On August 22, 2018, California Attorney General Xavier Becerra raised significant concerns regarding the recently enacted California Consumer Privacy Act of 2018 (“CCPA”) in a letter addressed to the CCPA’s sponsors, Assemblyman Ed Chau and Senator Robert Hertzberg. Writing to “reemphasize what [he] expressed previously to [them] and [state] legislative leaders and Governor Brown,” Attorney General Becerra highlighted what he described as five primary flaws that, if unresolved, will undermine the intention behind and effective enforcement of the CCPA. Continue Reading California AG Voices Concern About State’s New Privacy Law

The Federal Trade Commission announced the opening dates of its Hearings on Competition and Consumer Protection in the 21st Century, a series of public hearings that will discuss whether broad-based changes in the economy, evolving business practices, new technologies or international developments might require adjustments to competition and consumer protection law, enforcement priorities and policy. The FTC and Georgetown University Law Center will co-sponsor two full-day sessions of hearings on September 13 and 14, 2018, to be held at the Georgetown University Law Center facility. Continue Reading FTC to Commence Hearings on Competition and Consumer Protection in the 21st Century

On August 15, 2018, U.S. District Judge Lucy Koh signed an order granting final approval of the record $115 million class action settlement agreed to by Anthem Inc. in June 2017. As previously reported, Judge Koh signed an order granting preliminary approval of the settlement in August 2017. Continue Reading Judge Grants Final Approval of Record Data Breach Settlement in Anthem Class Action

On August 6, 2018, the Federal Trade Commission published a notice seeking public comment on whether the FTC should expand its enforcement power over corporate privacy and data security practices. The notice, published in the Federal Register, follows FTC Chairman Joseph Simons’ declaration at a July 18 House subcommittee hearing that the FTC’s current authority to do so, under Section 5 of the FTC Act, is inadequate to deal with the privacy and security issues in today’s market. Continue Reading FTC Asks Whether to Expand Enforcement Power Over Corporate Privacy Practices

On July 19, 2018, the French Data Protection Authority (“CNIL”) announced that it served a formal notice to two advertising startups headquartered in France, FIDZUP and TEEMO. Both companies collect personal data from mobile phones via software development kit (“SDK”) tools integrated into the code of their partners’ mobile appseven when the apps are not in useand process the data to conduct marketing campaigns on mobile phones. Continue Reading CNIL Serves Formal Notice to Marketing Companies to Obtain User’s Consent for Processing Geolocation Data for Ad Targeting

On July 12, 2018, two U.S. Senators sent a letter to the Federal Trade Commission asking the agency to investigate the privacy policies and practices of smart TV manufacturers. In their letter, Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) note that smart TVs can “compile detailed profiles about users’ preferences and characteristics” which can then allow companies to personalize ads to be sent to “customers’ computers, phones or any other device that shares the smart TV’s internet connection.” Continue Reading Senators Ask FTC to Investigate Smart TV Manufacturers

On July 11, 2018, computer manufacturer Lenovo Group Ltd. (“Lenovo”) agreed to a proposed $8.3 million settlement in the hopes of resolving consumer class claims regarding pop-up ad software Lenovo pre-installed on its laptops. Lenovo issued a press release stating that, “while Lenovo disagrees with allegations contained in these complaints, we are pleased to bring this matter to a close after 2-1/2 years.” Continue Reading Lenovo Reaches Proposed $8.3 Million Settlement Agreement

On June 25, 2018, the New York Department of Financial Services (“NYDFS”) issued a final regulation (the “Regulation”) requiring consumer reporting agencies with “significant operations” in New York to (1) register with NYDFS for the first time and (2) comply with the NYDFS’s cybersecurity regulation. Under the Regulation, consumer reporting agencies that reported on 1,000 or more New York consumers in the preceding year are subject to these requirements, and must register with NYDFS on or before September 1, 2018. The deadline for consumer reporting agencies to come into compliance with the cybersecurity regulation is November 1, 2018. In a statement, Governor Andrew Cuomo said, “Oversight of credit reporting agencies ensures that the personal private information of New Yorkers is less vulnerable to the threat of cyber attacks, providing them with peace of mind about their financial future.”

On June 28, 2018, the Governor of California signed AB 375, the California Consumer Privacy Act of 2018 (the “Act”). The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. We previously reported on the relevant ballot initiative. The Act will take effect January 1, 2020. Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses

As reported in BNA Privacy Law Watch, a new law makes data protection a constitutional right in Chile. The measure, which was enacted by the National Congress of Chile, lists “protection of one’s personal data” as an individual right under the Constitution’s Article 19. As a result of this measure, Chilean courts must expedite privacy-related cases under constitutional protection. For more information, read the full article.