In re-launching the inquiry into carriers' data privacy and security practices, the FCC argues that not informing customers about the software or its data practices may have violated the carriers' responsibility pursuant to Section 222 of the Communications Act of 1934 to protect customer data "that is made available to a carrier solely by virtue of the carrier-customer relationship." The law allows such data to be used only in "limited circumstances," a term which is not defined in Section 222. It appears that one of the goals of the renewed inquiry is for the FCC to define the scope of the "limited circumstances."
Google's new privacy policy (and its plans to create user profiles across multiple online services) has drawn fire from European data protection authorities. Online and mobile retailers and service providers should take account of a renewed emphasis on transparency and proportionality in collecting data about users.
What happened in the privacy world last week? On Thursday, just before the release of the White House Paper, California Attorney General Kamala Harris announced an agreement with the leading operators of mobile application platforms to privacy principles designed to bring the mobile app industry in line with a California law requiring mobile apps that collect personal information to have a privacy policy. It might be argued that the White House is now enunciating principles and best practices, and encouraging legislation of principles, that have long been embodied not only as best practice but as actual legislation under California law.
On February 8, 2012, the Electronic Privacy Information Center (EPIC) asked the Federal District Court for the District of Columbia to compel the Federal Trade Commission (FTC) to enforce the terms of the agency's Google Buzz privacy settlement with Google. EPIC seeks to compel the FTC to stop Google's planned consolidation of user data from across the company's services into a single profile for each user under a single privacy policy. EPIC has alleged that the proposed changes and the way Google seeks to implement the changes violate the Google Buzz consent order. The District Court will hear the case before March 1, 2012.In this post, we discuss the highlights of EPIC's complaint, Google's response and lessons learned.
On May 16, 2011, EU's Article 29 Working Party (WP29) adopted an opinion setting out privacy compliance guidance for mobile geolocation services.WP29 is comprised of representatives from the EU member states' data protection authorities (DPAs), the European Data Protection Supervisor and the European Commission. WP29's mandate includes (i) giving expert advice to the EU member states regarding the implementation of European data protection directives, and (ii) promoting uniform implementation of the directives in all EU state members as well as in Norway, Liechtenstein and Iceland. WP29's opinions, therefore, carry significant weight in the interpretation and enforcement of data protection laws by European DPAs. Not surprisingly, WP29 has concluded that geolocation data is "personal data" subject to the protections of the European data protection framework, including the EU Data Protection Directive 95/46/EC. The Working Party also determined that the collection, use and other processing of geolocation data through mobile devices generally requires explicit, informed consent of the individual. Below are the highlights of the opinion.
On May 10, 2011, the Senate Subcommittee on Privacy, Technology and the Law held a hearing on mobile privacy. We covered the hearing in detail on our blog. Yesterday, InfoLawGroup partner Boris Segalis spoke with Fox Live's Tracy Byrnes about the balance between business and consumer interests that mobile privacy implicates.The clip from the interview is available on Fox at http://video.foxnews.com/v/4689248/the-congressional-mobile-privacy-hearing/?playlist_id=86861
The Google Buzz settlement that the Federal Trade Commission announced on March 30, 2011 is the latest in the line of the Commission's numerous Section 5 actions related to privacy and data security violations. The Google Buzz settlement, however, is unique in several important ways. The settlement represents (i) the first FTC settlement order has requires a company to implement a comprehensive privacy program to protect the privacy of consumers' information, and (ii) the Commission's first substantive U.S.-EU Safe Harbor framework enforcement action. Let's dive in (make sure to read the "Action Item" at the conclusion of the post!).
The European Court of Justice rules that Google is not liable for automated keyword advertising based on brand names. Advertisers, however, may be liable under trademark and fair competition laws if the ads misleadingly suggest that they link to the trademark owner.