On May 7, 2015, the United States District Court for the Western District of Washington (Seattle) joined other courts in narrowly construing the phrase “personally identifiable information” under the Video Privacy Protection Act, 18 U.S.C. § 2710 (the “VPPA”) to exclude a device identifier, even if a third party could use that identifier in combination with other information to identify the individual. The VPPA prohibits video service providers from knowingly disclosing “personally identifiable information” about their customers without their consent.

Last week, Magistrate Judge Paul S. Grewal issued an order for the Northern District of California granting LinkedIn Corporation’s (“LinkedIn”) Motion to Dismiss a proposed class action alleging that its “Reference Searches” – which enable employers to find people with whom a job applicant may have worked previously – violated the Fair Credit Reporting Act (“FCRA”).

The Video Privacy Protection Act (“VPPA”) came into existence in the wake of a Washington Post report of Supreme Court nominee Robert Bork’s video rental history. Although the days of renting VHS tapes are now gone, the VPPA endures. Over the last several years a number of high profile lawsuits have been filed against online video and service providers for alleged violations of the VPPA, causing anxiety among content providers of all stripes. However, two recent decisions perhaps point to an emerging sense among courts that some limitations on the statute’s application are warranted.

Late last week, GroupMe, Inc. won an important victory in Glauser v. GroupMe, Inc., a federal class action stemming from allegations that the company violated the Telephone Consumer Protection Act of 1991 (TCPA) by sending unauthorized text messages to the plaintiff. Perhaps more significantly, in granting summary judgment to GroupMe, the trial court took a step that the Federal Communications Commission (FCC) thus far has not taken and addressed a lingering question of how the TCPA and the FCC’s implementing regulations define an automatic telephone dialing system (ATDS).

As described in our recent Stay Current, yesterday the Federal Communications Commission (FCC) released a Fact Sheet outlining many aspects of FCC Chairman Tom Wheeler’s draft order to reclassify broadband internet services as a “telecommunications service” thereby enhancing the FCC’s ability to regulate different aspects of broadband internet service.

Just last week, the Federal Trade Commission (FTC) released a staff report on the Internet of Things (IoT) outlining specific recommendations and its views on best practices that IoT developers should implement to protect consumer privacy and security of IoT devices. The FTC defines IoT as devices – other than computers, smartphones and tablets – that “connect, communicate or transmit information with or between each other through the Internet.”

New legislation signed by New Jersey Governor Chris Christie late last week mandates that health insurance companies in the state protect the personal information they compile or maintain through encryption or “by any other method or technology rendering it unreadable, undecipherable, or otherwise unusable by an unauthorized person.”

On Monday, January 12, President Obama gave a speech at the Federal Trade Commission in which he announced a multi-faceted legislative agenda aimed at creating a uniform national breach notification requirement, establishing national standards for consumer privacy, and expanding protections for educational data. While the President’s speech and the accompanying fact sheet outlined a broad privacy agenda, both were short on detail, leaving the public – and Congress – to speculate about the specifics of the President’s plan.

In a recent interview (from before reports of the Sony data breach!), I discuss some of the most pressing privacy and security issues facing tech companies today.

Last week, the Advertising Self-Regulatory Council’s Online Interest-Based Advertising Accountability Program released agreements with five website operators addressing their compliance with the Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”).