Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Marketing and Consumer Privacy

Subscribe to Marketing and Consumer Privacy RSS Feed

Second Circuit Adopts FCC’s Narrow Construction of “Implied” Express Consent for Autodialed Calls to Cell Phones

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

This updates our report last summer on a Federal Communications Commission (FCC) letter brief filed at the invitation of the U.S. Court of Appeals for the Second Circuit in Nigro v. Mercantile Adjustment Bureau, which observed the FCC taking a noticeably less generous view of its then-recent declaratory rulings on whether consumer provision of a cell number is deemed consent to autodial it under the Telephone Consumer Protection Act (TCPA). We noted at that time that, “It would be a shame if, in the FCC’s view, calls in the course of ‘normal, expected and desired business communications’ are permissible only if no one objects after-the-fact.” The Second Circuit has now issued an opinion adopting the view in the FCC’s letter brief, holding that because Nigro did not provide his phone number directly to the creditor in the context of the debt incurred (in respect to which Mercantile called), the TCPA prohibited the calls.

To recap, when Nigro contacted his recently deceased mother-in-law’s electric utility to stop service, he gave them a cell number, which Mercantile later called using an automatic dialing system to collect a remaining balance on the mother-in-law’s account. Nigro sued on grounds the calls violated the ... Continue Reading

Eleventh Circuit Reverses Refusal to Honor FCC’s TCPA Debt Collection Declaratory Ruling, Fosters Uniformity on TCPA’s Autodialing Exception

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

The U.S. Court of Appeals for the Eleventh Circuit has brought a bit of legal balance back to automated debt collection calls, and reminded lower courts that when it comes to claims under the Telephone Consumer Protection Act (TCPA), they must honor the validity of FCC rulings.

The Eleventh Circuit’s decision implicates a 2008 declaratory ruling by the FCC regarding automated debt collection calls under the TCPA.  The TCPA and FCC rules implementing it prohibit autodialed and/or prerecorded calls to cell phones, unless there is prior express consent from the call recipient.  The FCC’s Debt Collection Declaratory Ruling from early 2008 held that prior express consent exists where a consumer gives a company his/her cell phone number as part of a transaction, and the company later autodials/prerecorded-calls or texts the consumer in connection with a debt arising from that transaction.

In Mais v. Gulf Coast Collection Bureau, Mais alleged that defendants placed autodialed and/or prerecorded calls to his cellphone without consent, in violation of the TCPA.  The calls followed from Mais’ emergency room treatment, during which his wife completed hospital admission documents and provided her husband’s cellphone number and other information.  Defendants maintained before the U.S. District Court for ... Continue Reading

Google Street View Plaintiffs on the Hunt for “a Needle in a Haystack” to Demonstrate Standing, but District Court Grants Plaintiffs Greater Role in Examination of Google’s Data

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

Back in April, Google filed a Petition for Certiorari with the U.S. Supreme Court in the Street View case, seeking review of the Ninth Circuit’s decision holding that unencrypted Wi-Fi signals are protected from interception by the federal Wiretap Act. Over the summer, the U.S. Supreme Court denied Google’s petition, thus allowing the plaintiffs to move forward with their putative class action.

With their foot in the door, plaintiffs now have to demonstrate standing, and are looking to Google’s collection of Street View data to do it. However, plaintiffs want access to Google’s data on their terms as well. Most recently, plaintiffs argued before U.S. District Judge Charles Breyer of the Northern District of California that the recommended jurisdictional discovery plan to control the search for evidence supporting plaintiffs’ standing was inadequate in several respects.

