On February 28, 2018, the Federal Trade Commission issued a report, titled Mobile Security Updates: Understanding the Issues (the “Report”), that analyzes the process by which mobile devices sold in the U.S. receive security updates and provides recommendations for improvement. The Report is based on information the FTC obtained from eight mobile device manufacturers, and from information the Federal Communications Commission collected from six wireless carriers. Continue Reading FTC Recommends Steps to Improve Mobile Device Security Update Practices
On January 25, 2018, the Standardization Administration of China published the full text of the Information Security Technology – Personal Information Security Specification (the “Specification”). The Specification will come into effect on May 1, 2018. The Specification is voluntary, but could become influential within China because it establishes benchmarks for the processing of personal information by a wide variety of entities and organizations. In effect, the Specification constitutes a best practices guide for the collection, retention, use, sharing and transfer of personal information, and for the handling of related information security incidents. Continue Reading China Releases National Standard on Personal Information Security
This post has been updated.
On October 27, 2016, the Federal Communications Commission (“FCC”) announced the adoption of rules that require broadband Internet Service Providers (“ISPs”) to take steps to protect consumer privacy (the “Rules”). According to the FCC’s press release, the Rules are intended to “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.” Continue Reading FCC Adopts Broadband Consumer Privacy Rules
On October 27, 2016, the Federal Communications Commission (“FCC”) will vote on whether to finalize proposed rules (the “Proposed Rules”) concerning new privacy restrictions for Internet Service Providers (“ISPs”). The Proposed Rules, which revise previous versions introduced earlier this year, would require customers’ explicit (or “opt-in”) consent before an ISP can use or share a customer’s personal data, including web browsing and app usage history, geolocation data, children’s information, health information, financial information, email and other message contents and Social Security numbers. Continue Reading FCC to Vote on Proposed Privacy Rules for Internet Service Providers
On October 3, 2016, the Texas Attorney General announced a $30,000 settlement with mobile app developer Juxta Labs, Inc. (“Juxta”) stemming from allegations that the company violated Texas consumer protection law by engaging in false, deceptive or misleading acts or practices regarding the collection of personal information from children. Continue Reading Texas AG Settles Suit with Messaging App Over Children’s Data Practices
The Federal Trade Commission announced that it will host a workshop on September 15, 2016, “Putting Disclosures to the Test,” on the efficacy and costs of consumer disclosures in advertising and privacy policies. Planned discussion topics include examining disclosures meant to avoid deception in advertising, disclosures designed to inform consumers of data tracking, and industry-specific disclosures for jewelry, environmental and fuel-saving claims. The workshop is open to the public and will take place at the FTC’s Constitution Center offices in Washington, D.C. The FTC currently is soliciting presentation proposals for the workshop; submissions may be sent to email@example.com.
As we previously reported, the Federal Aviation Administration’s (“FAA’s”) proposed “small drone rule” nears completion of the interagency review process, but one potential stumbling block has been removed, at least for now. On Tuesday, May 10, 2016, the U.S. Court of Appeals for the D.C. Circuit denied a request by the Electronic Privacy Information Center (“EPIC”) to review the FAA’s decision not to include privacy provisions in its Notice of Proposed Rulemaking for the Operation and Certification of Small Unmanned Aircraft Systems (“NPRM”), as well as its denial of an EPIC petition to the same effect. The court decided that there were no reasonable grounds for EPIC’s delay in filing for review of the FAA’s denial of EPIC’s 2012 petition that sought to cause the FAA to promulgate privacy regulations pertaining to drones. The court further concluded that EPIC’s challenge to the NPRM itself is premature, as the rule is not yet final. Continue Reading Privacy Provisions Not Included in Small Drone Rule