Almost ten months after the California Consumer Protection Act was passed, companies are still trying to figure out what it means. To make things more complicated, over 40 bills have been introduced to make changes to the law, and the Attorney General is required to pass regulations on a number of provisions. How can companies
Court Says Headphone App Not Eavesdropping, But May Be Deceptive
A federal judge allowed a class-action lawsuit alleging Bose collected and shared data about its headphone users to proceed last week on the basis of deceptive advertising. The decision underscores the risks that internet of things (IoT) businesses can face if they fail to accurately communicate to consumers how a mobile app or “smart” product
GDPR Recap: Technical Violations Result in Steep Fines, In Latest Enforcement Actions
The Danish and Polish data protection authorities issued their first GDPR fines last month. The cases serve as indicators of the kinds of technical violations enforcement officials are looking to deter as they police the EU’s new privacy regulation.
In Denmark, Datatilsynet recommended fining the taxi company Taxa 4×35 nearly $180,000 for failing to delete
FTC to Use 6(b) Authority to Examine Tech Companies’ Data Practices
FTC Chairman Joe Simons recently acknowledged the Commission’s plan to use its authority under Section 6(b) of the FTC Act to examine the data practices of large technology companies. In written responses to questions from members of the U.S. Senate Commerce Committee following in-person testimony in November 2018, Chairman Simons confirmed that plans were underway
Time Runs Out for TikTok App: Developer Musical.ly Agrees to FTC’s Largest-Ever Fine for Children’s Privacy Violations
The FTC recently announced a $5.7 million settlement with app developer Musical.ly for COPPA violations associated with its app (now known as TikTok)—the agency’s largest-ever COPPA fine since the enactment of the statute. The agency charged the app company, which allows users to create and share videos of themselves lip-syncing to music, with unlawfully collecting
Raising the Bar: FTC’s Proposed Changes to the Safeguards Rule Would Establish a New Standard for Information Security Programs
The Federal Trade Commission (FTC) announced this week that it is seeking comments on proposed amendments to the Privacy Rule and Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA). These two rules outline obligations for financial institutions to protect the privacy and security of customer data in their control. While the proposed changes to the Privacy
NIST Outlines Privacy Framework, Taking a Page from Past Cybersecurity Efforts
The National Institute of Standards and Technology (NIST) released a preview of its plans for a standard Privacy Framework this past week. The purpose of the Framework is to help organizations better manage privacy risks.
The Privacy Framework would breakdown privacy functions into five categories: identify the context of processing, protect private data, control data
Taking Stock of the TCPA in 2019: What is an “Autodialer”?
The current and future definition of what qualifies as an automatic telephone dialing system (ATDS or autodialer) remains a hotly debated and evaluated issue for every company placing calls and texts, or designing dialer technology, as well as the litigants and jurists already mired in litigation under the Telephone Consumer Protection Act (TCPA). Last year, the D.C. Circuit struck down the FCC’s ATDS definition in ACA International v. FCC, Case No. 15-1211 (D.C. Cir. 2019). Courts since have diverged in approaches on interpreting the ATDS term. See, e.g., prior discussions of Marks and Dominguez. All eyes thus remain fixed on the FCC for clarification.
In this post, we revisit the relevant details of the Court’s decision in ACA International, and prior statements of FCC Chairman Ajit Pai concerning the ATDS definition to assess how history may be a guide to how the FCC approaches this issue.
Doing Business in India? Keep an Eye on This….
The draft National E-Commerce Policy (“Draft Policy”) released by the Government of India on February 23, 2019 for stakeholder comments, has left the e-commerce sector in jitters. For global market players, the protectionist construct of the Draft Policy seems to suggest a shift of India’s focus from ‘Ease of Doing Business in India’ to ‘Make in India’. If the Draft Policy is implemented in its present form, it may have a serious impact demanding drastic change in internal strategies, policies and cost allocations for foreign companies having e-commercial presence in India. The Draft Policy is open for stakeholder comments up to March 9, 2019.
The Draft Policy focuses on: (i) restriction on cross-border flow of data; (ii) local presence and taxability of foreign entities having significant economic presence in India; (iii) creating a robust digital infrastructure for e-commerce, from online custom clearance to online resolution of consumer complaints; (iv) promoting exports from India with a boost to start-ups and small firms; and (v) regulatory changes to augment economic growth in e-commerce.
The key highlights of the Draft Policy are as follows:
Continue Reading
New Bill Could Increase CCPA Headaches
Last week, the California Assembly’s Standing Committee on Privacy and Consumer Protection held a hearing to discuss the California Consumer Privacy Act. While many panelists from the private sector pointed out problems with the law, a few panelists defended the law, and some suggested that it didn’t go far enough. For example, Stacey Schesser, the