Washington state’s consumer privacy act takes next step toward passage

(Feb 28, 2019) On Wednesday, the Washington Senate Ways & Means Committee held a public hearing on the Washington Privacy Act (SB 5376). This was the second time the bill had come before a committee for a public hearing, after previously enjoying support from Microsoft General Counsel Julie Brill, during a public hearing in front of the Senate Environment, Energy & Technology Committee. Comments from the speakers at the Ways & Means Committee hearing varied from proposals for clarifying amendments... Read More

FTC issues its largest-ever COPPA fine

(Feb 28, 2019) The U.S. Federal Trade Commission announced a $5.7 million agreement with video social networking app Musical.ly (now TikTok) to settle alleged violations of the Children’s Online Privacy Protection Act. The settlement surpasses a December 2018 agreement between the New York Attorney General’s office and Oath as the largest fine for COPPA violations by any enforcement agency. Noteworthy is a joint statement from Commissioners Rohit Chopra and Rebecca Kelly Slaughter — published with the stipulat... Read More

Creating meaningful data protection out of US privacy proposals

(Feb 14, 2019) The IAPP recently reviewed a set of proposals from U.S. lawmakers for a new piece of federal privacy legislation, as well as comments submitted to the National Telecommunications and Information Administration in response to their proposed framework to protect data privacy. We did this to identify areas of consensus, as well as controversy, regarding what a U.S. federal privacy law would look like. In particular, we assessed levels of support for and opposition to various provisions that may be ... Read More

CCPA offers minimal advantages for deidentification, pseudonymization, and aggregation

(Jan 17, 2019) The California Consumer Privacy Act is notorious for the haste with which it was drafted. Many provisions of the statute require clarification, and the attorney general’s office is holding a series of public forums before issuing clarifying regulations. Among the concepts not well defined by the CCPA are deidentification, pseudonymization, and aggregation. It's helpful to take a look at some of the challenges the CCPA creates with its imprecise language regarding these topics and point out of t... Read More

US Supreme Court case may have far-reaching privacy implications

(Jan 16, 2019) A case currently making its way through the Supreme Court’s docket may have far-reaching implications for the future of privacy litigation. The case, Frank v. Gaos, concerns cy pres class action settlements, and the core issue (for which the Court granted certiorari) regards the appropriateness of the cy pres arrangement in the case. During oral arguments, however, another issue captured the Court’s attention: Article III standing, and, specifically, whether any of the plaintiffs in the case pl... Read More

New IAPP guide to US privacy law proposals

(Jan 15, 2019) You've seen the news: Numerous lawmakers and organizations have offered proposals or recommendations regarding a new U.S. federal data privacy law. But where is there consensus? What will be the biggest points of contention as a potential final text emerges? To shine more light on specific provisions being debated and their likelihood of coming to fruition, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, undertook a study of the most recent bills introduced in Congress, as we... Read More

Lawsuit against weather app sign of things to come?

(Jan 11, 2019) Recently, the office of the Los Angeles City Attorney, Mike Feuer, filed a complaint against The Weather Channel Product and Technology, LLC (TWC)—the company owned by IBM and behind the popular Weather Channel mobile application. Feuer stated: “[W]e allege TWC elevates corporate profits over users’ privacy, misleading them into allowing their movements to be tracked, 24/7. We’re acting to stop this alleged deceit.” This action may encourage state attorneys general across the country to conside... Read More

New e-book: 'Top 5 Operational Impacts of the CCPA'

(Jan 2, 2019) Tuesday marked one year until the California Consumer Privacy Act of 2018 comes into effect. Are you ready to go? Probably not. Don't worry, the IAPP Resource Center has you covered. We released the brand-new "Top 5 Operational Impacts of the California Consumer Privacy Act of 2018" e-book, which rolls up and updates a series of pieces written this past fall, while also providing a handy copy of the updated law, itself, for easy reference. While there may yet be amendments, and indeed there has ... Read More

Worse than negligent: Takeaways from Oath's COPPA settlement with the NY AG

(Dec 10, 2018) On Tuesday, the New York Attorney General’s office announced a $4.95 million settlement with Oath (formerly AOL) to settle violations of the Children’s Online Privacy Protection Act. The settlement represents the largest ever enforcement penalty for a COPPA violation from any enforcement agency. The company’s violations rise beyond the conduct underlying previous COPPA violations — which often involve a company utilizing third-party tracking software and inadvertently tracking children on a webs... Read More

DPO liability and potential insurance coverage

(Jun 19, 2018) The data protection officer role is a new feature for many organizations now subject to the EU General Data Protection Regulation, which specifies the criteria for designating a DPO, describes the position, and enumerates its responsibilities. Critically, for many companies, designating a DPO is not optional. In any case, the Article 29 Working Party’s guidance makes it clear that, once chosen, both mandatorily and voluntarily designated DPOs have the same responsibilities. The Working Party (no... Read More