IAPP Westin Research Center

(Feb 14, 2019) The IAPP recently reviewed a set of proposals from U.S. lawmakers for a new piece of federal privacy legislation, as well as comments submitted to the National Telecommunications and Information Administration in response to their proposed framework to protect data privacy. We did this to identify areas of consensus, as well as controversy, regarding what a U.S. federal privacy law would look like. In particular, we assessed levels of support for and opposition to various provisions that may be ... Read More

(Jan 17, 2019) The California Consumer Privacy Act is notorious for the haste with which it was drafted. Many provisions of the statute require clarification, and the attorney general’s office is holding a series of public forums before issuing clarifying regulations. Among the concepts not well defined by the CCPA are deidentification, pseudonymization, and aggregation. It's helpful to take a look at some of the challenges the CCPA creates with its imprecise language regarding these topics and point out of t... Read More

(Jan 16, 2019) A case currently making its way through the Supreme Court’s docket may have far-reaching implications for the future of privacy litigation. The case, Frank v. Gaos, concerns cy pres class action settlements, and the core issue (for which the Court granted certiorari) regards the appropriateness of the cy pres arrangement in the case. During oral arguments, however, another issue captured the Court’s attention: Article III standing, and, specifically, whether any of the plaintiffs in the case pl... Read More

(Jan 11, 2019) Recently, the office of the Los Angeles City Attorney, Mike Feuer, filed a complaint against The Weather Channel Product and Technology, LLC (TWC)—the company owned by IBM and behind the popular Weather Channel mobile application. Feuer stated: “[W]e allege TWC elevates corporate profits over users’ privacy, misleading them into allowing their movements to be tracked, 24/7. We’re acting to stop this alleged deceit.” This action may encourage state attorneys general across the country to conside... Read More

(Dec 10, 2018) On Tuesday, the New York Attorney General’s office announced a $4.95 million settlement with Oath (formerly AOL) to settle violations of the Children’s Online Privacy Protection Act. The settlement represents the largest ever enforcement penalty for a COPPA violation from any enforcement agency. The company’s violations rise beyond the conduct underlying previous COPPA violations — which often involve a company utilizing third-party tracking software and inadvertently tracking children on a webs... Read More

(Jun 19, 2018) The data protection officer role is a new feature for many organizations now subject to the EU General Data Protection Regulation, which specifies the criteria for designating a DPO, describes the position, and enumerates its responsibilities. Critically, for many companies, designating a DPO is not optional. In any case, the Article 29 Working Party’s guidance makes it clear that, once chosen, both mandatorily and voluntarily designated DPOs have the same responsibilities. The Working Party (no... Read More

(Jun 11, 2018) In this report, we update our September 2014 study, “What FTC Enforcement Actions Teach Us About the Features of Reasonable Privacy and Data Security Practices,” originally written by IAPP Westin Fellow Patricia Bailin, CIPP/US, CIPM, CIPT, now head of privacy at Datavant. The initial study analyzed organizational failures on issues of privacy, security, software/product review, service providers, risk assessments, unauthorized access/disclosure, and employee training. Moreover, the study descri... Read More

(Apr 18, 2018) The Article 29 Data Protection Working Party has published its “last revised” guidelines on transparency under the General Data Protection Regulation. When the WP29 released its proposed guidelines last December offering “practical guidance and interpretive assistance” regarding transparency obligations, IAPP analyzed the key issues. In addition to a brief summary of the transparency requirements, IAPP’s analysis of the proposed guidelines focused on the meaning of phrases such as “concise, tran... Read More