Jonathan Mollod
Subscribe to all posts by Jonathan Mollod
As the National Security Agency (NSA) noted in its 2022 cybersecurity yearly review, “[c]yberspace is dangerous.” Reports of sophisticated cyberattacks and ransomware threats were prevalent in the past year. The government, manufacturers, and others further developed standards for securing digital infrastructure like 5G, cloud services, cryptography, internet protocols, and internet of things (IoT) devices. In … Continue Reading
On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without first obtaining affirmative consent and … Continue Reading
On December 1, 2022, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a Bulletin to highlight the obligations of HIPAA-covered entities and business associates when using “online tracking technologies,” or what OCR describes as “script or code on a website or mobile app used to gather information … Continue Reading
Roughly two weeks apart, on July 21, 2022 and August 5, 2022, respectively, Amazon made headlines for agreeing to acquire One Medical, “a human-centered and technology-powered primary care organization,” for approximately $3.9 billion and iRobot, a global consumer robot company, known for its creation of the Roomba vacuum, for approximately $1.7 billion. These proposed acquisitions … Continue Reading
As summer nears its end, uncertainty and complexity lie ahead for many companies as they evaluate how to operationalize compliance with the California Privacy Rights Act (CPRA), existing California employment laws and potentially the passage of a federal privacy law, the American Data Protection and Privacy Act, H.R. 8152 (ADPPA), that may preempt some but … Continue Reading
On August 24, 2022, California Attorney General (AG) Rob Bonta announced a settlement with beauty products retailer, Sephora USA, Inc. (“Sephora”), resolving claims that Sephora violated the California Consumer Privacy Act (CCPA) for, among other things, failing to disclose to consumers that it was selling their personal information (including precise location data) and failing to … Continue Reading
On August 11, 2022, the Federal Trade Commission (FTC) issued an Advance Notice of Proposed Rulemaking (ANPR) and announced it was exploring a rulemaking process to “crack down on harmful commercial surveillance” and lax data security. The agency defines commercial surveillance as “the collection, aggregation, analysis, retention, transfer, or monetization of consumer data and the direct derivatives of that … Continue Reading
Reports of sophisticated cyberattacks and ransomware threats dominated 2021 headlines, along with evolving state data privacy laws in the absence of comprehensive federal data protection regulation. Cross-border data transfers between the EU and US still lack a clear, streamlined mechanism while national authorities continue to negotiate an EU-US Privacy Shield replacement. The past year also … Continue Reading
COVID-19, the California Consumer Privacy Act (CCPA) coming into force, and the invalidation of the EU-US Privacy Shield already made 2020 an especially active year for privacy and data security risks and obligations. Rounding out the year, December then brought discovery of the unprecedented Solarwinds cyberattack affecting government agencies, critical infrastructure entities and others. Thus, looking ahead, … Continue Reading
On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes. The guidance is significant in two respects. First, it … Continue Reading
2022 Trends in Privacy and Data Security Law
By Jeffrey Neuburger and Jonathan Mollod on Posted in Cybersecurity, Data Privacy Laws, Privacy Law
FTC’s One-Two Punch on Data Tracking and Health Privacy
By Ryan P. Blaney and Jonathan Mollod on Posted in Data Privacy Laws, FTC Enforcement, HIPAA
HHS Bulletin: Covered Entities’ Disclosure of PHI Collected via Online Tracking Technologies Falls under HIPAA
By Ryan P. Blaney, Danielle Brooks and Jonathan Mollod on Posted in Data Privacy Laws, HIPAA, Mobile Privacy, Online Privacy, Privacy Law
Amazon’s Recent Acquisitions Highlight the Value of Consumer Data (and the Evolving Privacy Issues)
By Ryan P. Blaney, Danielle Brooks and Jonathan Mollod on Posted in Data Privacy Laws, E-Commerce, Privacy Law
Happy “Labor …” More Privacy Rights for Employees: California Legislature Closes Session Without Extending Employee and B2B Data Exemptions Under the CCPA
By Ryan P. Blaney and Jonathan Mollod on Posted in California, Data Privacy Laws, Workplace Privacy
Message Sent! California Attorney General Announces $1.2 Million CCPA Settlement with Retailer and Its Focus on the Sale of Customer Information
By Ryan P. Blaney and Jonathan Mollod on Posted in California, Data Privacy Laws, Privacy Law, Privacy Litigation
Businesses That Use Consumer Data or Data Products (Everyone?) Take Heed: FTC Moves Ahead with Rulemaking Process on “Commercial Surveillance” Practices
By Jeffrey Neuburger and Jonathan Mollod on Posted in Data Privacy Laws, Mobile Privacy, Privacy Law
Noteworthy Trends in Privacy and Data Security
By Jeffrey Neuburger and Jonathan Mollod on Posted in Cybersecurity, Data Breaches, Data Privacy Laws, Privacy Law
Notable Trends in Privacy and Data Security
By Jeffrey Neuburger and Jonathan Mollod on Posted in Cybersecurity, Data Breaches, Data Privacy Laws, Privacy Law
French DPA Issues Guidance Surrounding Practice of Web Scraping
By Stéphanie Martinier, Mathilde Pépin, Jeffrey Neuburger and Jonathan Mollod on Posted in Data Privacy Laws, European Union, France, GDPR