Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Marketing and Consumer Privacy

Subscribe to Marketing and Consumer Privacy RSS Feed

FTC Updates COPPA FAQs Again – Revisions to Part H Gives App Developers and Parents Welcomed Clarification on Parental Consent

Posted in Marketing and Consumer Privacy

Continuing our Blog’s updates on the Federal Trade Commission’s Frequently Asked Questions (FAQs) to the updated Children’s Online Privacy Protection Act (COPPA) Rule, we highlight that the FTC revised three portions of “Part H” this week, which concern how entities seeking to comply with COPPA may obtain verifiable parental consent.

COPPA requires that entities give notice to parents and obtain verifiable parental consent before collecting personal information from children under 13 years of age.  The FTC implements COPPA’s directives via its COPPA Rule, and has been issuing updates to the COPPA Rule FAQs intermittently over the past two years.  In April, the FTC made updates to Part M of the COPPA FAQs to clarify in what circumstances schools can consent to the disclosure of children’s personal information to third-party websites on behalf of their parents, when that information is used for the educational benefit of the students.

With its recent changes to sections of Part H of the FAQs, the FTC seeks to expand how websites and mobile apps can obtain verifiable parental consent.  Importantly, the FAQs tentatively ratify the use of data from parents’ credit and debit cards and third parties such as app stores, while adding ... Continue Reading

FCC Letter Brief to Second Circuit Narrowly Construes Recent TCPA Guidance

Posted in Marketing and Consumer Privacy

We reported last spring on two FCC declaratory rulings, GroupMe and Cargo Airline, that included some broad, business-friendly interpretations of rules implementing the Telephone Consumer Protection Act (TCPA), under which plaintiff class actions are thriving.  The rulings also reinvigorated an FCC statement from when it first adopted TCPA rules in 1992, that a consumer’s provision of a cell phone number in a transaction with a company may be deemed prior express consent to be called at that number.  But in a letter brief filed in Nigro v. Mercantile Adjustment Bureau (at the invitation of the U.S. Court of Appeals for the Second Circuit) the FCC seems to lean back the other way by narrowly construing its recent rulings and 1992 guidance.

 In Nigro, the plaintiff-appellant contacted his then recently deceased mother-in-law’s electric company to request discontinuance of her service, and at that time gave the company his cell number.  Mercantile Adjustment called Nigro’s cell phone using an automatic dialing system in connection with a balance due on the account that the electric company hired it to collect.  Nigro’s suit alleged that the collection efforts violated the TCPA’s ban on autodialed and/or prerecorded calls to cell phones made without ... Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

Posted in Cyber and National Security, Data Protection, Financial Services, Marketing and Consumer Privacy

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operational Risk Conference last month, Thomas J. Curry, Comptroller of the Currency and Chairman of the Federal Financial Institutions Examination Council [1] stated that “Attacks on our information infrastructure are everywhere. … For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers. Some attackers target banks because they want to undermine confidence in our country’s financial system. Penetrating the information defenses of any one system may enable attackers to penetrate another, and that in turn could enable more widespread attacks on the broader economy.”

Comptroller Curry stated that helping to make banks less vulnerable and more resilient to cyber-attacks has been one of his top priorities as Comptroller and Chairman of the FFIEC. As part of this effort, he formed the Cybersecurity and Critical Infrastructure ... Continue Reading

FTC Releases 2014 Privacy and Data Security Update, Touting Its Efforts and Achievements in Protecting Consumer Privacy

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

Last week, the Federal Trade Commission (FTC) released its 2014 Privacy and Data Security Update, summarizing the FTC’s major enforcement actions, policy initiatives, rules, reports, workshops, and outreach efforts in the privacy and data security arenas from approximately January 2013 until March 2014. In the 2014 Update, the FTC underscores its commitment to educating consumers, businesses and other stakeholders through its publications and roundtables on how to guard consumer privacy expectations and comply with applicable federal laws. Education, however, is accompanied by enforcement, and the FTC includes a long-list of recent actions against individuals and enterprises, which demonstrates that the FTC is not shy about using its broad regulatory authority to protect consumer privacy. Of major note were the FTC’s actions against companies for unfair or deceptive trade practices; its settlements with U.S. businesses for falsely asserting compliance with the U.S.-E.U. Safe Harbor Framework; the FTC’s updates to the COPPA regulatory rule; and its continued efforts to take telemarketers to task for violating the Do-Not-Call provisions of the Telemarketing Sales Rule.... Continue Reading

