Menu

PH Privacy

11th Circuit to FTC: General Prescriptions of “Reasonableness” in Data Security Are Unreasonably Vague
The long-running saga of LabMD’s battle with the Federal Trade Commission may be nearing its end. As readers of our blog posts are aware, the now-defunct medical testing company has been fighting with the FTC over allegations that its data security practices were “unfair” for several years. Last week, the 11th Circuit issued a decision finding that the commission’s order against the company was enforceable because it did not enjoin a specific act or practice and was too vague.
Tech Giants Already Facing Complaints Under GDPR
Max Schrems, a European privacy activist - best known for bringing down “Safe Harbour” – has filed complaints against four of the biggest US tech giants under the new EU General Data Protection Regulation (GDPR). According to Max Schrem’s non-profit organisation, None of Your Business, the complaints were filed on Friday 25 May, coincidentally (some might argue too coincidentally), the very first day of GDPR’s entry into force; and are said to be worth a combined total of over EUR 7 billion, in maximum imposable penalties.
CLOUD Act Implements Crucial Statutory Changes Affecting Law Enforcement Access to Data
On March 23, 2018, President Trump signed into law, as part of a broader spending bill, the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which enacted crucial statutory changes affecting law enforcement access to data stored by online service providers.
The D.C. Circuit Reins in the FCC on Robocalls and Texts
On Friday, March 16, 2018, the U.S. Court of Appeals for the D.C. Circuit issued its ruling in ACA International v. FCC, which set aside two major components of a 2015 Federal Communications Commission (“FCC” or “Commission”) Declaratory Ruling and Order (“Order”) intended to clarify the Commission’s position on the Telephone Consumer Protection Act (“TCPA”).
FTC Recommendations for Enhanced Security Updates on Mobile Devices
In a report issued last week, the Federal Trade Commission (“FTC” or the “Commission”) highlighted the need for mobile device manufacturers to improve the security update process for their devices.
Recap: Oral Arguments in United States v. Microsoft Corp.
On Tuesday, February 27, the Supreme Court heard oral arguments on United States v. Microsoft Corp., which will have far-reaching implications for law enforcement's access to data stored by a U.S. company overseas.
Key Takeaways from the FTC’s Latest Privacy Enforcement
On January 8, the Federal Trade Commission (“FTC”) settled allegations with VTech, an electronic toy maker, for violations of the Children’s Privacy Protection Act (“COPPA”) and for failing to use reasonable and appropriate data security measures to protect its customers’ personal information. The enforcement action, resulting in fines of over $650,000, is the latest reminder that companies can expect the consumer protection agency to closely scrutinize the privacy and cybersecurity protections in the connected devices and platforms that make up the Internet of Things (“IoT”).
Less Biometric Security Is More Security: A Fifth Amendment Primer
Last month, District Judge Edmond Chang handed down a decision that held that the government, with a search warrant, can require individuals to use their fingerprints to unlock a phone using biometrics without violating the Fifth Amendment. Judge Chang’s decision follows a 2014 Virginia state circuit court decision, which also allowed the government to compel an individual to unlock his phone with his fingerprint.
State AGs Reach Settlement with Nationwide Over 2012 Data Breach
On August 9, 2017, attorneys general representing 32 states and the District of Columbia announced a settlement with Nationwide Mutual Insurance Co. and its unit Allied Property & Casualty (collectively, “Nationwide”) to resolve the states’ investigation into the company’s 2012 data breach.
Bi-Partisan Group of Senators Propose IoT Cybersecurity Legislation
On August 1, 2017, a bipartisan group of senators introduced the Internet of Things (IoT) Cybersecurity Improvement Act of 2017 that would require IoT devices purchased by the U.S. government to meet certain minimum security requirements.
1 2 3 4 5