Joint FTC and NJ AG Complaint and Settlement Against App Developer that Allegedly “Hijacked” and “Drained” Phone Resources

On June 29, the FTC and New Jersey Attorney General announced the filing of a joint complaint, and proposed, stipulated settlement, against an Ohio-based app developer, Equiliv Investments LLC and an individual officer of the company. The federal and state enforcement agencies alleged that Equiliv marketed a free app that users believed would let them earn rewards points for playing games or downloading affiliated apps.  The agencies alleged that Equiliv explicitly represented the app was free of malware when in fact the app’s main purpose was actually to load malicious software on the users’ phone to mine virtual currency.  Allegedly, the app took control of the devices’ computing resources and degraded the phones’ performance by draining battery life and data plans, and causing the devices to charge slowly.  The malware was alleged to pool the computing resources of consumers’ mobile devices to benefit the company’s effort to generate virtual currencies through a peer-to-peer network to compete with other devices in solving complex mathematical equations – a process known as “mining.”

Read More

EmailShare

Plaintiffs and Privacy in Yahoo Data Privacy Case: Judge Koh Grants Class Certification in California

On May 26, 2015, Judge Lucy Koh in the Northern District of California granted class certification to plaintiffs in In re Yahoo Mail Litigation, Case No. 13-CV-04980-LHK (N.D. Cal. May 26, 2015) (“Yahoo”). This ruling will likely have an effect on how class action claims are alleged and could impact email providers’ policies and procedures pertaining to email scanning and user consent.  In particular, companies may wish to review the impact of their privacy disclosures and consent framework to non-subscribers who may interact with users who have consented to the companies’ policies.

Read More

EmailShare

Connecticut Amends Breach Notification Law Regarding Timing and Credit Monitoring; Imposes New Data Security Requirements on Health Insurers and State Contractors

New legislation out of Hartford means that Connecticut joins Massachusetts in imposing strict state requirements for data protection.  S.B. 949. Additionally, the new law amends Connecticut’s data breach notification law, making Connecticut the first in the nation to affirmatively require entities that experience a reportable data breach to offer free credit monitoring to residents affected by the breach. The legislation further imposes significant new requirements on health insurers, as well as contractors that receive confidential information from state agencies, to maintain minimum data security protections. While health insurers have until 2017 to come into full compliance, the requirements for state contractors are effective as of July 1, 2015.

Read More

EmailShare

US-Brazil Cyber Thaw?

Following meetings between President Obama and Brazilian President Dilma Rousseff this week, the leaders issued a joint communiqué addressing a number of cyber issues. It would appear that post-Snowden tensions have ameliorated. In 2013, President Rousseff condemned alleged US spying. In their statement this week, the Presidents expressed a “share[d] understanding that global Internet governance must be transparent and inclusive, ensuring full participation of governments, civil society, private sector and international organizations, so that the potential of the Internet as a powerful tool for economic and social development can be fulfilled” and they reaffirmed “their adherence to the multistakeholder model of Internet governance.”

Read More

EmailShare

The Final Stretch: Trilogue Commences Final Negotiations on EU Data Protection Regulation

Following the adoption of the EU Data Protection Regulation by the Council of Ministers last week, today saw the first meeting of the European Commission, European Parliament and Council of Ministers under what is known as the trilogue process, with the aim of negotiating the final wording of the Regulation.

Read More

EmailShare

Final Negotiations Set To Begin On EU Data Privacy Law

More than three years after the initial proposal for the EU Data Protection Regulation was published by the European Commission, it has been agreed by Europe’s Council of Ministers. The negotiations will now start between the commission, the European Parliament and the Council, in what is known as the “Trilogue” process, to agree the final text of the regulation, which is widely expected to be adopted by the end of 2015 or early 2016. The regulation, once adopted, will have a significant impact not only on EU companies but also on U.S. and other international companies that conduct business in the EU.

Read More

EmailShare

EU Begins Far-Reaching E-Commerce Sector Inquiry

Today, the European Commission sent out the first wave of more than 2,000 questionnaires it has said it will send to companies in connection with its recently-announced e-commerce sector inquiry. This marks the first stage in what is expected to be a far-reaching probe into a wide range of activities and business practices related to online selling in Europe.

The purpose of the sector inquiry is to examine current e-commerce business practices with a view to “breaking down online borders in the European Union.” The Commission will examine whether companies impose—via contract or through other practices—obligations that restrict the ability of merchants and consumers to buy and sell goods and services online across the EU.

Read More

EmailShare
EmailShare
XSLT Plugin by BMI Calculator