Tag Archives: privacy

Mistake in Your Credit Report? The Latest Spokeo Decision Suggests You May Have A Case.

In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More

FTC Updates COPPA Guidance for Businesses

On June 21, 2017, the FTC updated its COPPA Compliance Guidance for businesses. The new guidance includes new descriptions of services and products covered by COPPA, and new methods for obtaining parental consent.

Though the guidance is new, the subjects of the guidance generally are not; for example, “internet-enabled location-based services” have long been within the ambit of COPPA because geolocation information has long been part of the definition of “personal information” of children that COPPA regulates.… More

Boston Bar Association’s Inaugural Privacy and Cybersecurity Conference, May 24, 2017

The Boston Bar Association’s inaugural Privacy and Cybersecurity Conference will be held on May 24.  The conference will bring together attorneys from private practice and in-house legal departments to network and discuss key topics and trends in privacy and cybersecurity.  This full-day conference will cover a wide range of topics from data breach response and litigation to compliance and transactional issues. Panelists will discuss new developments in the legal and regulatory landscape,… More

Hey, Alexa – Tell Me About My Privacy Rights!

For internet-of-things watchers, some information to chew on:  several news outlets have reported on a dispute between Amazon and law enforcement investigators in Bentonville, Arkansas.  Arkansas police are investigating an apparent homicide that took place in November 2015, and have charged one suspect with murder.  Searching the house where the crime took place, investigators uncovered an Amazon Echo device, a personal digital assistant that can be activated by voice commands.… More

How Can Yahoo E-Mail Scanning Impact the EU-U.S. Privacy Shield?

Reuters reported earlier this month that, according to three former employees, Yahoo Inc. had “complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo mail accounts at the behest of the NSA or FBI.” Yahoo responded that the article was misleading, but did not deny the scanning had occurred.

The New York Times reported further details about this scanning:  Yahoo had modified a system intended to scan emails for child pornography and spam in order to satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization.… More

What to Expect from the EU’s New Network and Information Security Directive

On July 6, 2016, the European Union adopted Directive (EU) 2016/1148, “concerning measures for a high common level of security of network and information systems across the Union,” otherwise known as the Network and Information Security Directive. (A directive, in EU parlance, is an instruction to member states to achieve a particular objective and a general framework for how to do so.  This differs from a regulation, which is immediately binding on all member states.)  Pursuant to this Directive,… More

Which U.S. Businesses Must Comply with EU Data Protection laws?

What the recent Amazon decision tells us

On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer Law; however; one of the questions referred to the European Court was about the territorial scope (Article 4) of the 95/46/EC Directive on Data Protection.… More

Cybersecurity News & Notes – August 8, 2016

In Case You Missed It:  In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command.  The U.S. Cyber Command, or USCYBERCOM, was created on June 23, 2009.  Its stated mission is to, among other things, “conduct full spectrum military cyberspace operations” to “ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.”  Currently,… More

Cybersecurity News and Notes – July 25, 2016

In Case You Missed It: U.S. Major party platforms address cybersecurity.  The two major parties have released their 2016 election platforms, both of which include cybersecurity planks.  The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies.… More