On June 21, 2017, the Federal Trade Commission updated its guidance, Six-Step Compliance Plan for Your Business, for complying with the Children’s Online Privacy Protection Act (“COPPA”). The FTC enforces the COPPA Rule, which sets requirements regarding children’s privacy and safety online. The updated guidance adds new information on situations where COPPA applies and steps to take for compliance. Continue Reading FTC Releases Guidance on COPPA Compliance
On April 19, 2017, the FTC announced that it is seeking public comment on proposed changes to TRUSTe, Inc.’s safe harbor program under the Children’s Online Privacy Protection Rule (the “Proposed Changes”). As we previously reported, New York Attorney General Eric T. Schneiderman announced that TRUSTe agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. The Proposed Changes are a result of the settlement agreement between TRUSTe and the New York Attorney General. Continue Reading FTC Seeks Comment on Proposed Changes to TRUSTe’s COPPA Safe Harbor Program
On April 4, 2017, the Article 29 Working Party (the “Working Party”) adopted an Opinion on the Proposed Regulation of the European Commission for the ePrivacy Regulation (the “Proposed ePrivacy Regulation”). The Proposed ePrivacy Regulation is intended to replace the ePrivacy Directive and to increase harmonization of ePrivacy rules in the EU. A regulation is directly applicable in all EU Member States, while a directive requires transposition into national law. Continue Reading Working Party Adopts Opinion on Proposed ePrivacy Regulation
On January 23, 2017, the FTC released a Staff Report (the “Report”) on cross-device tracking technology that can link multiple Internet-connected devices to the same person and track that person’s activity across those devices. The Report follows a November 2015 workshop on the same subject and is based on information and comments gathered during that workshop. Continue Reading FTC Issues Report on Cross-Device Tracking
On December 20, 2016, the FTC announced that it has agreed to settle charges that Turn Inc. (“Turn”), a company that enables commercial brands and ad agencies to target digital advertising to consumers, tracked consumers online even after consumers took steps to opt out of tracking. Continue Reading FTC Announces Settlement Regarding Targeted Digital Advertising
On July 25, 2016, the Article 29 Working Party (the “Working Party”) and the European Data Protection Supervisor (“EDPS”) released their respective Opinions regarding the review of Directive 2002/58/EC on privacy and electronic communications (the “ePrivacy Directive”). Both the Working Party and the EDPS stressed that new rules should complement the protections available under the EU General Data Protection Regulation (“GDPR”). Continue Reading Article 29 Working Party and EDPS Release Opinions on the ePrivacy Directive
On May 21, 2014, California Attorney General Kamala D. Harris issued guidance for businesses (“Guidance”) on how to comply with recent updates to the California Online Privacy Protection Act (“CalOPPA”). The recent updates to CalOPPA include requirements that online privacy notices disclose how a site responds to “Do Not Track” signals, and whether third parties may collect personal information about consumers who use the site. In an accompanying press release, the Attorney General stated that the Guidance is intended to provide a “tool for businesses to create clear and transparent privacy policies that reflect the state’s privacy laws and allow consumers to make informed decisions.” The Guidance is not legally binding; it is intended to encourage companies to draft transparent online privacy notices.
On September 27, 2013, California Governor Jerry Brown signed into law a bill amending the California Online Privacy Protection Act (“CalOPPA”) to require website privacy notices to disclose how the site responds to “Do Not Track” signals, and whether third parties may collect personal information when a consumer uses the site. Although the changes to the law do not prohibit online behavioral advertising, this is the first law in the United States to impose disclosure requirements on website operators that track consumers’ online behavior.
On September 23 and 24, 2013, a declaration and eight resolutions were adopted by the closed session of the 35th International Conference of Data Protection and Privacy Commissioners and have been published on the conference website. This blog post provides an overview of the declaration and the most significant resolutions.
Internet users have expressed increasing concern about efforts to track their online activities. As the online tracking methods used to target advertisements have expanded in both scope and complexity, regulators have taken notice and have begun to act in the online behavioral tracking and advertising space. In an article published in the November/December 2012 issue of IP Litigator, Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, and Melinda L. McLellan, a senior associate on the firm’s Privacy and Data Security team, discuss how legislators, regulators and industry stakeholders have been shaping the legal landscape concerning online behavioral advertising.