Please join us for the following upcoming virtual events: 

October 13
Futureproofing Privacy Programs

Building a successful privacy program requires much more than compliance with data protection laws. To thrive in today’s global, data-driven environment, companies also need to understand the political environment and public attitudes surrounding privacy in the countries in which they operate.

Ad Law Access Podcast - Operationalizing CCPACCPA compliance is a cross-functional exercise that requires active participation and buy-in from business units across the organization to tackle data mapping, work flows and employee training. On the latest episode of the Ad Law Access Podcast, former special counsel Tara Marciano and associate Alexander Schneider discuss the ongoing challenges of operationalizing CCPA compliance focusing

This past Friday, the European Commission (“the Commission”) issued guidance addressing transatlantic data transfers after the European Court of Justice (“ECJ”) decision in the Schrems case. As we noted in an earlier post, the ECJ Schrems decision invalidated the U.S.-EU Safe Harbor framework, the mechanism that enabled self-certifying corporations to transfer personal data from

Yesterday, the California Attorney General Kamala Harris released much-anticipated guidance providing website and mobile app operators recommended best practices when disclosing how the operator responds to Do Not Track (“DNT”) signals in its online privacy policy.  

The guidance, “Making Your Privacy Practices Public,” is intended to help companies comply with recent revisions to the California Online Privacy Protection Act (“CalOPPA”), which requires that each privacy policy disclose how the website operator responds to mechanisms, such as DNT signals, that provide consumers with the ability to exercise choice regarding the collection of personally identifiable information (“PII”) over time and across third-party websites.  In addition to best practices on DNT signals, the guidance also provides general recommendations to make privacy policies “more effective and meaningful” to consumers.

The guidance provides the following 10 key recommendations:
Continue Reading California Releases Guidance on DNT Disclosures for Privacy Policies

On May 8, 2014, the FTC announced a settlement with Snapchat resolving allegations that the popular mobile messaging app deceived consumers over the disappearing nature of users “snaps” and made false and misleading representations concerning its privacy and information security practices.  The FTC took issue with several of Snapchat’s practices and representations:

  • Disappearing “Snaps” – Snapchat represents to users that their snaps (i.e., photos and videos) will “disappear forever” after the user-set time period expires, thereby ensuring users’ privacy and safeguarding against data collection.  According to the FTC’s complaint, however, recipients could circumvent the settings to save or access the snaps in a number of ways.  For example, recipients could open Snapchat messages in third-party apps, take a screen shot of the snaps on an iPhone, or access videos by connecting their mobile device to a computer and retrieving the files through the device directory.  The complaint alleges that these types of workarounds were highly publicized. 
  • Misrepresenting Data Collection Practices – Snapchat’s privacy policy represented to users that the app did not access or track users’ geolocation information.  The FTC complaint asserts that in October 2012, Snapchat integrated an analytics tracking service in the Android system, which transmitted Wi-Fi based and cell-based location information from users’ mobile devices.  Snapchat continued representing in the privacy policy that it did not collect or use geolocation information until February 2013.  In addition, the app allows users to “Find Friends” by entering their mobile number or by accessing the Find Friends feature in the apps menu options.  The privacy policy implied that the user’s mobile phone number was the only information Snapchat collected to find the user’s friends. The FTC contends, however, that when the user chose to Find Friends, Snapchat also collected the names and phone numbers of all the contacts in users’ address books.
    Continue Reading Snapchat Captured in FTC Enforcement

On March 28, 2014, the FTC announced two new mobile app settlements – with Fandango and Credit Karma – based on allegations that the companies failed to secure the transmission of consumers’ sensitive personal information collected via their mobile apps and misrepresented the security precautions that the companies took for each app.

Specifically, the FTC

Last week, Sen. Patrick Leahy (D-VT) introduced a bill to update the 25-year-old Electronic Communications Privacy Act (ECPA), by seeking enhanced privacy protections during government searches of electronic communications, cloud computing and location-based services. The ECPA Amendments Act of 2011 (S. 1011) would require a search warrant based on probable cause before service providers could

On November 17, 2009, Kelley Drye & Warren hosted a seminar and webcast, “Privacy Law Paradigm Shift: Policymakers Respond to Rapidly Evolving Technologies,” addressing new developments in privacy and information security law, regulation, and enforcement. Kelley Drye Partner Tom Cohen, and Of Counsel Jodie Bernstein, opened the seminar with an overview of privacy law and a history of the Federal Trade Commission’s enforcement priorities. Nine experts from the government and private sector spoke during three different panel sessions, The New Privacy Paradigm, Developments in Data Security, and Privacy and New Technologies. This advisory provides an overview of the key take-aways from each panel.

A webcast recording is also available to view online.

Continue Reading Insights From Kelley Drye’s 2nd Annual Privacy Law Seminar