Category

Online Privacy

31 May 2019

GDPR: One Year On

The 25th of May, 2019 marked a year since the EU General Data Protection Regulation (“GDPR”) came into force. For most in privacy, involvement with the GDPR has been ongoing for well over this year, but on the first anniversary of the GDPR we take an opportunity to look back and reflect on where we are now in relation to some key areas of interest including enforcement action, privacy litigation, breach notification and developing guidance from the European Data Protection Board (“EDPB”).

(more…)

EmailShare
21 May 2019

Dutch Supervisory Authority Opines on Use of Cookie Walls

Recently, the Dutch Supervisory Authority (the “Autoriteit Persoonsgegevens” or “Dutch SA”) has taken the position that the use of so-called “cookie walls,” whereby website access is made conditional upon the provision of consent to tracking cookies, is not compliant with the EU General Data Protection Regulation (“GDPR”).

(more…)

EmailShare
13 May 2019

Terms and Conditions: Recent Supreme Court Decisions Highlight There is More to Consider than Just the Privacy Policy

Your website is essential to your online business.  By developing and presenting an online presence, however, you take on legal obligations to your users.  It is, therefore, a timely exercise to stop and take stock of your terms and conditions in light of recent developments in the law, consumer expectations, and your legal risk profile.  The privacy policy has been getting a lot of attention lately as many websites, services and apps are rushing to get their new privacy policies in place in light of the California Online Privacy Protection Act (“CalOPPA”).  But updating the privacy policy is only one step in protecting your business in this digital economy. Terms and conditions are an important tool for limiting a company’s exposure to the various legal risks inherent in conducting business online.   Boilerplate provisions can leave you exposed and frustrate your customers.  Companies should critically consider the nature and needs of the business and transactions that may occur on their websites to determine what types of provisions will be beneficial and best practices for creating a binding contract.

Terms and conditions generally specify the rules governing the use of a website or mobile application.  Since every website is different, custom-drafted terms and conditions are necessary to protect a particular business.  Well-crafted terms and conditions might address issues such as payment, taxes, refunds, gift certificates, accounts, disclaimers, user behavior on your site, warranties and limitations on liability.

(more…)

EmailShare
30 April 2019

OCR Reduces HIPAA Penalties and Clarifies Liability for Transferring ePHI to Third-Party Health Apps

New Annual HIPAA Penalty Tiers

Six months after imposing the largest ever HIPAA fine ($16 million) following a HIPAA data breach, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) has announced that it is exercising its enforcement discretion to lower maximum annual HIPAA penalties.

(more…)

EmailShare
18 March 2019

The New Congress Turns to an Old Issue – The Possibility of Comprehensive Federal Privacy Legislation

Even a few short years ago, it seemed unlikely that Congress would enact comprehensive privacy legislation. But a series of high profile data breaches; increasing concerns about data practices, particularly when connected to political micro-targeting; fears about the rise of autonomous, and potentially invisible, decision-making; and the passage of far-reaching foreign and now State privacy laws have all changed the zeitgeist. Congress has taken notice, and, for the past year, Data Matters has been closely following the Legislative Branch’s moves as it a federal privacy bill looks more likely than it has in a generation. (more…)

EmailShare
14 March 2019

FTC Announces Record-Setting $5.7M COPPA Penalty

On February 27, 2019, the Federal Trade Commission (“FTC”) announced a record-setting $5.7 million civil penalty against makers of the popular free video creation and sharing app, Musical.ly (now known as TikTok), for violations of U.S. children’s privacy rules. This is the largest civil penalty the FTC has issued concerning violations of the Children’s Online Privacy Protection Act (“COPPA”).

(more…)

EmailShare
24 January 2019

French CNIL Fines Google €50m for Violation of GDPR’s Transparency and Consent Requirements

On January 21, 2019, the French Supervisory Authority (the “Commission Nationale de l’Informatique et des Libertés” or “CNIL”) issued Google’s U.S. headquarters (“Google”) with a fine of €50m for failure to comply with the EU General Data Protection Regulation’s (“GDPR”) fundamental principles of transparency and legitimacy. The CNIL found that the general structure of Google’s privacy policy and terms & conditions was too complex for the average user and that Google, by using pre-ticked boxes as a consent mechanism, failed to establish a legal basis for data processing to deliver targeted advertising. This is the first regulatory fine the CNIL issued on the basis of the GDPR’s penalty authorities, and it marks a strong enforcement signal to organizations subject to the CNIL’s jurisdiction moving forward. (more…)

EmailShare
27 December 2018

Debate Continues on the Future of U.S. Privacy Regulation from California to Capitol Hill

With the midterm election out of the way, legislators on Capitol Hill and in state capitols are getting ready to consider the future of data privacy regulation in 2019 and consumer and industry groups continue to weigh in on the ongoing debate.  The debate has begun to move from principles and frameworks to drafting of legislative language.

(more…)

EmailShare
03 December 2018

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

*This article first appeared in the Hill.com on November 19, 2018

With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy. The new privacy zeitgeist follows years of data breaches as well as new concerns about invisible data collection, political micro-targeting and manipulation, the proliferation of internet-connected devices, and a potential lack of transparency in the decisions that machines increasingly make about us.

(more…)

EmailShare
30 November 2018

EDPB Issues Long-Awaited Guidance on Territorial Scope of the GDPR

On November 23, 2018, the European Data Protection Board (“EDPB”) published draft guidelines seeking to clarify the territorial scope of the GDPR (“Guidelines”).  The Guidelines have been eagerly awaited, particularly by controllers and processors outside of the EU looking for confirmation as to whether or not the EU data protection rules apply to them.  The Guidelines largely reaffirm prior interpretations of the GDPR’s territorial application under Article (3)(1), and offer essential guidance with respect to the GDPR’s – heavily debated – extraterritorial application under Article (3)(2).  The GDPR applies to companies established in the EU as well as companies outside of the EU that are “targeting” individuals in the EU (by offering them products or services) or monitoring their behavior (as far as that behavior takes place in the EU).

The proposed Guidelines are open for public consultation until January 18, 2019.  It remains to be seen whether and how any outstanding issues will have been addressed upon conclusion of the consultation. (more…)

EmailShare
1 2 3 9
XSLT Plugin by BMI Calculator