“Getting to Know You, Getting to Know All About You…” FTC Data Brokers Report Calls for More Industry Transparency, Regulation in How Data Brokers Use Consumers’ Personal Information

Posted in Data Protection, Marketing and Consumer Privacy, Policy and Regulatory Positioning

“You may not know them, but data brokers know you,” Federal Trade Commission (FTC) Chairwoman Edith Ramirez said when she announced the release of the Commission’s newest report on the data broker industry. And in the FTC’s opinion, Congress and the data brokerage industry need to take concerted action to bring transparency to the industry, protect consumers’ personally identifiable information (PII), and prevent abuse and discrimination. But will the FTC’s recommendations have any real effect? In light of recent statements about “actual” vs. “potential” harm and the expanding scope of the Agency’s Section 5 enforcement authority, the answer is a definite “maybe.”

Summary
On May 27, 2014, the FTC released “Data Brokers: A Call for Transparency and Accountability,” a report that marks the conclusion of the FTC’s two-year study into data broker industry practices. Coming on the heels of the White House’s own Big Data Report the FTC’s Data Brokers Report highlights that “[i]n today’s economy, Big Data is big business” with numerous positive effects for both companies and consumers. And data brokers specifically play an important role in driving our economy through increased targeted marketing, identity verification and fraud detection.

But the Data Brokers Report also rang ... Continue Reading

UPDATE on Breslow v. Wells Fargo – Same as the Old Boss: Eleventh Circuit Withdraws Opinion Just Four Days Later, But to Little Practical Effect

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Just a few days ago, we reported on the Eleventh Circuit’s decision in Breslow v. Wells Fargo, which reaffirmed precedent that strict liability can arise in autodialer, prerecorded-message and texting suits under the Telephone Consumer Protection Act (TCPA), if a caller or texter obtained consent from the intended recipient, but that party’s cell number was reassigned.  We noted how this reinforced the Eleventh Circuit’s prior decision in Osorio v. State Farm to the same effect, and which in turn aligned the Eleventh Circuit on this issue with the Seventh Circuit under its decision in the Soppet v. Enhanced Recovery case.  Now, just days after it issued its ruling, the Eleventh Circuit – acting on its own momentum and not at request of the any of the parties – has withdrawn its Breslow decision.

In a short order, the Circuit Judges who decided Breslow vacated their original opinion, and held instead the prior Eleventh Circuit Osorio decision should have controlled in Breslow.  Specifically, the replacement Breslow decision observes that Osorio concluded that the “called party” for purposes of whether consent exists for an autodialed call or text or a prerecorded message is the subscriber to the cell phone ... Continue Reading

Summertime Blues: Eleventh Circuit Doubles Down on Strict TCPA Liability for Texts and Autodialed and Prerecorded Calls to Cell Phones

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Over the Spring, we reported on how the Eleventh Circuit’s decision in Osorio v. State Farm brought that court into alignment with the Seventh Circuit on how restrictions in the Telephone Consumer Protection Act (TCPA) on automated and/or prerecorded calls and texts to cell phones can effectively impose strict liability, even if a calling party believed it had consent for the calls.  Now that Summer’s here, the Eleventh Circuit reaffirmed and reinforced its Osorio ruling, and aligned with the Seventh Circuit even more closely, by holding in Breslow v. Wells Fargo that where a company gets prior express consent to prerecorded-call and/or auto-dial or auto-text a cell phone, the caller can still be liable if at the time the call is made the cell number has been reassigned to a new subscriber who did not consent.

As in the Seventh Circuit case of Soppet v. Enhanced Recovery, which we discussed here, the calls at issue in Breslow involved efforts to collect on an overdue account, this time by Well Fargo, which believed it had consent to call the cell number which, at the time of the call, was used exclusively by Breslow’s minor son.  Wells Fargo called the ... Continue Reading

Only 4 Weeks Until Canada’s New Anti-Spam Rules Come into Force

Posted in Global, Marketing and Consumer Privacy

Provisions Have Implications for US, Global Businesses

Starting on July 1, 2014, key provisions of Canada’s Anti-Spam Law (CASL) governing commercial electronic messages (CEMs) will go into effect, per our advisory thoroughly analyzing CASL.  The statute and its implementing rules generally prohibit sending CEMs without the recipient’s express consent, and as noted in the advisory, extend far beyond just email, reaching CEMs sent to instant message and social network accounts, as well as short message service (SMS) texts to cellphones.  And, CASL governs CEMs sent from or accessed by domestic computer systems, meaning the law’s provisions will extend far beyond Canada’s borders and affect CEMs sent from other countries, including the United States.... Continue Reading

UK Gives Search Engines Time to Comply With ‘Right to Be Forgotten’

Posted in Global, Marketing and Consumer Privacy

The UK data protection watchdog has said that it will give search engines like Google some time to put measures in place to respond to requests to take down links in search results.