In August federal Magistrate Judge Maria-Elena James recommended that a Special Master be appointed to cull through Google’s Street data to hunt for evidence of plaintiffs’ communications. Judge James also recommended that Google’s Jurisdictional Discovery Proposal be used to help select the special master, develop protocols and rules for depositing information, and all related matters. Plaintiffs accepted the suggestion of a Special Master ... Continue Reading

Ninth Circuit Confirms Consultants and Other Middlemen May Be Vicariously Liable Under the TCPA

Posted in Communications/Media, Deals and Technology, Marketing and Consumer Privacy

The U.S. Court of Appeals for the Ninth Circuit issued a decision in Gomez v. Campbell-Ewald Company holding that the defendant marketing consultant could be liable under the Telephone Consumer Protection Act (TCPA) for unsolicited text messages that it arranged for a separate third-party to send on behalf of a client, the U.S. Navy.  The court’s holding clarifies that companies can be vicariously liable for TCPA violations if a called-party plaintiff establishes an agency relationship under federal common law between the defendant and a third-party caller, even if the content of the call was not on the defendant’s behalf and the defendant did not physically place the call.  The decision extends last year’s Federal Communications Commission (FCC) Dish Network declaratory ruling on violations of the TCPA and FCC rule provisions governing telemarketing and autodialing by third parties that a company authorizes to sell its goods/services, but does not directly ask or otherwise engage to telemarket.

The TCPA and regulations implementing it govern telemarketing and do-not-call issues, as well as automated calls to cell phones and prerecorded calls to residential lines and cells.  Under the TCPA, those who receive calls in violation of the statute or rules enjoy a private cause ... Continue Reading

FTC Seeks Public Comment on AgeCheq, Inc.’s Proposed Parental Consent Method under COPPA

Posted in Marketing and Consumer Privacy

The Federal Trade Commission announced Monday that it seeks public comment on a new verifiable parental consent method application proposed by AgeCheq, Inc., to enable apps, websites and advertisers to obtain parental consent to collect children’s personal information. Per COPPA’s final Rule, interested parties can propose and request FTC approval for additional methods for obtaining verified parental consent not presently permitted by the Rule. AgeCheq’s proposed consent method would allow parents to register themselves and their child’s devices with a third-party common consent administrator, which then would verify the parent’s identity via other methods permitted by the Rule and link that verification to their child’s devices. The FTC will accept public comments on AgeCheq’s proposal until Sept. 30, 2014.... Continue Reading

In Flight Catalog: Senator Rockefeller Opens Inquiry Into Consumer Data Practices by Airlines

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

Last week, Senator Jay Rockefeller (D-W.Va.) sent a letter to the top ten revenue generating passenger airlines in the United States, opening an inquiry into their practices related to charging additional fees for optional services and the collection of consumer data. With respect to consumer data, Sen. Rockefeller’s letter calls for greater transparency from airlines about how they collect, use, and disclose the personal information of consumers, citing concerns by consumer advocates that “airline policies can contain substantial caveats” and that “it is difficult for consumers to learn what information airlines and others in the travel sector are collecting, keeping, and sharing about them.” To assist the Senate Committee on Commerce, Science, & Transportation (“Committee”) in evaluating these concerns, Sen. Rockefeller has asked the airlines to provide the following information:

Do you retain personal information that your company obtains from consumers when they shop for airfares or from other sources? If yes:

a.  State the period of time your company retains such information and what specific data points you retain;

b.  State any specific sources for personal information or other such information your company obtains directly from consumers;

c.  Describe the privacy and security protections your company provides for personal ... Continue Reading

Consumer Privacy Legislation? All Sides Weigh In But Remain Far Apart in the Big Debate Over Big Data

Posted in Data Protection, Marketing and Consumer Privacy, Policy and Regulatory Positioning

Recent comments filed by various stakeholders in response to the U.S. Commerce Department’s National Telecommunications and Information Administration’s (NTIA) Request for Public Comment (RFC) on “Big Data and Consumer Privacy in the Internet Economy,” evidence a wide rift between consumer groups and most business interests regarding the need for additional consumer privacy law in the era of Big Data. NTIA issued its RFC back in June, in response to a recommendation in the May 1 White House report, “Big Data: Seizing Opportunities, Preserving Values” (hereinafter “Big Data Report”), which addressed how big data is transforming the lives of Americans.

