Privacy and Information Security

Subscribe to Privacy and Information Security

Earlier this month, the Department of Justice released a White Paper and FAQ on the Clarifying Lawful Overseas Use of Data (CLOUD) Act. Enacted in March 2018, the CLOUD Act attempts to resolve the legal conflicts that arise when one country orders the disclosure of electronic data pursuant to a criminal investigation, but another country’s

Almost ten months after the California Consumer Protection Act was passed, companies are still trying to figure out what it means. To make things more complicated, over 40 bills have been introduced to make changes to the law, and the Attorney General is required to pass regulations on a number of provisions. How can companies

A federal judge allowed a class-action lawsuit alleging Bose collected and shared data about its headphone users to proceed last week on the basis of deceptive advertising. The decision underscores the risks that internet of things (IoT) businesses can face if they fail to accurately communicate to consumers how a mobile app or “smart” product

The Danish and Polish data protection authorities issued their first GDPR fines last month. The cases serve as indicators of the kinds of technical violations enforcement officials are looking to deter as they police the EU’s new privacy regulation.

In Denmark, Datatilsynet recommended fining the taxi company Taxa 4×35 nearly $180,000 for failing to delete

FTC Chairman Joe Simons recently acknowledged the Commission’s plan to use its authority under Section 6(b) of the FTC Act to examine the data practices of large technology companies.  In written responses to questions from members of the U.S. Senate Commerce Committee following in-person testimony in November 2018, Chairman Simons confirmed that plans were underway

The FTC recently announced a $5.7 million settlement with app developer Musical.ly for COPPA violations associated with its app (now known as TikTok)—the agency’s largest-ever COPPA fine since the enactment of the statute. The agency charged the app company, which allows users to create and share videos of themselves lip-syncing to music, with unlawfully collecting

The Federal Trade Commission (FTC) announced this week that it is seeking comments on proposed amendments to the Privacy Rule and Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).  These two rules outline obligations for financial institutions to protect the privacy and security of customer data in their control.  While the proposed changes to the Privacy

The National Institute of Standards and Technology (NIST) released a preview of its plans for a standard Privacy Framework this past week.  The purpose of the Framework is to help organizations better manage privacy risks.

The Privacy Framework would breakdown privacy functions into five categories: identify the context of processing, protect private data, control data

The current and future definition of what qualifies as an automatic telephone dialing system (ATDS or autodialer) remains a hotly debated and evaluated issue for every company placing calls and texts, or designing dialer technology, as well as the litigants and jurists already mired in litigation under the Telephone Consumer Protection Act (TCPA).  Last year, the D.C. Circuit struck down the FCC’s ATDS definition in ACA International v. FCC, Case No. 15-1211 (D.C. Cir. 2019).  Courts since have diverged in approaches on interpreting the ATDS term.  See, e.g., prior discussions of Marks and Dominguez.  All eyes thus remain fixed on the FCC for clarification.

In this post, we revisit the relevant details of the Court’s decision in ACA International, and prior statements of FCC Chairman Ajit Pai concerning the ATDS definition to assess how history may be a guide to how the FCC approaches this issue.


Continue Reading

The draft National E-Commerce Policy (“Draft Policy”) released by the Government of India on February 23, 2019 for stakeholder comments, has left the e-commerce sector in jitters. For global market players, the protectionist construct of the Draft Policy seems to suggest a shift of India’s focus from ‘Ease of Doing Business in India’ to ‘Make in India’. If the Draft Policy is implemented in its present form, it may have a serious impact demanding drastic change in internal strategies, policies and cost allocations for foreign companies having e-commercial presence in India. The Draft Policy is open for stakeholder comments up to March 9, 2019.

The Draft Policy focuses on: (i) restriction on cross-border flow of data; (ii) local presence and taxability of foreign entities having significant economic presence in India; (iii) creating a robust digital infrastructure for e-commerce, from online custom clearance to online resolution of consumer complaints; (iv) promoting exports from India with a boost to start-ups and small firms; and (v) regulatory changes to augment economic growth in e-commerce.

The key highlights of the Draft Policy are as follows: 
Continue Reading