The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: Consumer Privacy

  • From Vol. 3 No.6 (Mar. 22, 2017)

    Understanding Online Advertising Technology and the Pipeline Process 

    Understanding the technology behind online advertising is critical to navigate the significant privacy and other legal issues in play. The risks associated with getting it wrong are sizeable. For example, following nine years of litigation, Google Inc. has agreed to pay a $22.5 million settlement to a proposed class of advertisers who claimed Google had placed their ads on inactive websites. At a recent PLI program, Jonathan Mayer, Stanford University attorney and computer scientist, explained the technology behind tracking, targeting and ad delivery, as well as the “high-frequency trading for eyeballs” ad bidding exchange process. See also “Keeping Up With Technology and Regulatory Changes in Online Advertising to Mitigate Risks” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 3 No.4 (Feb. 22, 2017)

    Lessons for Connected Devices From the FTC’s Warning Against Unexpected Data Collection 

    In a recently announced $2.2 million settlement with television manufacturer VIZIO, the FTC and the state of New Jersey emphasized the importance of providing notice and consent particularly when connected-device users may not expect the types of data collection and sharing taking place. The action demonstrates the coordination of federal and state enforcement agencies, and the settlement terms serve to inform connected-device companies about the agencies' expectations. In terms of data collection and disclosure, “companies should consider what consumers expect of a device, particularly if it was an analog device that has not been smart in the past,” FTC attorney Megan Cox told The Cybersecurity Law Report. See “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017); and “Privacy, Security Risks and Applicable Regulatory Regimes of Smart TVs” (Jan. 11, 2017).

    Read Full Article …
  • From Vol. 3 No.2 (Jan. 25, 2017)

    Tracking Consumer Data: DAA Guidance Applies Core Principles to Cross-Device Technology

    No longer tied to a desk for internet browsing, consumers move among devices, platforms, software, apps and service providers. While the technology offers consumers great convenience and other benefits, it can also make them uneasy as new forms of tracking are continually being developed. On February 1, 2017, the Council of Better Business Bureaus and the Direct Marketing Association will begin enforcement of the Application of the Digital Advertising Alliance Principles of Transparency and Control to Data Used Across Devices. The guidance takes DAA standards and principles and applies those to the technology of cross-device tracking. “DAA has been really effective by focusing on advertising practices, like cross-app advertising or cross-device linking, rather than focusing on specific technologies,” because the technologies rapidly change, Lindsey Tonsager, a partner at Covington, explained. See also “FTC Chair Addresses the Agency’s Data Privacy Concerns With Cross-Device Tracking” (Nov. 25, 2015).

    Read Full Article …
  • From Vol. 2 No.18 (Sep. 7, 2016)

    Lessons From Consumer Challenges to Email Review Practices

    In three recent cases in front of the same judge, consumers asserting privacy concerns have taken different approaches to challenging how internet giants Google and Yahoo review emails. After class certification was denied in a case against Google, another group of plaintiffs brought a case seeking injunctive relief against Yahoo and a separate group sought permissive joinder on a large scale in a new action against Google. Most recently, in the third case, the same judge granted Google’s motion to sever an attempt to join more than 800 individual plaintiffs. Collectively, the results of these actions emphasize the importance of proper disclosures and illustrate the efficacy of the defense strategy of emphasizing individualized questions of consent. See “Federal Judge Offers Advice on Litigating Data Privacy, Security Breach and TCPA Class Action Suits” (Apr. 27, 2016).

    Read Full Article …
  • From Vol. 2 No.6 (Mar. 16, 2016)

    FCC Flexes Its Muscles With Proposed Broadband Privacy Rules and Verizon Settlement

    Continuing its increased emphasis on online privacy, the FCC has proposed regulations for broadband ISP services, right on the heels of a $1.35 million settlement with Verizon Wireless tied to its use of unique identifier headers or “supercookies.” Verizon agreed to adopt a three-year compliance program in connection with its tracking of customers for targeted advertising purposes and failing to adequately notify them about it. Experts told The Cybersecurity Law Report that the consent decree seemed to pave the way for the proposed new privacy rules, which center around choice, security and transparency. We analyze the settlement, provide three key takeaways from it and explore the impact of the new proposed rules. See also “FCC Makes Its Mark on Cybersecurity Enforcement With Record Data Breach Settlement” (Apr. 22, 2015).

