On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile app used to gather information … Continue Reading
During a much anticipated Open Commission Meeting announced by Commission Chair Lina M. Khan, the Federal Trade Commission (“FTC”) voted in favor of issuing one new policy statement and one new report to Congress.… Continue Reading
The California Privacy Protection Agency (the “Agency”) released draft regulations to the California Privacy Rights Act (“CPRA”) on May 31, 2022 (the “Proposed Regulations”). The Proposed Regulations are drafted as comments to the California Attorney General’s regulations for the California Consumer Privacy Act, California’s landmark privacy law, which was amended by CPRA.… Continue Reading
We previously reported on the FCC’s 2016 Privacy Order, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” impacting Internet service providers’ data privacy practices and obligations and the corresponding timeline for compliance. Intervening events, however, have made the rules imposed by the 2016 Privacy Order moot. On June 26, 2017, the FCC … Continue Reading
The Consumer Review Fairness Act (CRFA) began to take effect yesterday, March 14, 2017. One aim of the CRFA is to protect consumers’ ability to publicly review services and vendors without being subject to restrictions or fines imposed by form contracts. It does so by voiding provisions within form contracts between consumers and service providers … Continue Reading
The CJEU (the European Union Court of Justice) has handed down a decision which makes clear that general and indiscriminate retention of electronic communications is unlawful. National legislation of each European Member State should ensure that mass surveillance only occurs where it is strictly necessary in order to combat serious crime as well as terrorism … Continue Reading
On December 2, 2016, the Federal Communications Commission (“FCC”) published its Report and Order entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (the “Order”) as a final rule in the Federal Register, adopting rules applicable to Internet service providers (“ISPs”) intended to protect the privacy of broadband consumers. Despite the publication … Continue Reading
LabMD’s lack of data security measures resulted in the FTC Commission overturning an Administrative Law Judge (“ALJ”) decision that previously dismissed charges against the company in November. LabMD performed laboratory medical testing for over 750,000 patients since 2001, before going out of business in 2014, partly due to fighting this case. The FTC brought the … Continue Reading
Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal data” under EU law. If the CJEU adopts this reasoning, it would represent a landmark decision that would resolve a contentious … Continue Reading
This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals. At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and … Continue Reading
Co-authored by Geoffrey Roche On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.… Continue Reading
Oregon became the first state to adopt the Revised Uniform Fiduciary Access to Digital Assets Act (“Revised UFADAA”) when Governor Kate Brown signed Oregon Senate Bill 1554 into law on March 3, 2016. The law will become effective on January 1, 2017.… Continue Reading
The Federal Communication Commission’s (the “FCC”) landmark decision last year to reclassify Internet service providers (“ISPs”) as common carriers under Title II of the Communications Act of 1934 implicates policy issues that extend well beyond net neutrality. Perhaps chief among them is the treatment of customer proprietary network information (“CPNI”) by broadband access providers. The … Continue Reading
On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents. The new law targets three areas of compliance: (1) advertising to children; (2) conspicuous posting of a compliant privacy policy; and (3) enhancing the privacy protections of users … Continue Reading
The average American today generates more media than they did at any other point in history, and the ease with which our communications, photos, and videos are sent and stored digitally means most of us have more media stored in the cloud or on a single digital device than previous generations would have created in … Continue Reading
Today, one month after the European Court of Justice decision that invalidated the Safe Harbor framework, the European Commission (the “Commission”) issued a Communication setting forth its position on alternative tools for the lawful transfer of personal data from the EU to the United States. The Commission also stated its objective to conclude negotiations with … Continue Reading
In an expected but controversial move, Google has rejected a demand by the French Data Privacy authority CNIL to apply the European “Right to be Forgotten” worldwide. We have covered the E.U.’s Right to be Forgotten before, but here is a quick recap: under the E.U. rule, individuals have the right to require organizations that … Continue Reading
Connecticut has joined a list of twenty-one states with a statute designed to preserve the privacy of personal online accounts of employees and limit the use of information related to such accounts in employment decision-making. Legislation directed to online privacy of employees has also passed this year in Montana, Virginia, and Oregon, and such legislation … Continue Reading
With paywalls and premium subscriptions finding only modest success, paid advertisements remain the primary means of generating revenue from online content. Native advertising has emerged as a leader in the competition for ad impressions and brand engagement. Expected to grow from $7.9 billion in spending this year to $21 billion by 2018, native advertising is … Continue Reading
A few months after the European Court of Justice ruled on May 13, 2014 that search engines are considered personal data controllers under the EU Data Protection Directive of 1995 and, as such, should provide data subjects with a right to be forgotten, a French Tribunal enforced this principle in X & Y v. Google … Continue Reading
Traditionally, a person’s most valuable assets to be distributed upon death consisted of tangible items such as real property, cash, jewelry and personal effects of sentimental value like photographs and letters. However, the advent of the digital age has brought a shift from file cabinets, mailmen and photo albums to cloud storage, e-mail accounts and … Continue Reading
After a decision denying class certification last week, claims by Hulu users that their personal information was improperly disclosed to Facebook are limited to the individual named plaintiffs (at least for now, as the decision was without prejudice). The plaintiffs alleged Hulu violated the federal Video Privacy Protection Act by configuring its website to include a … Continue Reading
After two years of investigation and proceedings regarding Google’s privacy policy, European Data Protection Authorities (DPAs) are now reaching their final decisions against Google. The French DPA (“CNIL”) issued ,on January 3rd 2014, a decision ruling that Google’s privacy policy did not comply with the French Data Protection laws and imposed a fine of € … Continue Reading
The determination of the territorial scope of the current EU Directive n° 95/46 is still under dispute both before national Courts and the European Court of Justice (ECJ). This issue may soon become moot with the adoption of future data protection regulation, which may modify and expand the territorial scope of EU data privacy law, … Continue Reading
This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.