In the Big Data Report, the White House recommended (among other things) that:

[t]he Department of Commerce should promptly seek public comment on how the Consumer Privacy Bill of Rights (“CPBR”) could support the innovations of big data while at the same time responding to its risks, and how a responsible use framework . . . could be embraced within the framework established by the [CPRB”]. Following the comment process, the Department of Commerce should work on draft legislative text for consideration by stakeholders and submission by the President to Congress.

The Consumer Privacy Bill of Rights and Big ... Continue Reading

FTC Undertakes Periodic Rule Review of Telemarketing Sales Rule

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

The Federal Trade Commission (FTC) has published in the Federal Register a Request for Comments on all aspects of its Telemarketing Sales Rule (TSR) as part of a routine review of the effectiveness, costs and benefits of its rules. Though the Request for Comments targets several TSR issues in particular (discussed below), it views the review as assessing generally whether the Rule is serving a “useful purpose,” and whether it can be improved to reflect changes in the marketplace since it was previously amended in 2003, 2008 and 2010. Comments are due October 14, 2014.

The Request for Comments does not itself propose specific changes to the TSR but rather invites input on several specific topics, as well as on any issues relevant to the TSR that commenters wish to address. Notably, the advent of the National Do-Not-Call Registry culminating in 2003 started as precisely this kind of “routine” review of the TSR. Here, the FTC specifically seeks comment on issues surrounding:

• Whether there is a need to expand the TSR’s recordkeeping requirements;

• The use of pre-acquired account information, i.e., that which a customer has previously provided to a seller or telemarketer to subsequently charge his or her ... Continue Reading

FTC Updates COPPA FAQs Again – Revisions to Part H Gives App Developers and Parents Welcomed Clarification on Parental Consent

Posted in Marketing and Consumer Privacy

Continuing our Blog’s updates on the Federal Trade Commission’s Frequently Asked Questions (FAQs) to the updated Children’s Online Privacy Protection Act (COPPA) Rule, we highlight that the FTC revised three portions of “Part H” this week, which concern how entities seeking to comply with COPPA may obtain verifiable parental consent.

COPPA requires that entities give notice to parents and obtain verifiable parental consent before collecting personal information from children under 13 years of age.  The FTC implements COPPA’s directives via its COPPA Rule, and has been issuing updates to the COPPA Rule FAQs intermittently over the past two years.  In April, the FTC made updates to Part M of the COPPA FAQs to clarify in what circumstances schools can consent to the disclosure of children’s personal information to third-party websites on behalf of their parents, when that information is used for the educational benefit of the students.

With its recent changes to sections of Part H of the FAQs, the FTC seeks to expand how websites and mobile apps can obtain verifiable parental consent.  Importantly, the FAQs tentatively ratify the use of data from parents’ credit and debit cards and third parties such as app stores, while adding ... Continue Reading

FCC Letter Brief to Second Circuit Narrowly Construes Recent TCPA Guidance

Posted in Marketing and Consumer Privacy

We reported last spring on two FCC declaratory rulings, GroupMe and Cargo Airline, that included some broad, business-friendly interpretations of rules implementing the Telephone Consumer Protection Act (TCPA), under which plaintiff class actions are thriving.  The rulings also reinvigorated an FCC statement from when it first adopted TCPA rules in 1992, that a consumer’s provision of a cell phone number in a transaction with a company may be deemed prior express consent to be called at that number.  But in a letter brief filed in Nigro v. Mercantile Adjustment Bureau (at the invitation of the U.S. Court of Appeals for the Second Circuit) the FCC seems to lean back the other way by narrowly construing its recent rulings and 1992 guidance.

