The FCC recently adopted new rules that will limit the volume of calls that can be made to residential phones under certain TCPA consent exceptions. The new rules affect non-telemarketing calls that use an artificial or...more
The operator of CafePress, an online retailer that sells customizable mugs and other products, has reached an agreement with New York State Attorney General Letitia James and six other State Attorneys Generals to settle...more
The FTC recently settled with Ascension Data & Analytics for failure to oversee service providers. Ascension provides services to mortgage companies within its corporate family of entities. According to the complaint,...more
As it closed out 2020, the Federal Trade Commission (FTC) sent out requests to nine social media and video streaming companies asking them to provide more information about how they treat consumer information. The FTC...more
The travel giant Sabre Corp. has reached an agreement with multiple State Attorneys General to pay $2.4 million and make certain changes in its cybersecurity policies to settle a multi-state investigation into a 2017 data...more
1/5/2021
/ Credit Cards ,
Customers ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Investigations ,
Online Marketplace ,
Online Payments ,
Online Platforms ,
Settlement ,
State Attorneys General
Throughout 2020, companies have been negotiating with their business partners the issue of “selling” under CCPA. Is the partner a service provider? A third party? Is there an exchange of consideration? These issues will not...more
Many in the world have been watching the Brexit deal closely, including privacy lawyers and others who deal with global data transfers. Under the recently-announced deal, a temporary solution will allow companies to continue...more
12/29/2020
/ Cross-Border Transactions ,
Data Protection ,
Data Transfers ,
EU ,
European Economic Area (EEA) ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
UK ,
UK Brexit
There has been much scrutiny of artificial intelligence tools this year. From NIST to the FTC to the EU Parliament, many have recommendations and requirements for companies that want to use AI tools. Key concerns including...more
Throughout 2020 we saw many enforcement actions brought by EU and U.S. regulators. Whether for allegations of deception (misleading privacy representations) or unfairness (failure to protect information), COVID did not appear...more
12/28/2020
/ Biometric Information Privacy Act ,
CAN-SPAM Act ,
COPPA ,
Coronavirus/COVID-19 ,
Cybersecurity ,
Enforcement Actions ,
FERPA ,
GLBA Privacy ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Online Safety for Children ,
TCPA
As 2020 comes to a close, we take this opportunity to look back at some of the more significant developments that we discussed in the blog this year. The first is the EU Court of Justice’s Schrems II decision, finding that...more
Apple has launched, in connection with other privacy changes in iOS 14, a requirement for privacy “nutrition labels.” The labels are required for new and existing apps, and are in addition to the existing requirement of...more
12/1/2020
/ Apple ,
Cell Phones ,
Data Collection ,
Data Privacy ,
Disclosure Requirements ,
iPhone Tracking ,
Mobile Apps ,
Mobile Devices ,
Nutrition Facts Labels ,
Privacy Policy ,
Questionnaires ,
Third-Party ,
UDAAP
One of the methods US and EU companies rely on most frequently for the transfer of personal data from the EU to the US are standard contractual clauses. For the method to be acceptable as a valid basis for transfer of...more
12/1/2020
/ Consumer Privacy Rights ,
Data Privacy ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Personal Information ,
Privacy Laws ,
SCC ,
Standard Contractual Clauses
The EDPB recently published recommendations on additional security steps to take when transferring personal data out of the EU. As outlined in our previous series of posts, the EU found this summer that the EU-US Privacy...more
By ballot initiative, California residents recently approved Proposition 24, or the California Privacy Rights Act (CPRA), with approximately 56 percent voting in favor. CPRA significantly amends the CCPA by expanding...more
The California Attorney General recently released a third set of proposed modifications to the CCPA regulations. As we previously covered, the CCPA regulations were approved and went into effect on August 14, 2020. Many...more
By scrolling this page, clicking a link or continuing to browse our website, you consent to our use of cookies as described in our Cookie and Advertising Policy. If you do not wish to accept cookies from our website, or would...more
Late this summer the New York Department of Financial Services (NYDFS) announced its first enforcement action since the cybersecurity rules went into effect in March 2017. The action was brought against First American Title...more
9/24/2020
/ Cybersecurity ,
Data Breach ,
Data Protection ,
Enforcement Actions ,
Financial Services Industry ,
First American Title Insurance Co. ,
Internal Investigations ,
Non-Public Information ,
NYDFS ,
Popular ,
State Attorneys General
In a much anticipated ruling, this month the Swiss Data Protection Authority concluded that the EU-US Swiss Privacy Shield was no longer an adequate method for transferring personal information from Switzerland to the US. In...more
As the California legislature session concluded at the end of August, a significant amendment to the CCPA finally passed both houses. California bill AB-1281 passed the Senate in the last days of the month, extending the...more
In our online world, one of the challenges (and opportunities) for companies is the increased use of their websites, apps, and connected devices. For platforms directed to both adults and children, or platforms previously...more
As we wrote previously, kids are spending more of their days online and are using online platforms for virtual learning and entertainment. Much of this environment is funded through online advertising. All companies thus need...more
In the current pandemic era, kids are spending more time online, be it for school or entertainment. Companies are therefore gearing up for increased interaction with children online or through connected devices. As children...more
In this remote era, companies are increasingly being approached by their business teams with ideas about products and services that involve video or audio recordings of their consumers. It may also involve letting people...more
The National Institute of Standards and Technology has issue a set of draft principles for “explainable” artificial intelligence and is accepting comments until October 15, 2020. The authors of the draft principles outline...more
The California AG has now released the final CCPA regulations, as approved by the Office of Administrative Law (OAL). The final draft (issued August 14, 2020) incorporates some relatively minor changes that the OAG submitted...more