Privacy

Subscribe to Privacy via RSS

In early January 2018, U.S. Customs and Border Protection (CBP) announced an updated policy for searching electronic devices at U.S. borders. The new directive supersedes a previous directive that was released in August 2009.

Under the policy, CBP agents—with or without suspicion—may conduct a “basic search” of electronic devices encountered at the border, including smartphones and tablets, by examining such devices and analyzing information visible on them. In contrast, CBP agents need to have “reasonable suspicion” or a “national security concern” to carry out an “advanced search,” that is, any search in which an agent connects external equipment, through a wired or wireless connection, to an electronic device in order to review, copy, or analyze its contents.Continue Reading New Policy for Device Searches at Borders Issued by CBP

In yet another round of Schrems versus Facebook, on January 25, 2018, the Court of Justice of the European Union (CJEU) ruled that privacy activist Max Schrems is a consumer with regard to his Facebook
Continue Reading Court of Justice Dismisses Privacy Class Action Against Facebook but Allows Max Schrems to Sue in Austria

2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this year, and some areas of legislation that actually may become law in the U.S.

Big Changes Taking Effect in the European Union

One of the biggest areas where everyone in the privacy field will be looking in 2018 is the European Union (EU). On the legislative front, the General Data Protection Regulation (GDPR) will enter into force on May 25, 2018; the proposed e-Privacy Regulation is scheduled to be adopted this year; and the EU parliament will issue a report on the proposed Regulation on Non-Personal Data. Additionally, the Court of Justice of the EU (CJEU) will rule on several important data protection cases, including on third-party tracking, the right to be forgotten, and the possibility of class actions.Continue Reading A Look Ahead at Privacy and Data Security in 2018

On November 29, 2017, the U.S. Court of Appeals for the Ninth Circuit joined the Third Circuit in narrowly defining “personally identifiable information” under the Video Privacy Protection Act (VPPA), holding in Eichenberger v. ESPN that the disclosure of a unique device identifier does not violate the act.1

The VPPA was passed in 1988 in response to the Washington City Paper obtaining and publishing the video rental history of U.S. Supreme Court nominee Robert Bork.2 The act was intended “to preserve personal privacy with respect to the rental, purchase or delivery of video tapes or similar audio visual materials.”3 To that end, the VPPA creates a private cause of action against a “video tape service provider”4 who “knowingly discloses … personally identifiable information.”5 The statute defines “personally identifiable information,” as “information which identifies an individual as having requested or obtained specific video materials or services from a video tape service provider.” Violators can be subject to statutory damages, punitive damages, and other penalties.6Continue Reading Ninth Circuit Narrowly Defines “Personally Identifiable Information” Under the VPPA

The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children without obtaining verifiable parental consent so long as they collect and use the voice recording solely as a replacement for written words, such as to perform a search or fulfill a verbal instruction or request, and maintain the file for only the brief period of time necessary for that purpose. The FTC’s publication builds on previous FTC guidance making clear that COPPA applies to Internet of Things devices, including connected children’s toys. The publication marks the first time that the FTC has publicly signaled that it will refrain from bringing enforcement actions in circumstances where it believes COPPA has been violated.
Continue Reading FTC Carves New Path for Collecting Voice Recordings from Children Without Parental Consent

On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),1 issued an update to its Code of Conduct (the “Code”).  The Code imposes notice, choice, accountability, data security, and use limitation requirements on NAI member companies.

The 2018 Code update is most significant for combining the NAI’s web-focused Code with its previously-separate mobile application code of conduct (the “App Code”) and incorporating the NAI’s prior guidance on cross-device tracking. These updates reflect the NAI’s recognition of the decreasing significance of the distinction between web and mobile advertising, with today’s advertisers increasingly savvy at tracking users and advertising effectiveness across devices, browsers, and platforms. The update also revises some terminology for greater clarity. The 2018 Code update went into effect on January 1, 2018.
Continue Reading NAI Issues 2018 Update to Its Code of Conduct