed Regulations are drafted as comments to the California Attorney General’s regulations for the California Consumer Privacy Act, California’s landmark privacy law, which was amended