On June 22, 2016, the Federal Trade Commission announced a settlement with Singaporean-based mobile advertising network, InMobi, resolving charges that the company deceptively tracked hundreds of millions of consumers’ locations, including children, without their knowledge or consent. Among other requirements, the settlement orders the company to pay $950,000 in civil penalties. Continue Reading Ad Network to Pay Nearly 1 Million in Civil Penalties to Settle FTC Charges That It Geo-Tracked Consumers Without Permission
The Federal Trade Commission announced that it will host a workshop on September 15, 2016, “Putting Disclosures to the Test,” on the efficacy and costs of consumer disclosures in advertising and privacy policies. Planned discussion topics include examining disclosures meant to avoid deception in advertising, disclosures designed to inform consumers of data tracking, and industry-specific disclosures for jewelry, environmental and fuel-saving claims. The workshop is open to the public and will take place at the FTC’s Constitution Center offices in Washington, D.C. The FTC currently is soliciting presentation proposals for the workshop; submissions may be sent to firstname.lastname@example.org.
On December 30, 2015, the Pew Research Center released a report on the results of a recent survey that asked 461 Americans about their feelings toward sharing personal information with companies. The survey found that a “significant minority” of American adults have felt “confused over information provided in company privacy policies, discouraged by the amount of effort needed to understand the implications of sharing their data, and impatient because they wanted to learn more about the information-sharing process but felt they needed to make a decision right away.” Continue Reading Pew Research Center Issues Report on Attitudes Toward Sharing Personal Information with Private Sector
On June 30, 2015, the French Data Protection Authority (the “CNIL”) summarized the results of the cookie inspections it conducted at the end of 2014.
On May 25, 2015, the French Data Protection Authority (“CNIL”) released its long-awaited annual inspection program for 2015. Under French data protection law, the CNIL may conduct four types of inspections: (1) on-site inspections (i.e., the CNIL may visit a company’s facilities and access anything that stores personal data); (2) document reviews (i.e., the CNIL may require an entity to send documents or files upon written request); (3) hearings (i.e., the CNIL may summon representatives of organizations to appear for questioning and provide other necessary information); and (4) since March 2014, online inspections.
On May 7, 2015, the Digital Advertising Alliance (“DAA”) announced that, as of September 1, 2015, the Council of Better Business Bureaus and the Direct Marketing Association will begin to enforce the DAA Self-Regulatory Principles for Online Behavioral Advertising and the Multi-Site Data Principles (collectively, the “Self-Regulatory Principles”) in the mobile environment.
Hunton & Williams’ EU Privacy and Cybersecurity practice lawyers recently authored The Proposed EU General Data Protection Regulation – A guide for in-house lawyers (the “Guide”), addressing the key impacts of the forthcoming changes to EU data protection law. Current EU data protection law is based on the EU Data Protection Directive 95/46/EC (the “Directive”), which was introduced in 1995. An updated and more harmonized data protection law, in the form of a Regulation, has been proposed by the EU’s legislative bodies to replace the Directive. The Guide is intended to assist in-house lawyers in understanding the likely impact of the Regulation on businesses. While still under negotiation, the Regulation will significantly change the landscape of EU privacy and data protection in several key areas, including: Continue Reading Hunton Releases Guide to the Proposed EU General Data Protection Regulation
On November 16, 2015, the Federal Trade Commission will host a workshop in Washington, D.C., to examine the benefits and privacy risks associated with “cross-device tracking.” The workshop intends to highlight the types of cross-device tracking techniques and how businesses and consumers can benefit from these practices. The workshop also will address related privacy and security risks, and discuss whether self-regulatory programs apply to these practices.
On January 14, 2015, the data protection authority of the German federal state of Schleswig-Holstein (“Schleswig DPA”) issued an appeal challenging a September 4, 2014 decision by the Administrative Court of Appeals, which held that companies using Facebook’s fan pages cannot be held responsible for data protection law violations committed by Facebook because the companies do not have any control over the use of the data.