 In Nigro, the plaintiff-appellant contacted his then recently deceased mother-in-law’s electric company to request discontinuance of her service, and at that time gave the company his cell number.  Mercantile Adjustment called Nigro’s cell phone using an automatic dialing system in connection with a balance due on the account that the electric company hired it to collect.  Nigro’s suit alleged that the collection efforts violated the TCPA’s ban on autodialed and/or prerecorded calls to cell phones made without ... Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

Posted in Cyber and National Security, Data Protection, Financial Services, Marketing and Consumer Privacy

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operational Risk Conference last month, Thomas J. Curry, Comptroller of the Currency and Chairman of the Federal Financial Institutions Examination Council [1] stated that “Attacks on our information infrastructure are everywhere. … For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers. Some attackers target banks because they want to undermine confidence in our country’s financial system. Penetrating the information defenses of any one system may enable attackers to penetrate another, and that in turn could enable more widespread attacks on the broader economy.”

Comptroller Curry stated that helping to make banks less vulnerable and more resilient to cyber-attacks has been one of his top priorities as Comptroller and Chairman of the FFIEC. As part of this effort, he formed the Cybersecurity and Critical Infrastructure ... Continue Reading

FTC Releases 2014 Privacy and Data Security Update, Touting Its Efforts and Achievements in Protecting Consumer Privacy

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

Last week, the Federal Trade Commission (FTC) released its 2014 Privacy and Data Security Update, summarizing the FTC’s major enforcement actions, policy initiatives, rules, reports, workshops, and outreach efforts in the privacy and data security arenas from approximately January 2013 until March 2014. In the 2014 Update, the FTC underscores its commitment to educating consumers, businesses and other stakeholders through its publications and roundtables on how to guard consumer privacy expectations and comply with applicable federal laws. Education, however, is accompanied by enforcement, and the FTC includes a long-list of recent actions against individuals and enterprises, which demonstrates that the FTC is not shy about using its broad regulatory authority to protect consumer privacy. Of major note were the FTC’s actions against companies for unfair or deceptive trade practices; its settlements with U.S. businesses for falsely asserting compliance with the U.S.-E.U. Safe Harbor Framework; the FTC’s updates to the COPPA regulatory rule; and its continued efforts to take telemarketers to task for violating the Do-Not-Call provisions of the Telemarketing Sales Rule.... Continue Reading

“Getting to Know You, Getting to Know All About You…” FTC Data Brokers Report Calls for More Industry Transparency, Regulation in How Data Brokers Use Consumers’ Personal Information

Posted in Data Protection, Marketing and Consumer Privacy, Policy and Regulatory Positioning

“You may not know them, but data brokers know you,” Federal Trade Commission (FTC) Chairwoman Edith Ramirez said when she announced the release of the Commission’s newest report on the data broker industry. And in the FTC’s opinion, Congress and the data brokerage industry need to take concerted action to bring transparency to the industry, protect consumers’ personally identifiable information (PII), and prevent abuse and discrimination. But will the FTC’s recommendations have any real effect? In light of recent statements about “actual” vs. “potential” harm and the expanding scope of the Agency’s Section 5 enforcement authority, the answer is a definite “maybe.”

On May 27, 2014, the FTC released “Data Brokers: A Call for Transparency and Accountability,” a report that marks the conclusion of the FTC’s two-year study into data broker industry practices. Coming on the heels of the White House’s own Big Data Report the FTC’s Data Brokers Report highlights that “[i]n today’s economy, Big Data is big business” with numerous positive effects for both companies and consumers. And data brokers specifically play an important role in driving our economy through increased targeted marketing, identity verification and fraud detection.

But the Data Brokers Report also rang ... Continue Reading

UPDATE on Breslow v. Wells Fargo – Same as the Old Boss: Eleventh Circuit Withdraws Opinion Just Four Days Later, But to Little Practical Effect

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Just a few days ago, we reported on the Eleventh Circuit’s decision in Breslow v. Wells Fargo, which reaffirmed precedent that strict liability can arise in autodialer, prerecorded-message and texting suits under the Telephone Consumer Protection Act (TCPA), if a caller or texter obtained consent from the intended recipient, but that party’s cell number was reassigned.  We noted how this reinforced the Eleventh Circuit’s prior decision in Osorio v. State Farm to the same effect, and which in turn aligned the Eleventh Circuit on this issue with the Seventh Circuit under its decision in the Soppet v. Enhanced Recovery case.  Now, just days after it issued its ruling, the Eleventh Circuit – acting on its own momentum and not at request of the any of the parties – has withdrawn its Breslow decision.