On May 20, 2014, the UK Information Commissioner’s Office made its first public response to last week’s Court of Justice of the European Union decision against Google and its Spanish subsidiary. The court’s decision requires Google to take down links to lawfully published content about an individual if the individual believes the information to be inaccurate, irrelevant, outdated or excessive. See our advisory for more information about the CJEU ruling.

In a blog post, ICO Deputy Commissioner David Smith provided a pithy summary of the ICO’s takeaways from the Google decision and announced:

“We won’t be ruling on any complaints until the search providers have had a reasonable time to put their systems in place and start considering requests. After that, we’ll be focusing on concerns linked to clear evidence of damage and distress to individuals.”

The approach is similar to the informal grace period the ICO provided when unclear “cookie consent” rules were introduced by the EU in 2011.

It is worth noting that the ... Continue Reading

Accident, Technical Failure, or Human Error? FCC’s $7.5 Million Settlement with Sprint Indicates Any and All Can Lead to Substantial TCPA Liability

Posted in Marketing and Consumer Privacy

New Consent Decree – the Largest Ever FCC Do-Not-Call Settlement – is Agency’s Second Multimillion-Dollar TCPA Enforcement Action in As Many Weeks

The Federal Communications Commission (FCC) announced that it settled a recent investigation of Sprint Corporation for failures to properly implement do-not-call requests and text-message opt-outs received from consumers.  The violations came to light after Sprint reported to the FCC, as obligated by a $400,000 TCPA settlement with the agency in 2011, that various human errors and technical malfunctions within Sprint and/or its vendor caused potential noncompliance with consumers’ do-not-call and/or do-not-text preferences.  To resolve its liability for this new wave of compliance issues, Sprint agreed to pay $7.5 million, and to implement a new two-year plan to ensure compliance with protections against unwanted telemarketing and texts under the Telephone Consumer Protection Act (TCPA) and FCC rules.

This is the FCC’s second major TCPA enforcement action in recent weeks.  As we reported, the FCC earlier this month proposed to fine Dialing Services LLC nearly $3 million for 184 “robocalls” sent over its autodialing platform.  Now the FCC has pinched Sprint as well.  While technical or human error may sound like reasonable grounds for not fully complying with the TCPA ... Continue Reading

Will Individual Notice and Consent Become a Relic of the Past? The White House Report on Big Data Suggests Privacy Regulation Should Focus on Data Use, Rather than Data Collection

Posted in Marketing and Consumer Privacy

A comprehensive report on big data released by the White House on May 1, 2014, suggests that “[t]echnological advances that have driven down the cost of creating, capturing, managing, and storing information to one-sixth of what is was,” less than a decade ago, which, along with new sources of data obtained from geospatial technologies, cameras and sensors, “make the notion of limiting information collection challenging, if not impossible.” The result? According to the report, the long-standing “notice and consent” regime may soon be obsolete and regulating data use may be the only way to protect privacy in the era of big data.

The report, Big Data: Seizing Opportunities, Preserving Values, was prepared for President Barack Obama in response to his request for an examination of how big data is transforming the lives of Americans and the “relationships between government, citizens, businesses, and consumers.” The report’s emphasis is on maximizing the societal benefits (e.g., improving the economy, education, health and energy efficiency) and minimizing the risks (e.g., loss of individual privacy and control over one’s identity and information, and discriminatory treatment) associated with big data collection, and the federal government’s role thereto. But, one of the significant conclusions is that ... Continue Reading

Should Have Stayed on The Farm(ville): Class Action Plaintiffs’ ECPA Claims Put Out to Pasture

Posted in Marketing and Consumer Privacy, Technology

Ah, to be a class action plaintiff these days. One day you’re up, plowing through the Northern District of California on expansive theories of injury, the next you’re down, upended like a top-heavy apple cart by a failure to properly plead your claims under the relevant statute. In In Re: Zynga Privacy Litigation, it was the latter—a failure to properly allege that Facebook and Zynga wrongly disclosed the “contents” of communications, under the Electronic Communications Privacy Act (ECPA). The Ninth Circuit decision affirming the district court’s consolidated opinion in Robertson v. Facebook and Graf v. Zynga, issued on May 7, 2014, can be found here.

