The European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration. The watch is equipped with GPS, a microphone and speaker, and has a companion app that grants parents oversight of the child wearer. According to a February 1, 2019 alert posted on the EU’s recall and notification index for nonfood products, flaws in the product could permit malicious users to send commands to any Safe-KID-One watch, making it call any other number, and to communicate with the child wearing the device or locate the child through GPS. The European Commission concluded that, as a result, the device does not comply with the 1994 Radio Equipment Directive. This recall follows Germany’s November 2017 ban on smartwatches for children.

On August 13, 2018, the Federal Trade Commission approved changes to the video game industry’s safe harbor guidelines under the Children’s Online Privacy Protection Act (“COPPA”) Rule. COPPA’s “safe harbor” provision enables industry groups to propose self-regulatory guidelines regarding COPPA compliance for FTC approval.  Continue Reading FTC Approves Changes to Video Game Industry’s Safe Harbor Program Under COPPA

On May 8, 2018, Senator Ron Wyden (D–OR) demanded that the Federal Communications Commission investigate the alleged unauthorized tracking of Americans’ locations by Securus Technologies, a company that provides phone services to prisons, jails and other correctional facilities. Securus allegedly purchases real-time location data from a third-party location aggregator and provides the data to law enforcement without obtaining judicial authorization for the disclosure of the data. In turn, the third-party location aggregator obtains the data from wireless carriers. Federal law restricts how and when wireless carriers can share certain customer information with third parties, including law enforcement. Wireless carriers are prohibited from sharing certain customer information, including location data, unless the carrier has obtained the customer’s consent or the sharing is otherwise required by law. Continue Reading Senator Wyden Calls for FCC Investigation into Company Sharing Location Data

The Article 29 Working Party (“Working Party”) recently issued its Opinion on data processing at work (the “Opinion”). The Opinion, which complements the Working Party’s previous Opinion 08/2001 on the processing of personal data in the employment context and Working document on the surveillance of electronic communications in the workplace, seeks to provide guidance on balancing employee privacy expectations in the workplace with employers’ legitimate interests in processing employee data. The Opinion is applicable to all types of employees and not just those under an employment contract (e.g., freelancers).

Continue Reading Article 29 Working Party Releases Opinion on Data Processing at Work

This post has been updated. 

On October 27, 2016, the Federal Communications Commission (“FCC”) announced the adoption of rules that require broadband Internet Service Providers (“ISPs”) to take steps to protect consumer privacy (the “Rules”). According to the FCC’s press release, the Rules are intended to “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.”  Continue Reading FCC Adopts Broadband Consumer Privacy Rules

On October 27, 2016, the Federal Communications Commission (“FCC”) will vote on whether to finalize proposed rules (the “Proposed Rules”) concerning new privacy restrictions for Internet Service Providers (“ISPs”). The Proposed Rules, which revise previous versions introduced earlier this year, would require customers’ explicit (or “opt-in”) consent before an ISP can use or share a customer’s personal data, including web browsing and app usage history, geolocation data, children’s information, health information, financial information, email and other message contents and Social Security numbers. Continue Reading FCC to Vote on Proposed Privacy Rules for Internet Service Providers

On October 3, 2016, the Texas Attorney General announced a $30,000 settlement with mobile app developer Juxta Labs, Inc. (“Juxta”) stemming from allegations that the company violated Texas consumer protection law by engaging in false, deceptive or misleading acts or practices regarding the collection of personal information from children. Continue Reading Texas AG Settles Suit with Messaging App Over Children’s Data Practices

On April 12, 2016, the French Data Protection Authority (“CNIL”) announced that it will participate in a coordinated online audit to analyze the impact of everyday connected devices on privacy. The audit will be coordinated by the Global Privacy Enforcement Network (“GPEN”), a global network of approximately 50 data protection authorities (“DPAs”) from around the world. Continue Reading CNIL and GPEN Analyze Impact of Connected Devices on Privacy During Internet Sweep

On June 18, 2014, the German state data protection authorities responsible for the private sector (the Düsseldorfer Kreis) issued guidelines concerning the data protection requirements for app developers and app publishers (the “Guidelines”). The Guidelines were prepared by the Bavarian state data protection authority and cover requirements in Germany’s Telemedia Act as well as the Federal Data Protection Act. Topics addressed in the 33-page document include: Continue Reading German DPAs Publish App Guidelines and Step Up Enforcement