In a short order, the Circuit Judges who decided Breslow vacated their original opinion, and held instead the prior Eleventh Circuit Osorio decision should have controlled in Breslow.  Specifically, the replacement Breslow decision observes that Osorio concluded that the “called party” for purposes of whether consent exists for an autodialed call or text or a prerecorded message is the subscriber to the cell phone ... Continue Reading

Summertime Blues: Eleventh Circuit Doubles Down on Strict TCPA Liability for Texts and Autodialed and Prerecorded Calls to Cell Phones

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Over the Spring, we reported on how the Eleventh Circuit’s decision in Osorio v. State Farm brought that court into alignment with the Seventh Circuit on how restrictions in the Telephone Consumer Protection Act (TCPA) on automated and/or prerecorded calls and texts to cell phones can effectively impose strict liability, even if a calling party believed it had consent for the calls.  Now that Summer’s here, the Eleventh Circuit reaffirmed and reinforced its Osorio ruling, and aligned with the Seventh Circuit even more closely, by holding in Breslow v. Wells Fargo that where a company gets prior express consent to prerecorded-call and/or auto-dial or auto-text a cell phone, the caller can still be liable if at the time the call is made the cell number has been reassigned to a new subscriber who did not consent.

As in the Seventh Circuit case of Soppet v. Enhanced Recovery, which we discussed here, the calls at issue in Breslow involved efforts to collect on an overdue account, this time by Well Fargo, which believed it had consent to call the cell number which, at the time of the call, was used exclusively by Breslow’s minor son.  Wells Fargo called the ... Continue Reading

Only 4 Weeks Until Canada’s New Anti-Spam Rules Come into Force

Posted in Global, Marketing and Consumer Privacy

Provisions Have Implications for US, Global Businesses

Starting on July 1, 2014, key provisions of Canada’s Anti-Spam Law (CASL) governing commercial electronic messages (CEMs) will go into effect, per our advisory thoroughly analyzing CASL.  The statute and its implementing rules generally prohibit sending CEMs without the recipient’s express consent, and as noted in the advisory, extend far beyond just email, reaching CEMs sent to instant message and social network accounts, as well as short message service (SMS) texts to cellphones.  And, CASL governs CEMs sent from or accessed by domestic computer systems, meaning the law’s provisions will extend far beyond Canada’s borders and affect CEMs sent from other countries, including the United States.... Continue Reading

UK Gives Search Engines Time to Comply With ‘Right to Be Forgotten’

Posted in Global, Marketing and Consumer Privacy

The UK data protection watchdog has said that it will give search engines like Google some time to put measures in place to respond to requests to take down links in search results.

On May 20, 2014, the UK Information Commissioner’s Office made its first public response to last week’s Court of Justice of the European Union decision against Google and its Spanish subsidiary. The court’s decision requires Google to take down links to lawfully published content about an individual if the individual believes the information to be inaccurate, irrelevant, outdated or excessive. See our advisory for more information about the CJEU ruling.

In a blog post, ICO Deputy Commissioner David Smith provided a pithy summary of the ICO’s takeaways from the Google decision and announced:

“We won’t be ruling on any complaints until the search providers have had a reasonable time to put their systems in place and start considering requests. After that, we’ll be focusing on concerns linked to clear evidence of damage and distress to individuals.”

The approach is similar to the informal grace period the ICO provided when unclear “cookie consent” rules were introduced by the EU in 2011.