    Read Full Article …
  • From Vol. 2 No.4 (Feb. 17, 2016)

    Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part Two of Two)

    Companies are capitalizing on increased personal and professional mobile device use by collecting, storing and sharing mobile-generated information to improve products and services and target advertising. During a recent webinar, WilmerHale partners D. Reed Freeman, Jr. and Heather Zachary examined the latest federal, state and self-regulatory privacy and data security expectations tied to mobile devices. In this second installment of our two-part series, Freeman and Zachary address: how to ensure compliance in the use of cross-device advertising and tracking; Telephone Consumer Protection Act lessons; and key differences in Canada and E.U. regulations. Part one covered how practitioners can navigate the regulatory environment for mobile advertising, including self-regulatory guidance and the increasingly important role of the FCC. See also “FTC Chair Addresses the Agency’s Data Privacy Concerns With Cross-Device Tracking” (Nov. 25, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    Legal and Regulatory Expectations for Mobile Device Privacy and Security (Part One of Two)

    With consumers now using mobile devices in nearly every aspect of their personal and professional lives, companies are collecting, storing and sharing information from mobile use for a wide range of initiatives such as improving products and services and targeted advertising. During a recent webinar, WilmerHale partners D. Reed Freeman, Jr. and Heather Zachary examined the latest federal, state and self-regulatory privacy and data security expectations. Part one in this two-part series covers the panelists’ detailed discussion about how practitioners can navigate the regulatory environment for mobile advertising, including self-regulatory guidance and the increasingly important role of the FCC. In part two, Freeman and Zachary address: how to ensure compliance in the use of cross-device advertising and tracking; lessons from the Telephone Consumer Protection Act; and key aspects of the E.U. and Canada’s mobile privacy and data security regulations. See also “FTC Chair Addresses the Agency’s Data Privacy Concerns With Cross-Device Tracking” (Nov. 25, 2015).

    Read Full Article …
  • From Vol. 2 No.3 (Feb. 3, 2016)

    The FTC’s Big Data Report Helps Companies Maximize Benefits While Staying Compliant

    Recognizing the benefits of “big data” and its widespread use, on January 6, 2016, the FTC issued a staff report on best practices for companies to minimize risks of that use, including the potential for discrimination against certain populations. The report, Big Data: A Tool For Inclusion or Exclusion? Understanding the Issues, addresses applicable laws and policy considerations and provides a series of questions to help companies become and remain compliant. See also “The FTC Asserts Its Jurisdiction and Provides Ten Steps to Enhance Cybersecurity” (Jul. 15, 2015).

    Read Full Article …
  • From Vol. 2 No.1 (Jan. 6, 2016)

    Keeping Up with Technology and Regulatory Changes in Online Advertising to Mitigate Risks

    The advertising and marketing industries are continually transforming the ways they reach and track consumers.  These changes bring with them a moving target of privacy challenges as companies try to ensure security of the data they collect as well as legal and regulatory compliance.  At a recent PLI program, Joseph J. Lewczak, a Davis & Gilbert partner, and Matthew Haies, general counsel at global digital media platform Xaxis, analyzed the current state of consumer data collection and privacy issues in a discussion of technological, regulatory and legal developments.  See also “The Tension Between Interest-Based Advertising and Data Privacy” (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 1 No.17 (Nov. 25, 2015)

    FTC Chair Addresses the Agency’s Data Privacy Concerns with Cross-Device Tracking

    Consumers’ online presence is constantly in motion as they jump from device to device throughout the day.  Companies that want to track consumer activity are using new methods that follow consumers, and the platforms and applications they use, on these various devices.  The FTC recently held a workshop to examine and address privacy issues raised by cross-device tracking.  FTC Chairwoman Edith Ramirez commenced the workshop by explaining the Commission’s goal to allow technological innovation – with all the consumer benefits it offers – while safeguarding consumer privacy.  We highlight the key points of her speech in which she emphasized the importance of effective transparency, notice, choice and security.  See also “In the Wyndham Case, the Third Circuit Gives the FTC a Green Light to Regulate Cybersecurity Practices,” The Cybersecurity Law Report, Vol. 1, No. 11 (Aug. 26, 2015).  

    Read Full Article …
  • From Vol. 1 No.16 (Nov. 11, 2015)

    California Law Enforcement Faces Higher Bar in Acquiring Electronic Information

    California, looked to as a leader in privacy protections as well as breach notification requirements, has passed the California Electronic Communications Privacy Act (CalECPA), a new law that raises the bar for state law enforcement seeking electronic information.  Aravind Swaminathan and Marc Shapiro, Orrick partner and associate, respectively, told The Cybersecurity Law Report what CalECPA – which requires state law enforcement officials to secure a warrant before they can access electronic information – means for companies and individuals.  See also “Orrick Attorneys Explain California’s New Specific Standards for Breach Notification,” The Cybersecurity Law Report, Vol. 1, No. 15 (October 28, 2015).