Privacy class actions have often suffered from a glaring defect: the inability to allege injury, which is required for Article III standing and jurisdiction. In other words, the class plaintiff has made adequate allegations that information was wrongly disclosed, but not that consumers have been harmed by the disclosure. However, as we have reported previously (see also here), the Northern District of California has tilled the soil for more class actions—at least in that court—by holding that violations of a statute that establishes privacy rights and provides for statutory damages, such ... Continue Reading

FCC Proposes Nearly $3M TCPA Fine Against “Robocalling” Platform for 184 Calls

Posted in Marketing and Consumer Privacy

The Federal Communications Commission (FCC) issued a Notice of Apparent Liability (NAL) to Dialing Services LLC, finding the company apparently liable for 184 prerecorded calls to cell phones in violation of the Telephone Consumer Protection Act (TCPA) and related FCC rules, and proposing to fine the company $2,994,000, the maximum allowed by statute.  Dialing Services allows users to upload prerecorded voice messages to company servers, or to create prerecorded messages by calling Dialing Services and recording a message over the phone, and then have the messages delivered to phone numbers of the clients’ choosing.  In some instances, Dialing Services may have had no role in reviewing or approving the content of the messages or whether they are sent to cell phones.  Nonetheless, depending on the numbers the client chooses, and the content of the message, such calls implicate the TCPA and FCC rules, which prohibit transmitting autodialed and/or prerecorded calls to cell phones other than for emergency purposes or with prior express consent of the called party, and require prior express written consent for prerecorded telemarketing.  The NAL holds that liability can rest with calling platforms like Dialing Services, and not just with the clients who use the platforms to ... Continue Reading

European Union’s Highest Court Rules Google Must Remove Links Containing Personal Data

Posted in Global, Marketing and Consumer Privacy

In a significant and concerning decision, the European Court of Justice (“ECJ”) has endorsed the so-called “right to be forgotten” and ruled that, in some circumstances, search engines can be compelled to remove search result links to websites, news articles, court records and other documents that reveal truthful information about individuals—even when the information is not prejudicial and has been posted lawfully. Google Spain SL, Google Inc. v Agencia Española de Protección de Datos.

At issue in the underlying case was a Spanish national’s demand that Google remove links to two 1998 newspaper announcements that appeared in search results for his name, and which mentioned the forced auction of his real estate holdings. The claimant argued that since the related attachment proceedings had long since been resolved, this personal data was no longer relevant and Google should therefore be required to remove the links. The Spanish Data Protection Agency agreed, and when Google appealed that decision, the National High Court of Spain sought advice from the ECJ, the European Union’s highest court.

CONTINUE READING …... Continue Reading

“Like” It Or Not–It May Not Matter

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Loading Facebook’s “Like” Button Sends Personal Information Even If Not Clicked, and That Alone Could Violate the Video Privacy Protection Act

Recently, a magistrate judge in the Northern District of California confirmed what many already believed: that information disclosed to third parties without appropriate consent or pursuant to a permitted exception “must identify a specific person and tie that person to video content that the person watched in order to violate the [Video Privacy Protection Act].” But Magistrate Judge Beeler did not stop there and clarified that the VPPA “does not say ‘identify by name’ and thus plainly encompasses other means of identifying a person.” So what could have been a sigh of relief in the Hulu Privacy Litigation... Continue Reading may now affect numerous websites that contain streaming video clips or programs and which allow users to “like” those pages on Facebook or plug-in to other social media sites and applications. The court granted Hulu’s summary judgment motion with respect to its disclosures to comScore disclosures, but denied it with respect to Hulu’s Facebook disclosures, finding that material issues of fact remain and more information was needed to determine whether such disclosures were “knowing” or whether users had consented.