It is worth noting that the ... Continue Reading

Accident, Technical Failure, or Human Error? FCC’s $7.5 Million Settlement with Sprint Indicates Any and All Can Lead to Substantial TCPA Liability

Posted in Marketing and Consumer Privacy

New Consent Decree – the Largest Ever FCC Do-Not-Call Settlement – is Agency’s Second Multimillion-Dollar TCPA Enforcement Action in As Many Weeks

The Federal Communications Commission (FCC) announced that it settled a recent investigation of Sprint Corporation for failures to properly implement do-not-call requests and text-message opt-outs received from consumers.  The violations came to light after Sprint reported to the FCC, as obligated by a $400,000 TCPA settlement with the agency in 2011, that various human errors and technical malfunctions within Sprint and/or its vendor caused potential noncompliance with consumers’ do-not-call and/or do-not-text preferences.  To resolve its liability for this new wave of compliance issues, Sprint agreed to pay $7.5 million, and to implement a new two-year plan to ensure compliance with protections against unwanted telemarketing and texts under the Telephone Consumer Protection Act (TCPA) and FCC rules.

This is the FCC’s second major TCPA enforcement action in recent weeks.  As we reported, the FCC earlier this month proposed to fine Dialing Services LLC nearly $3 million for 184 “robocalls” sent over its autodialing platform.  Now the FCC has pinched Sprint as well.  While technical or human error may sound like reasonable grounds for not fully complying with the TCPA ... Continue Reading

Will Individual Notice and Consent Become a Relic of the Past? The White House Report on Big Data Suggests Privacy Regulation Should Focus on Data Use, Rather than Data Collection

Posted in Marketing and Consumer Privacy

A comprehensive report on big data released by the White House on May 1, 2014, suggests that “[t]echnological advances that have driven down the cost of creating, capturing, managing, and storing information to one-sixth of what is was,” less than a decade ago, which, along with new sources of data obtained from geospatial technologies, cameras and sensors, “make the notion of limiting information collection challenging, if not impossible.” The result? According to the report, the long-standing “notice and consent” regime may soon be obsolete and regulating data use may be the only way to protect privacy in the era of big data.

The report, Big Data: Seizing Opportunities, Preserving Values, was prepared for President Barack Obama in response to his request for an examination of how big data is transforming the lives of Americans and the “relationships between government, citizens, businesses, and consumers.” The report’s emphasis is on maximizing the societal benefits (e.g., improving the economy, education, health and energy efficiency) and minimizing the risks (e.g., loss of individual privacy and control over one’s identity and information, and discriminatory treatment) associated with big data collection, and the federal government’s role thereto. But, one of the significant conclusions is that ... Continue Reading

Should Have Stayed on The Farm(ville): Class Action Plaintiffs’ ECPA Claims Put Out to Pasture

Posted in Marketing and Consumer Privacy, Technology

Ah, to be a class action plaintiff these days. One day you’re up, plowing through the Northern District of California on expansive theories of injury, the next you’re down, upended like a top-heavy apple cart by a failure to properly plead your claims under the relevant statute. In In Re: Zynga Privacy Litigation, it was the latter—a failure to properly allege that Facebook and Zynga wrongly disclosed the “contents” of communications, under the Electronic Communications Privacy Act (ECPA). The Ninth Circuit decision affirming the district court’s consolidated opinion in Robertson v. Facebook and Graf v. Zynga, issued on May 7, 2014, can be found here.

Privacy class actions have often suffered from a glaring defect: the inability to allege injury, which is required for Article III standing and jurisdiction. In other words, the class plaintiff has made adequate allegations that information was wrongly disclosed, but not that consumers have been harmed by the disclosure. However, as we have reported previously (see also here), the Northern District of California has tilled the soil for more class actions—at least in that court—by holding that violations of a statute that establishes privacy rights and provides for statutory damages, such ... Continue Reading

