On January 16, 2025, the Federal Trade Commission (FTC) finalized amendments to the Children’s Online Privacy Protection Act (COPPA) Rule (Final Rule), which completes the process that started back in 2019 when the FTC sought...more
1/23/2025
/ Advertising to Minors ,
Amended Legislation ,
Consumer Privacy Rights ,
COPPA ,
Data Privacy ,
Data Retention ,
Federal Trade Commission (FTC) ,
Final Rules ,
Minors ,
Online Platforms ,
Personal Data ,
Personal Information ,
Privacy Laws ,
Privacy Notice Rule
The United Kingdom’s Information Commissioner’s Office (ICO) finalized a new Code of Practice (the Code) in September 2020, which applies to most companies that offer online services to or otherwise collect personal data from...more
2/5/2021
/ Certifications ,
COPPA ,
Data Collection ,
Data Protection ,
EU ,
EU Data Protection Laws ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Minor Children ,
Online Safety for Children ,
Personal Data ,
Privacy and Electronic Communications Regulation 2003 (PECR). ,
Privacy Disclosures ,
Privacy Laws ,
UK
Concerns are mounting for companies around the world as they consider their ability to transfer data from the EU following the recent decision by the Court of Justice of the European Union in Data Protection Commissioner v....more
1/11/2021
/ Cooperation Agreement ,
Data Protection ,
Data Transfers ,
EU ,
EU-US Privacy Shield ,
European Commission ,
European Court of Justice (ECJ) ,
European Data Protection Board (EDPB) ,
European Economic Area (EEA) ,
FISA ,
General Data Protection Regulation (GDPR) ,
New Guidance ,
Personal Data ,
Schrems I & Schrems II ,
Standard Contractual Clauses ,
UK ,
UK Brexit
In a landmark opinion issued on July 16, 2020, the European Court of Justice overturned the EU-U.S. Privacy Shield, less than four years after the European Commission decision that the privacy principles of the EU-U.S....more
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
5/30/2019
/ Best Practices ,
Consent Order ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Information Security ,
Personal Data ,
Risk Management ,
Security Risk Assessments ,
Vendor Contacts
The Pennsylvania Supreme Court recently held that employers have “a legal duty to safeguard” the personal data of their employees which is stored on internet-accessible computer systems and that the economic loss doctrine...more
12/20/2018
/ Breach of Duty ,
Breach of Implied Contract ,
Class Action ,
Corporate Counsel ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Data Storage ,
Duty to Protect ,
Economic Damages ,
Economic Loss Doctrine ,
Employer Liability Issues ,
Hackers ,
Identity Theft ,
Negligence ,
PA Supreme Court ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Reasonable Care ,
Remand ,
Reversal
What You Need to Know Now -
• The new law takes effect January 1, 2020, but there’s a lot to do so you need to start work now.
• The new law expands the definition of personal information and gives California consumers...more
7/17/2018
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Breach ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Rights ,
Data Security ,
Data-Sharing ,
Disclosure Requirements ,
Enforcement ,
Governor Brown ,
Minors ,
New Legislation ,
Notice Requirements ,
Opt-In ,
Opt-Outs ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Privacy Laws ,
Private Right of Action ,
Right to Delete ,
Statutory Damages ,
Third-Party Service Provider ,
Vendors
Overview (10. – 6.) -
10. The European Union (EU) General Data Protection Regulation (GDPR) went into effect on May 25, 2018. It applies to the processing of “personal data” of EU citizens and residents (a/k/a “data...more
6/20/2018
/ Consent ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Subjects Rights ,
e-Discovery ,
Electronically Stored Information ,
Encryption ,
EU ,
EU Data Protection Laws ,
Exceptions ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Third-Party Service Provider
Last week, the U.S. Court of Appeals for the Eleventh Circuit held that allegations that personally identifiable information was disclosed without consent in violation of the Video Privacy Protection Act were sufficient to...more
5/3/2017
/ Article III ,
CNN ,
Corporate Counsel ,
Data Collection ,
Digital Media ,
Injury-in-Fact ,
Mobile Apps ,
Personal Data ,
Personally Identifiable Information ,
Popular ,
Prior Express Consent ,
Putative Class Actions ,
Spokeo v Robins ,
Standing ,
Subscribers ,
VPPA ,
Web Tracking
Privacy Shield – An Early Reflection -
EU law generally prohibits the transfer of personal data from the European Economic Area to the U.S., unless the transfer is made in accordance with an authorized data transfer...more
10/25/2016
/ Article III ,
Cable Communications Protection Act (CCPA) ,
Confidential Information ,
COPPA ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
Data Collection ,
Data Protection ,
Electronic Protected Health Information (ePHI) ,
Equal Employment Opportunity Commission (EEOC) ,
EU ,
EU-US Privacy Shield ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Information Sharing ,
Injury-in-Fact ,
International Data Transfers ,
IP Addresses ,
Personal Data ,
Personally Identifiable Information ,
Privacy Policy ,
Standing ,
Video Privacy Protection Act ,
VPPA ,
Wellness Programs
Earlier this month, the Eighth Circuit expanded standing to bring privacy policy violations claims but limited the definition of personal information in affirming the dismissal of a class action complaint in Carlsen v....more
8/29/2016
/ Appeals ,
Article III ,
Breach of Contract ,
Class Action ,
Corporate Counsel ,
Dismissals ,
Facebook ,
Failure To State A Claim ,
Information Sharing ,
Injury-in-Fact ,
Online Magazines ,
Personal Data ,
Privacy Policy ,
Standing ,
Terms of Service ,
Unjust Enrichment
In a case with important privacy implication for U.S. companies providing services ranging from e-mail, social networking, chat communications and remote storage, the Second Circuit Court of Appeal this week held in Microsoft...more
Earlier this week, the European Commission voted to formally approve the Privacy Shield—a set of principles agreed between the E.U. and the U.S. to enable certified U.S. companies to receive and process personal data from the...more
7/15/2016
/ Article 29 Working Party (WP29) ,
Data Protection Authority ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Federal Trade Commission (FTC) ,
International Data Transfers ,
Judicial Redress Act ,
Model Contract Clauses ,
Personal Data ,
Surveillance ,
U.S. Commerce Department ,
US-EU Safe Harbor Framework
The October 6, 2015, decision of the Court of Justice of the European Union in the Schrems v. Facebook case left significant uncertainty surrounding the legality and practicality of U.S. technology companies’ ability to...more
The CJEU’s Decision on Safe Harbor and its Effects on US Technology Companies -
On October 6, 2015, the Court of Justice of the European Union (“CJEU”), the European Union’s highest court, issued a groundbreaking...more
10/9/2015
/ Data Protection ,
Data Protection Authority ,
EU ,
EU Data Protection Laws ,
Facebook ,
International Data Transfers ,
National Security Agency (NSA) ,
Personal Data ,
Popular ,
Privacy Policy ,
Safe Harbors ,
Schrems I & Schrems II ,
Surveillance ,
Technology ,
Technology Sector ,
US-EU Safe Harbor Framework