Yesterday, two FTC officials urged companies, websites and
parties (including third-parties) involved in the online and mobile
ecosystem to reassess and carefully evaluate their data collection,
use and sharing practices in light of the FTC's recent broad
expansion of its online privacy rule for children. [
Click to view our December 19, 2012 blog post]. The FTC
made clear that they would pursue entities that ignored their
obligations. During a webinar hosted by the International
Association of Privacy Professionals, FTC senior attorneys Mamie
Kresses and Phyllis Marcus described the COPPA Rule changes saying
that companies need to examine their data collection practices in
light of technological advances, and that this was the whole
purpose of the new Rule. Since the issuance of the new Rule,
there have been a lot of questions from businesses. While
many of these questions remain unanswered, what is clear is that
companies that never had to think about COPPA before, will now have
To help address some of the uncertainty, the regulators said the
FTC is planning to release a guide for businesses about the new
Rule and said they would not be issuing a static guide, signaling
their input may vary over time leading up to July 1st the effective
date of the new Rule. For instance, FTC Chief Technologist
Steve Bellovin recently proposed that industry should create a
standard--perhaps through the URL - that would allow websites to
explicitly signal their COPPA-covered status to third-parties in a
position to track children with plug-ins, widgets, or other
third-party content or services.
While much uncertainty remains, what is certain is that companies
should be evaluating their data collection practices - in light of
the new COPPA Rule changes - now. A company should identify
the spectrum of third-parties implicated by their websites and
mobile apps in order to determine: (1) which "persistent
identifiers" qualify as personal information subject to the
new Rule, (2) those instances where parental consent can be readily
obtained, and (3) those situations where parental consent is not
desired and the third-party tag or server call will need to either
be removed or replaced with one that is compliant, and (4) those
third-party arrangements which require intensive oversight and
In an instructive opinion on how intangible harms can cause injuries sufficient to confer standing on plaintiffs—and a rare example of the U.S. Supreme Court's latest ruling on standing aiding plaintiffs—a West Virginia federal court ruled June 30 that computer-dialed telemarketing calls caused concrete, particularized privacy invasions.
The headlines are out there. You've seen them. On one hand, government agencies are ramping up enforcement efforts and dishing out heavier fines. On the other hand, data breaches are occurring at an exponential rate.
The European Commission formally adopted the EU-US Privacy Shield on Tuesday, ending months of legal uncertainty with a new framework for governing transatlantic data transfers after the Privacy Safe Harbor framework was invalidated in 2015.
The first European Union-wide rules on cybersecurity have been adopted by the European Parliament. Approved on July 6, 2016, the Directive on Security of Network and Information Systems (NIS Directive) creates new risk management and incident reporting obligations for both digital service providers and operators of essential services such as banking or transportation.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).