FCC Proposes Nearly $3M TCPA Fine Against “Robocalling” Platform for 184 Calls

Posted in Marketing and Consumer Privacy

The Federal Communications Commission (FCC) issued a Notice of Apparent Liability (NAL) to Dialing Services LLC, finding the company apparently liable for 184 prerecorded calls to cell phones in violation of the Telephone Consumer Protection Act (TCPA) and related FCC rules, and proposing to fine the company $2,994,000, the maximum allowed by statute.  Dialing Services allows users to upload prerecorded voice messages to company servers, or to create prerecorded messages by calling Dialing Services and recording a message over the phone, and then have the messages delivered to phone numbers of the clients’ choosing.  In some instances, Dialing Services may have had no role in reviewing or approving the content of the messages or whether they are sent to cell phones.  Nonetheless, depending on the numbers the client chooses, and the content of the message, such calls implicate the TCPA and FCC rules, which prohibit transmitting autodialed and/or prerecorded calls to cell phones other than for emergency purposes or with prior express consent of the called party, and require prior express written consent for prerecorded telemarketing.  The NAL holds that liability can rest with calling platforms like Dialing Services, and not just with the clients who use the platforms to ... Continue Reading

European Union’s Highest Court Rules Google Must Remove Links Containing Personal Data

Posted in Global, Marketing and Consumer Privacy

In a significant and concerning decision, the European Court of Justice (“ECJ”) has endorsed the so-called “right to be forgotten” and ruled that, in some circumstances, search engines can be compelled to remove search result links to websites, news articles, court records and other documents that reveal truthful information about individuals—even when the information is not prejudicial and has been posted lawfully. Google Spain SL, Google Inc. v Agencia Española de Protección de Datos.

At issue in the underlying case was a Spanish national’s demand that Google remove links to two 1998 newspaper announcements that appeared in search results for his name, and which mentioned the forced auction of his real estate holdings. The claimant argued that since the related attachment proceedings had long since been resolved, this personal data was no longer relevant and Google should therefore be required to remove the links. The Spanish Data Protection Agency agreed, and when Google appealed that decision, the National High Court of Spain sought advice from the ECJ, the European Union’s highest court.

CONTINUE READING …... Continue Reading

“Like” It Or Not–It May Not Matter

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Loading Facebook’s “Like” Button Sends Personal Information Even If Not Clicked, and That Alone Could Violate the Video Privacy Protection Act

Recently, a magistrate judge in the Northern District of California confirmed what many already believed: that information disclosed to third parties without appropriate consent or pursuant to a permitted exception “must identify a specific person and tie that person to video content that the person watched in order to violate the [Video Privacy Protection Act].” But Magistrate Judge Beeler did not stop there and clarified that the VPPA “does not say ‘identify by name’ and thus plainly encompasses other means of identifying a person.” So what could have been a sigh of relief in the Hulu Privacy Litigation... Continue Reading may now affect numerous websites that contain streaming video clips or programs and which allow users to “like” those pages on Facebook or plug-in to other social media sites and applications. The court granted Hulu’s summary judgment motion with respect to its disclosures to comScore disclosures, but denied it with respect to Hulu’s Facebook disclosures, finding that material issues of fact remain and more information was needed to determine whether such disclosures were “knowing” or whether users had consented.

FTC Continues to Update COPPA FAQs – This Time, Guidance for Schools

Posted in Communications/Media, Marketing and Consumer Privacy

As part of our ongoing updates on guidance the Federal Trade Commission offers through its Frequently Asked Questions (FAQs) relating to its updated Children’s Online Privacy Protection Act (COPPA) Rule, we note that recently the FTC quietly posted some updates to “Part M” of the FAQs, which contains guidance on “COPPA and Schools.” A redline showing the extent of the changes can be found here.

COPPA requires notice to parents and verifiable parental consent prior to the online collection of personal information from children under the age of 13, and is implemented by the FTC under the COPPA Rule. The FTC implemented the first major overhaul in the more-than ten-year existence of the COPPA Rule last year. Revisions included updates to account for technological developments and evolving popular online practices–primarily, social networking, smartphone Internet access, and the use of geolocation information. Since then, the FTC has periodically updated the COPPA FAQs to provide guidance on the revised, more complex COPPA regulatory framework.... Continue Reading