On November 29, 2017, the U.S. Court of Appeals for the Ninth Circuit joined the Third Circuit in narrowly defining “personally identifiable information” under the Video Privacy Protection Act (VPPA), holding in Eichenberger v. ESPN that the disclosure of a unique device identifier does not violate the act.1
The VPPA was passed in 1988 in response to the Washington City Paper obtaining and publishing the video rental history of U.S. Supreme Court nominee Robert Bork.2 The act was intended “to preserve personal privacy with respect to the rental, purchase or delivery of video tapes or similar audio visual materials.”3 To that end, the VPPA creates a private cause of action against a “video tape service provider”4 who “knowingly discloses … personally identifiable information.”5 The statute defines “personally identifiable information,” as “information which identifies an individual as having requested or obtained specific video materials or services from a video tape service provider.” Violators can be subject to statutory damages, punitive damages, and other penalties.6Continue Reading Ninth Circuit Narrowly Defines “Personally Identifiable Information” Under the VPPA
The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children without obtaining verifiable parental consent so long as they collect and use the voice recording solely as a replacement for written words, such as to perform a search or fulfill a verbal instruction or request, and maintain the file for only the brief period of time necessary for that purpose. The FTC’s publication builds on previous FTC guidance making clear that COPPA applies to Internet of Things devices, including connected children’s toys. The publication marks the first time that the FTC has publicly signaled that it will refrain from bringing enforcement actions in circumstances where it believes COPPA has been violated.
On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),
On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable costs, and to help guide the future application of the substantial injury prong of the FTC’s unfairness standard. A variety of panelists from a wide range of backgrounds, including business, academia, and consumer advocacy, addressed questions such as how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the trade-offs between providing information and potentially increasing their exposure to injuries.
In November 2017, Judge Edward J. Davila dismissed a major multidistrict litigation accusing Facebook of unlawfully tracking users’ browsing activity across websites while they were signed out of their accounts.
Nearly a year ago, in February 2017, the