    Read Full Article …
  • From Vol. 1 No.15 (Oct. 28, 2015)

    Federal Courts Offer a Modern Interpretation of the VHS-Era Video Privacy Protection Act

    When does the 1988 Video Privacy Protection Act, which limits what companies can do with personal information about video consumption, apply to companies that post videos online?  The Eleventh Circuit and a New York district court recently dismissed complaints challenging the VPPA – passed in 1988 and designed to protect the privacy of individuals’ VHS rental preferences – narrowing the scope of the Act in the process.  Ellis v. The Cartoon Network, Inc. (11th Cir. Oct. 9, 2015) and Robinson v. Disney Online (S.D.N.Y. Oct. 20, 2015) both dealt with free smartphone apps, and questions regarding who is a “subscriber” and what “personally identifiable information” means under the statute.  Simon J. Frankel, a partner at Covington & Burling, told The Cybersecurity Law Report that “courts are really struggling with how the statute, not written for this context, applies in this context and [they are] trying to draw where the limits are.”  See also “The Tension Between Interest-Based Advertising and Data Privacy,” The Cybersecurity Law Report, Vol. 1, No. 12 (Sep. 16, 2015).

    Read Full Article …
  • From Vol. 1 No.10 (Aug. 12, 2015)

    Navigating the Evolving Mobile Arena Landscape (Part Two of Two)

    Mobile devices, and their constantly changing technology, present unique cybersecurity and privacy issues.  In the second installment of our coverage of a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Aaron P. Simpson, a partner at Hunton & Williams and H. Leigh Feldman, global chief privacy officer at Citi, discuss these challenges and contextualize relevant policy and regulatory landscapes in the U.S. and Europe, including enforcement activity.  The first article in the series explained the specific challenges related to mobile and wearable technology and presented best practices for stakeholders as consumers demand control of their information.  See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015). 

    Read Full Article …
  • From Vol. 1 No.9 (Jul. 29, 2015)

    How to Secure Evolving Mobile Technology and the Data It Collects (Part One of Two)

    Mobile device technology is changing at a rapid pace, as are the ways consumers are interacting with those devices.  This atmosphere is continually creating new cybersecurity and data privacy challenges that demand the attention of retailers, app developers, consumers and regulators.  During a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Aaron P. Simpson, a partner at Hunton & Williams, and H. Leigh Feldman, global chief privacy officer at Citi, discussed privacy and security issues in the mobile arena.  This article, the first of a two-part series, explains the specific challenges related to mobile and wearable technology and presents best practices for stakeholders as consumers demand control of their information.  See “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015).  The second article in the series will discuss the complex policy and regulatory landscapes for mobile devices in the U.S. and Europe, including enforcement efforts.  

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    Understanding and Mitigating Liability Under the Children’s Online Privacy Protection Act

    Faced with the threat of steep civil penalties that can arise from active FTC enforcement, operators of commercial websites must exercise caution when collecting personal information from children under the age of 13.  The long reach of the Children’s Online Privacy Protection Act (COPPA) applies not only to first-party website operators but also extends to third parties that collect personal information on behalf of first-party operators in certain circumstances.  In a recent presentation, attorneys Julia Siripurapu and Ari Moskowitz of Mintz Levin discussed key provisions and implementation of COPPA, including compliance, enforcement and applicability to third parties.  They also provided advice on best practices for websites and online services regarding the collection and use of children’s personal information, and for educational institutions as parental agents.

    Read Full Article …
  • From Vol. 1 No.7 (Jul. 1, 2015)

    What Companies Need to Know About the FCC’s Actions Against Unwanted Calls and Texts

    The FCC has sent a strong message to companies that it will proactively monitor and regulate consumer consent related to phone calls and texts.  The agency claims this is the largest source of consumer complaints it receives.  “It is clear that the FCC will be more active in this area of enforcement,” Jen Deitch Lavie, a partner at Manatt, Phelps & Phillips, told The Cybersecurity Law Report.  The FCC recently has taken actions in two different forms to enforce and clarify the Telephone Consumer Protection Act (TCPA).  During the month of June, the FCC sent a public warning to PayPal regarding planned amendments to its User Agreement.  PayPal subsequently announced it would modify that agreement to address the FCC’s concerns.  The FCC also adopted a package of declaratory rulings regarding robocalls and spam texts that clarifies and modifies the TCPA in significant ways.  See also “FCC Makes Its Mark on Cybersecurity Enforcement with Record Data Breach Settlement,” The Cybersecurity Law Report, Vol. 1, No. 2 (Apr. 22, 2015).

    Read Full Article …