Creating meaningful data protection out of US privacy proposals

(Feb 14, 2019) The IAPP recently reviewed a set of proposals from U.S. lawmakers for a new piece of federal privacy legislation, as well as comments submitted to the National Telecommunications and Information Administration in response to their proposed framework to protect data privacy. We did this to identify areas of consensus, as well as controversy, regarding what a U.S. federal privacy law would look like. In particular, we assessed levels of support for and opposition to various provisions that may be ... Read More

Comparison of Mobile Application Guidelines

(Jan 22, 2019) The IAPP has worked through a number of the leading privacy guides and standards created for mobile app developers and the parties who host those apps and pulled out the salient points for all of the stakeholders in the mobile app community who are looking to do everything from collect data from children to provide adequate notice and choice previous to data collection. ... Read More

CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation

(Jan 17, 2019) The California Consumer Privacy Act is notorious for the haste with which it was drafted. Many provisions of the statute require clarification, and the attorney general’s office is holding a series of public forums before issuing clarifying regulations. Among the concepts not well defined by the CCPA are deidentification, pseudonymization, and aggregation. It's helpful to take a look at some of the challenges the CCPA creates with its imprecise language regarding these topics and point out of t... Read More

US Supreme Court case may have far-reaching privacy implications

(Jan 16, 2019) A case currently making its way through the Supreme Court’s docket may have far-reaching implications for the future of privacy litigation. The case, Frank v. Gaos, concerns cy pres class action settlements, and the core issue (for which the Court granted certiorari) regards the appropriateness of the cy pres arrangement in the case. During oral arguments, however, another issue captured the Court’s attention: Article III standing, and, specifically, whether any of the plaintiffs in the case pl... Read More

New IAPP guide to US privacy law proposals

(Jan 15, 2019) You've seen the news: Numerous lawmakers and organizations have offered proposals or recommendations regarding a new U.S. federal data privacy law. But where is there consensus? What will be the biggest points of contention as a potential final text emerges? To shine more light on specific provisions being debated and their likelihood of coming to fruition, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, undertook a study of the most recent bills introduced in Congress, as we... Read More

Is LA City–weather app lawsuit a sign of things to come?

(Jan 11, 2019) Recently, the office of the Los Angeles City Attorney filed a complaint against the company behind the Weather Channel mobile application. The complaint cites California’s Unfair Competition Law and alleges that TWC’s use of the application to collect “users’ private, personal geolocation data ... throughout the day and night” is “fraudulent and deceptive” and “unfair.” IAPP Westin Research Fellow Mitchell Noordyke, CIPP/E, CIPP/US, writes about the case for Privacy Tracker, saying, "The complai... Read More

Lawsuit against weather app sign of things to come?

(Jan 11, 2019) Recently, the office of the Los Angeles City Attorney, Mike Feuer, filed a complaint against The Weather Channel Product and Technology, LLC (TWC)—the company owned by IBM and behind the popular Weather Channel mobile application. Feuer stated: “[W]e allege TWC elevates corporate profits over users’ privacy, misleading them into allowing their movements to be tracked, 24/7. We’re acting to stop this alleged deceit.” This action may encourage state attorneys general across the country to conside... Read More

The GDPR in 20 Minutes

(Jan 2, 2019) Looking for a slimmed down version of the EU's General Data Protection Regulation? The GDPR in 20 Minutes might just be your thing. List-formatted, in outline, this is a way of looking at the GDPR text in truncated fashion highlighting meaning, while providing links to relevant text you can expand to find a fuller picture. The text has also been reorganized to group information that topic.... Read More

FTC Casebook

(Jan 2, 2019) The FTC Casebook collects and provides access to more than 180 privacy and data security enforcement actions—full-text searchable, tagged, indexed and annotated.... Read More

New e-book: 'Top 5 Operational Impacts of the CCPA'

(Jan 2, 2019) Tuesday marked one year until the California Consumer Privacy Act of 2018 comes into effect. Are you ready to go? Probably not. Don't worry, the IAPP Resource Center has you covered. We released the brand-new "Top 5 Operational Impacts of the California Consumer Privacy Act of 2018" e-book, which rolls up and updates a series of pieces written this past fall, while also providing a handy copy of the updated law, itself, for easy reference. While there may yet be amendments, and indeed there has ... Read More