Given Broad Definitions, the Law Could Apply to Businesses That Do Not Consider Themselves Data Brokers While amending the California Consumer Privacy Act of 2018 (CCPA) last term, the California legislature also passed a CCPA-related privacy bill that applies to “data brokers.” Assembly Bill 1202 (AB 1202) requires businesses that qualify as data brokers to register, pay … Continue Reading
The Information Commissioner’s Office (ICO) has confirmed that by November 23, 2019, it will present its Age Appropriate Design Code of Practice to the UK Parliament for approval. Unless Parliament objects, this mandatory code will be issued and in force (albeit with a transition period) as early as January 2020. The final code has been … Continue Reading
On August 12, 2019, the Greek Ministry of Justice published the long-awaited, draft legislation for implementing the General Data Protection Regulation (GDPR). Greece and Slovenia are the only two European Union (EU) countries that have not yet implemented the GDPR. As an EU regulation, the GDPR has legally taken effect in every EU country, including … Continue Reading
On June 28, 2019, the French Data Protection Authority (CNIL) released its 2019-2020 action plan on ad targeting (action plan);1 among other things, the CNIL announced that it will issue new cookie guidance later this month and that, once the guidance is published, companies will have a 12-month grace period to come into compliance. Background … Continue Reading
On June 20, 2019, the UK’s Data Protection Authority (ICO) published a report on adtech and real-time bidding. The report highlights the main problems faced by the industry when applying the General Data Protection Regulation’s (GDPR’s) stringent requirements, and calls for further engagement on these issues by the different adtech players in the space. Background … Continue Reading
On May 22, 2019, a federal district court largely denied a facial challenge by Disney, Viacom, and several online advertising networks to claims alleging these defendants violated the privacy rights of children by collecting data through online gaming apps. In McDonald v. Kiloo APS,[1] the defendants consisted of two groups: the developers who created the … Continue Reading
On May 22, 2019, WSGR and the Future of Privacy Forum (FPF) co-hosted an event focusing on advertising technology and how to overcome the challenges of complying with evolving global privacy requirements. Jules Polonetsky from FPF opened the program, focusing on the evolution of online advertising, from contextual to programmatic behavioral advertising. WSGR attorneys Lydia … Continue Reading
On April 25, 2019, the new chairman and the four directors of the new Belgian data protection authority were sworn in before the Belgian Parliament. This marks a new era for data protection law in Belgium. Background Following the effective date of the General Data Protection Regulation (GDPR) on May 25, 2018, the Belgian Privacy … Continue Reading
On January 23, 2019, the European Data Protection Board (EDPB) issued an opinion (Opinion) on the interplay between the Clinical Trial Regulation (CTR) and the General Data Protection Regulation (GDPR), an issue which has been the subject of intense debate and that resulted in a draft, and still non-public, FAQ prepared by the EU Commission. … Continue Reading
On September 23, 2018, Governor Jerry Brown signed into law SB-1121, a bill that makes several amendments to the California Consumer Privacy Act (CCPA or the Act). The controversial privacy law, which is set to take effect in 2020, recently sparked a war of words among industry, privacy advocates, and the California Attorney General, each … Continue Reading
Recently, Vermont became the first state to enact legislation that regulates data brokers who buy and sell personal information. Under the new law, data brokers in Vermont will now have to register with the state, adopt standard security measures, and provide information to the state regarding their data collection practices. The law was passed in … Continue Reading
California Signs the First IoT Security Bill into Law, and the FTC Submits Comments to the Consumer Product Safety Commission Regarding the IoT California’s New IoT Law On September 28, 2018, California Governor Jerry Brown signed into law a cybersecurity bill governing Internet of Things (IoT) devices, the first law of its kind in the … Continue Reading
On April 30,2018, the Federal Trade Commission (FTC) announced a settlement with mobile phone manufacturer BLU Products and its owner over allegations that the company failed to implement appropriate procedures to oversee their service providers’ security practices, which allowed the service provider to install software containing commonly known security vulnerabilities on consumers’ mobile devices and … Continue Reading
The U.S. District Court for the Northern District of California recently ruled that a certified class action on behalf of Illinois Facebook users alleging that the social network unlawfully collects biometric data from photo tagging will go forward, denying both parties’ summary judgment motions. This case is one of the first major tests of the … Continue Reading
In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage, it was signed into law by Governor Jerry Brown. As strict as the act is, it was enacted to avoid … Continue Reading
The U.S. Court of Appeals for the Eleventh Circuit recently released its highly anticipated decision in the long-running case pitting the now-defunct medical laboratory LabMD against the Federal Trade Commission (FTC), vacating the FTC’s data security order. In reaching its conclusion, the court held that the order’s requirement that LabMD establish a comprehensive information security … Continue Reading
On April 12, 2018, the Federal Trade Commission (FTC) announced that it was withdrawing its proposed August 2017 privacy and data security settlement with Uber Technologies and issuing a new and expanded proposed settlement.1 According to the FTC, the reason for this extraordinary step was to address additional allegations of misconduct by the ride-sharing company … Continue Reading
In a novel interpretation of the Federal Trade Commission (FTC) Act, the U.S. District Court for the District of Delaware recently held in FTC v. Shire ViroPharma that the FTC had failed to plead the facts necessary to invoke its authority to sue for permanent injunction in federal court because it did not allege an … Continue Reading
On March 23, 2018, President Trump signed into law the Consolidated Appropriations Act, 2018, which contained a section entitled the Clarifying Lawful Overseas Use of Data (CLOUD) Act. The CLOUD Act significantly revises the rules underlying law enforcement requests for access to communications information stored abroad, and may have far-reaching implications for companies that collect, … Continue Reading
In February 2018, the Federal Trade Commission (FTC) released a report that explores the complexities of the mobile ecosystem and makes recommendations for industry to improve the mobile security update process for consumers. The report is part of the FTC’s effort to address concerns that mobile devices are not receiving the operating system patches they … Continue Reading
The Federal Trade Commission (FTC) recently granted a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app. Sears’ 2009 Order On August 31, 2009, the FTC entered … Continue Reading
On June 1, 2018, the Alabama Data Breach Notification Act of 2018 will take effect. In addition to being the last state to enact a breach notification law, Alabama’s new law distinguishes itself in a variety of unique ways. Consistent with other state breach notification laws, the new law defines “sensitive personally identifying information” maintained … Continue Reading
In a new interview appearing in “Regulating Big Tech,” published by Goldman Sachs Global Macro Research, Dr. Christopher Kuner, Senior Privacy Counsel at Wilson Sonsini Goodrich & Rosati, discusses the European Union’s upcoming General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. In the article, Dr. Kuner explores the global implications … Continue Reading
On February 26, 2018, the U.S. Court of Appeals for the Ninth Circuit issued an en banc decision in FTC v. AT&T holding that the Federal Trade Commission (FTC) Act’s “common carrier” exemption is activity-based, reversing the panel’s decision that the exemption is status-based, which would have opened a large enforcement gap for telecommunications companies … Continue Reading
We use cookies on our site to analyze traffic, enhance your experience, and provide you with tailored content. For more information or to opt-out, visit our privacy policy.
