The U.S. Supreme Court has handed down a major decision, Carpenter v. United States,1 concerning the Fourth Amendment’s application to the rapidly evolving technological landscape. The 5-4 decision dramatically alters the status quo concerning government requests for data about individuals that is collected and held by third parties. Under Carpenter, personal location information maintained by … Continue Reading
The U.S. District Court for the Northern District of California recently ruled that a certified class action on behalf of Illinois Facebook users alleging that the social network unlawfully collects biometric data from photo tagging will go forward, denying both parties’ summary judgment motions. This case is one of the first major tests of the … Continue Reading
In the latest episode of the WashingTECH Tech Policy Podcast, one of the leading national podcasts focused on tech law and policy debates driving the technology and communications sectors, Lydia Parnes, chair of the privacy and cybersecurity practice at Wilson Sonsini Goodrich & Rosati, discusses the state of privacy law after the Eleventh Circuit’s recent decision … Continue Reading
In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into law by Governor Jerry Brown. As strict as the act is, it was enacted to avoid … Continue Reading
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC), vacating the FTC’s data security order. In reaching its conclusion, the court held that the order’s requirement that LabMD establish a comprehensive information security … Continue Reading
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement.1 According to the FTC, the reason for this extraordinary step was to address additional allegations of misconduct by the ride-sharing company … Continue Reading
On March 30, 2018, in Sandvig v. Sessions,1 the U.S. District Court for the District of Columbia held that a group of academic researchers can move forward with their First Amendment challenge to the Computer Fraud and Abuse Act (CFAA),2 a federal law that criminalizes, among other things, accessing a computer in a manner that … Continue Reading
On March 23, 2018, President Trump signed into law the Consolidated Appropriations Act, 2018, which contained a section entitled the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act significantly revises the rules underlying law enforcement requests for access to communications information stored abroad, and may have far-reaching implications for companies that collect, … Continue Reading
On June 1, 2018, the Alabama Data Breach Notification Act of 2018 will take effect. In addition to being the last state to enact a breach notification law, Alabama’s new law distinguishes itself in a variety of unique ways. Consistent with other state breach notification laws, the new law defines “sensitive personally identifying information” maintained … Continue Reading
In a new interview appearing in “Regulating Big Tech,” published by Goldman Sachs Global Macro Research, Dr. Christopher Kuner, Senior Privacy Counsel at Wilson Sonsini Goodrich & Rosati, discusses the European Union’s upcoming General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. In the article, Dr. Kuner explores the global implications … Continue Reading
On February 26, 2018, the U.S. Court of Appeals for the Ninth Circuit issued an en banc decision in FTC v. AT&T holding that the Federal Trade Commission (FTC) Act’s “common carrier” exemption is activity-based, reversing the panel’s decision that the exemption is status-based, which would have opened a large enforcement gap for telecommunications companies … Continue Reading
On February 27, 2018, the Federal Trade Commission (FTC) announced1 that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and violated the Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule2 and Privacy Rule.3 Since 2011, Venmo has offered peer-to-peer payment services through an app … Continue Reading
Let’s face it: The residential phone line is on the verge of suffering the same fate as the 8-track tape. Anyone who doesn’t know what an 8-track tape is most assuredly uses a cell phone—and only a cell phone—to communicate. Email takes too long. And younger generations don’t even use the actual phone part of … Continue Reading
As application of the European Union’s (EU’s) General Data Protection Regulation (GDPR)1 quickly approaches, the enforcement authority of the European data protection authorities (DPAs) is rightfully on everyone’s mind. The power to issue monetary fines against non-compliant entities of up to four percent of the entity’s past year worldwide turnover is one of the GDPR’s … Continue Reading
On December 21, 2017, the Illinois Second District Appellate Court dealt a significant blow to the recent wave of Illinois Biometric Information Privacy Act (BIPA) class actions, holding in Rosenbach v. Six Flags Entertainment Corp. that plaintiffs alleging mere procedural violations of BIPA, without “any injury or adverse effect,” are not “aggrieved” persons entitled to … Continue Reading
On February 5, 2018, the Federal Trade Commission (FTC) announced its most recent Children’s Online Privacy Protection Act (COPPA) case against Explore Talent, an online talent agency marketed to aspiring actors and models.1 According to the FTC’s complaint, the company provided a free platform for users to find information about auditions, casting calls, and other … Continue Reading
In early January 2018, U.S. Customs and Border Protection (CBP) announced an updated policy for searching electronic devices at U.S. borders. The new directive supersedes a previous directive that was released in August 2009. Under the policy, CBP agents—with or without suspicion—may conduct a “basic search” of electronic devices encountered at the border, including smartphones … Continue Reading
In yet another round of Schrems versus Facebook, on January 25, 2018, the Court of Justice of the European Union (CJEU) ruled that privacy activist Max Schrems is a consumer with regard to his Facebook profile despite his advocacy activities. Schrems may therefore benefit from the EU consumer forum rule, which allows him to bring … Continue Reading
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this … Continue Reading
On November 29, 2017, the U.S. Court of Appeals for the Ninth Circuit joined the Third Circuit in narrowly defining “personally identifiable information” under the Video Privacy Protection Act (VPPA), holding in Eichenberger v. ESPN that the disclosure of a unique device identifier does not violate the act.1 The VPPA was passed in 1988 in … Continue Reading
The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children … Continue Reading
On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),1 issued an update to its Code of Conduct (the “Code”). The Code imposes notice, choice, accountability, data security, and use limitation requirements on NAI … Continue Reading
On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable … Continue Reading
In November 2017, Judge Edward J. Davila dismissed a major multidistrict litigation accusing Facebook of unlawfully tracking users’ browsing activity across websites while they were signed out of their accounts.1 The plaintiffs originally asserted several common law, tort, and statutory claims. Judge Davila dismissed most of those claims pursuant to earlier motions, leaving only the … Continue Reading