FTC Continues to Update COPPA FAQs – This Time, Guidance for Schools

Posted in Communications/Media, Marketing and Consumer Privacy

As part of our ongoing updates on guidance the Federal Trade Commission offers through its Frequently Asked Questions (FAQs) relating to its updated Children’s Online Privacy Protection Act (COPPA) Rule, we note that recently the FTC quietly posted some updates to “Part M” of the FAQs, which contains guidance on “COPPA and Schools.” A redline showing the extent of the changes can be found here.

COPPA requires notice to parents and verifiable parental consent prior to the online collection of personal information from children under the age of 13, and is implemented by the FTC under the COPPA Rule. The FTC implemented the first major overhaul in the more-than ten-year existence of the COPPA Rule last year. Revisions included updates to account for technological developments and evolving popular online practices–primarily, social networking, smartphone Internet access, and the use of geolocation information. Since then, the FTC has periodically updated the COPPA FAQs to provide guidance on the revised, more complex COPPA regulatory framework.... Continue Reading

FTC Continues Its Pursuit of “Robocalling” Platforms

Posted in Marketing and Consumer Privacy

With its latest settlement, the Federal Trade Commission shows that its prior targeting of prerecorded voice dialing platforms, as opposed to those who use them to place “robocalls,” was no one-off initiative, and that it has teeth.  On April 17 the FTC announced it settled a two-year long action against Joseph Turpel, a marketer who the FTC alleged assisted telemarking firms in conducting illegal prerecorded sales calls, concealing Caller ID information, and contacting numbers on the National Do Not Call Registry.  As part of the settlement Turpel is banned not just from continuing operations that violate the FTC’s rules, as is typical, but from all telemarketing and prerecorded sales messaging.

In 2011, the FTC filed a complaint against Turpel, alleging he sold “robocalling” services to telemarketing firms through Sonkei Communications, Inc., and provided clients “the means to hide their identity by transmitting inaccurate caller names, such as ‘SERVICE MESSAGE’ or ‘SERVICE ANNOUNCEMENT’, on caller ID displays.”  In addition to helping its clients hide their identities, the FTC alleged “Turpel knew, or consciously avoided knowing, that clients used his services while calling numbers on the National Do Not Call Registry … and making illegal prerecorded telemarketing solicitations.”

As part of its ... Continue Reading

FCC Reinforces that Those Who Knowingly Release Cell Numbers Grant Permission to be Called Under the TCPA–But Companies May Still Be Required to be Sure They Get the Number Directly from the Person to be Called

Posted in Communications/Media, Marketing and Consumer Privacy, Policy and Regulatory Positioning

We recently reported on two FCC declaratory rulings interpreting the Telephone Consumer Protection Act (TCPA), in the context of social-network text messages and package-delivery calls, that included broad, business-friendly statements that should help clarify TCPA rules for prior express consent to autodial, prerecorded-call and text cell phones. We noted that in one ruling, the FCC in some respects revived  a position staked out in 1992, in originally implementing the TCPA, that “persons who knowingly release their [cell] phone numbers have … given their invitation or permission to be called” there, an allowance whose viability had become less clear as TCPA precedent evolved. Shortly after the declaratory rulings, we also advised on the Eleventh Circuit’s Osorio v. State Farm decision, which increased the number of states in which the TCPA is interpreted as imposing strict liability on those who direct automated and/or prerecorded calls to cell phones under a mistaken belief they have prior express consent to do so. Now another case extends the Osorio analysis to potentially up the ante again.... Continue Reading

Acquisitions Don’t Nullify Prior Privacy Promises–FTC’s Letter to Facebook & WhatsApp Gives Caution to All to Honor Privacy Protections in Mergers

Posted in Global, Marketing and Consumer Privacy
Social networking site Facebook announced in February its plans to acquire WhatsApp—a “rapidly growing cross-platform mobile messaging company”—for the princely sum of $19 billion. While Facebook and WhatsApp are looking forward to a bright future together, the Federal Trade Commission is keeping a watchful eye on both companies regarding the privacy protections that WhatsApp promised its users in the past. On April 10, 2014, the Director of the FTC’s Bureau of Consumer Protection Jessica Rich wrote executives at Facebook and WhatsApp... Continue Reading and made clear that both companies must continue to honor WhatsApp’s prior policies and statements against collecting and sharing user data with advertisers—policies that, as Director Rich notes, exceed Facebook’s current privacy protections for its users.

