IAPP Westin Research Center

(Feb 28, 2019) The U.S. Federal Trade Commission announced a $5.7 million agreement with video social networking app Musical.ly (now TikTok) to settle alleged violations of the Children’s Online Privacy Protection Act. The settlement surpasses a December 2018 agreement between the New York Attorney General’s office and Oath as the largest fine for COPPA violations by any enforcement agency. Noteworthy is a joint statement from Commissioners Rohit Chopra and Rebecca Kelly Slaughter — published with the stipulat... Read More

(Feb 14, 2019) The IAPP recently reviewed a set of proposals from U.S. lawmakers for a new piece of federal privacy legislation, as well as comments submitted to the National Telecommunications and Information Administration in response to their proposed framework to protect data privacy. We did this to identify areas of consensus, as well as controversy, regarding what a U.S. federal privacy law would look like. In particular, we assessed levels of support for and opposition to various provisions that may be ... Read More

(Jan 17, 2019) The California Consumer Privacy Act is notorious for the haste with which it was drafted. Many provisions of the statute require clarification, and the attorney general’s office is holding a series of public forums before issuing clarifying regulations. Among the concepts not well defined by the CCPA are deidentification, pseudonymization, and aggregation. It's helpful to take a look at some of the challenges the CCPA creates with its imprecise language regarding these topics and point out of t... Read More

(Jan 16, 2019) A case currently making its way through the Supreme Court’s docket may have far-reaching implications for the future of privacy litigation. The case, Frank v. Gaos, concerns cy pres class action settlements, and the core issue (for which the Court granted certiorari) regards the appropriateness of the cy pres arrangement in the case. During oral arguments, however, another issue captured the Court’s attention: Article III standing, and, specifically, whether any of the plaintiffs in the case pl... Read More

(Jan 11, 2019) Recently, the office of the Los Angeles City Attorney, Mike Feuer, filed a complaint against The Weather Channel Product and Technology, LLC (TWC)—the company owned by IBM and behind the popular Weather Channel mobile application. Feuer stated: “[W]e allege TWC elevates corporate profits over users’ privacy, misleading them into allowing their movements to be tracked, 24/7. We’re acting to stop this alleged deceit.” This action may encourage state attorneys general across the country to conside... Read More

(Dec 10, 2018) On Tuesday, the New York Attorney General’s office announced a $4.95 million settlement with Oath (formerly AOL) to settle violations of the Children’s Online Privacy Protection Act. The settlement represents the largest ever enforcement penalty for a COPPA violation from any enforcement agency. The company’s violations rise beyond the conduct underlying previous COPPA violations — which often involve a company utilizing third-party tracking software and inadvertently tracking children on a webs... Read More

(Jun 19, 2018) The data protection officer role is a new feature for many organizations now subject to the EU General Data Protection Regulation, which specifies the criteria for designating a DPO, describes the position, and enumerates its responsibilities. Critically, for many companies, designating a DPO is not optional. In any case, the Article 29 Working Party’s guidance makes it clear that, once chosen, both mandatorily and voluntarily designated DPOs have the same responsibilities. The Working Party (no... Read More