We’re all familiar with the ads that pop up on the side of our browsers, personalized to highlight things we might be interested in based on our web browsing activity.  Marketers and advertisers regularly track consumers’ online activities, interests and preferences and use the information they collect to create targeted ads, meant to appeal to individual consumers based on their behavioral profiles.  Some consumers have no objections to this type of targeted advertising, but others do not want their online activities monitored.  In response to privacy concerns raised by pervasive online tracking, the U.S. Federal Trade Commission endorsed the implementation of a Do Not Track (“DNT”) mechanism and the World Wide Web Consortium (“W3C”) has been working to develop a DNT technology standard that would allow users to control the tracking of their online activities. 

In a recent decision (deliberation CNIL May 30, 2013 n°2013-139), the French Data Protection Agency (CNIL) sanctioned a company for implementing a CCTV system without informing employees and because the CCTV enabled the constant monitoring of one employee making the recording disproportionate to the goal pursued.  The CNIL also sanctioned the company because it failed to implement an adequate level of security of the data housed on its systems.

In France, the guiding principle is that emails received or sent by an employee through the employer’s company email account are considered “professional”, which means that the employer can access and read them.  However, French employers must be cautious before accessing their employees’ professional emails because they are not permitted to access emails that have been identified by the employee as being “ personal” or “ private”.  Recently, the French Supreme Court, in a decision of June 19th, 2013 (n°12-12138: http://www.legifrance.gouv.fr/affichJuriJudi.do?oldAction=rechJuriJudi&idTexte=JURITEXT000027596663&fastReqId=1099388011&fastPos=1) addressed this issue in detail.

On June 20, 2013, the California Court of Appeal affirmed the dismissal of a putative class action which alleged that Chevron violated California’s Song-Beverly Credit Card Act (“Song-Beverly”) by requiring California customers to enter ZIP codes in pay-at-the-pump gas station transactions in locations with a high risk of fraud. Flores

We pack tons of personal and sensitive information in our DNA.  While the human genome has been mapped for a decade, legal issues of genetic privacy are just beginning to rise.  Earlier this month, the U.S. Supreme Court decided what Justice Alito described as “perhaps the most important criminal procedure case that this court has heard in decades.”  The case addressed whether police could constitutionally take a DNA sample from a person arrested for a serious crime, and in a 5-4 decision, the Court ruled that DNA collection serves the legitimate government interest in identifying arrestees.  In the majority opinion, however, Justice Kennedy noted that, “If in the future police analyze samples to determine, for instance, an arrestee’s predisposition for a particular disease or other hereditary factors not relevant to identity, that case would present additional privacy concerns not present here.”