New Advisory on Joint FTC/DOJ Statement Encouraging Private Sharing of Cybersecurity Information

Posted in Marketing and Consumer Privacy

Be sure to check out our new advisory examining the joint policy statement that the Federal Trade Commission and Department of Justice issued to facilitate companies’ sharing of cybersecurity information.  The policy statement seeks to reduce uncertainty under antitrust laws for companies wishing to share strategies for preventing and combating cyber-attacks, by stating the agencies’ analytical framework for such information sharing under their longstanding Antitrust Guidelines for Collaborations Among Competitors.  As explained in the advisory, the new policy statement should be helpful as far as it goes, but companies should still proceed cautiously so as not to stray into the area of prohibited concerted activity, and should keep in mind that the new statement does not reduce potential liability under electronic privacy laws for the disclosure of communications or personal information related to cyber threats.  You can read the advisory here.... Continue Reading

Social Networking for Jerks: FTC Goes After Site for Scraping Facebook Content

Posted in Communications/Media, Global, Marketing and Consumer Privacy

In the 1979 Carl Reiner film The Jerk, a new phonebook is delivered and Steve Martin, playing the title character, rejoices that “I’m somebody now! Millions of people look at this book every day! This is the kind of spontaneous publicity—your name in print—that makes people. I’m in print! Things are going to start happening to me now.”

As we all know, a quarter-century later, things have changed. Getting one’s name publicized takes only a few seconds—if not to millions of people, at least to whomever we’re connected on social media. But, according to the Federal Trade Commission, jerks still abound.

On April 2, 2014, the FTC issued an administrative complaint against Jerk, LLC, a company doing business in Hingham, Massachusetts under the name Jerk.com. The site was a mean-spirited social network of sorts where users could anonymously vote whether the person in a particular user profile was a “Jerk” or “not a Jerk.” According to the complaint, from 2009 to 2013 the website contained between 73.4 and 81.6 million unique consumer profiles. While some were created by users, the FTC alleges that in reality the vast majority of the user profile content was lifted from Facebook.

The complaint’s ... Continue Reading

Updated Location Privacy Protection Act Introduced

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning, Surveillance

On March 27, 2014, Senator Al Franken (D.-Minn.) introduced the Location Privacy Protection Act of 2014, a bill that addresses so-called “stalking apps.” While Senator Franken’s intent is to target those apps designed to maliciously track individuals without their knowledge, the legislation (an updated version of a bill we discussed three years ago) would require all companies to get users’ permission before collecting and sharing location data from smartphones, tablets, and in-car navigation devices. To obtain consent, entities subject to the law (if passed) would have to provide “clear, prominent, and accurate notice” that tells the user that his or her geolocation information will be collected. The notice must also identify the categories of entities to which the geolocation information may be disclosed, and provide a link or some other easy means for users to access publicly available information about the geolocation data to be collected. The bill includes several exceptions to the consent requirement, allowing the collection or use of geolocation data without the requisite notice and consent for purposes such as allowing parents to locate children, and enabling the provision of emergency services.

Under the proposed legislation, companies collecting geolocation data from more than 1,000 devices in ... Continue Reading

Google “Street View” case may be headed for SCOTUS Review

Posted in Communications/Media, Global, Marketing and Consumer Privacy, Policy and Regulatory Positioning

By John D. Seiver

Google held true to its promise to seek SCOTUS review of the Ninth Circuit’s interpretation of the term “radio communications” in the Wiretap Act when it filed its Petition for Certiorari last week. Google had argued in the Ninth Circuit that intercepting unencrypted Wi-Fi transmissions is within a specific exemption, but the Ninth Circuit (initially and on rehearing) held instead that unencrypted Wi-Fi is protected from interception by the Wiretap Act. Absent an extension, oppositions are due April 30, 2014... Continue Reading.

Caution: Your Company’s Biggest Privacy Threat is…the FTC

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

By Sanjay Nangia... Continue Reading

Technology companies—from startups to megacorporations—should not overlook an old privacy foe: the Federal Trade Commission (FTC). Since its inception in 2002, the FTC’s data security program has significantly picked up steam. In the last two years, the FTC has made headlines for its hefty privacy-related fines against Google and photo-sharing social network, Path. In January 2014 alone, the agency settled with a whopping 15 companies for privacy violations. What is more, many of these companies’ practices were not purposefully deceptive or unfair; rather the violations stem from mere failure to invest the time and security resources needed to protect data.