In the 9th Circuit’s August 15, 2017 decision in Robins v. Spokeo, the latest in the long-running legal debate about when a consumer cause of action exists for a data breach, the 9th Circuit has declared that inaccuracies in a published credit report may sometimes constitute a “concrete injury” sufficient to confer Article III standing. This is a significant win for consumer protection advocates,… More
Tag Archives: privacy
On June 21, 2017, the FTC updated its COPPA Compliance Guidance for businesses. The new guidance includes new descriptions of services and products covered by COPPA, and new methods for obtaining parental consent.
Though the guidance is new, the subjects of the guidance generally are not; for example, “internet-enabled location-based services” have long been within the ambit of COPPA because geolocation information has long been part of the definition of “personal information” of children that COPPA regulates.… More
The Boston Bar Association’s inaugural Privacy and Cybersecurity Conference will be held on May 24. The conference will bring together attorneys from private practice and in-house legal departments to network and discuss key topics and trends in privacy and cybersecurity. This full-day conference will cover a wide range of topics from data breach response and litigation to compliance and transactional issues. Panelists will discuss new developments in the legal and regulatory landscape,… More
For internet-of-things watchers, some information to chew on: several news outlets have reported on a dispute between Amazon and law enforcement investigators in Bentonville, Arkansas. Arkansas police are investigating an apparent homicide that took place in November 2015, and have charged one suspect with murder. Searching the house where the crime took place, investigators uncovered an Amazon Echo device, a personal digital assistant that can be activated by voice commands.… More
The new (EU) 2016/679 General Data Protection Regulation (GDPR) will enter into force on 25 May 2018. Its scope is broader than that of the current 95/46/CE Directive, which means that more companies headquartered outside of the EU will have to comply with European data protection rules than under the current regime.
The 95/46/CE Directive set up a European body, the Article 29 Working Party,… More
Reuters reported earlier this month that, according to three former employees, Yahoo Inc. had “complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo mail accounts at the behest of the NSA or FBI.” Yahoo responded that the article was misleading, but did not deny the scanning had occurred.
The New York Times reported further details about this scanning: Yahoo had modified a system intended to scan emails for child pornography and spam in order to satisfy a secret court order requiring it to search for messages containing a computer “signature” tied to the communications of a state-sponsored terrorist organization.… More
On July 6, 2016, the European Union adopted Directive (EU) 2016/1148, “concerning measures for a high common level of security of network and information systems across the Union,” otherwise known as the Network and Information Security Directive. (A directive, in EU parlance, is an instruction to member states to achieve a particular objective and a general framework for how to do so. This differs from a regulation, which is immediately binding on all member states.) Pursuant to this Directive,… More
What the recent Amazon decision tells us
On 28 July 2016, the European Court of Justice rendered a decision in a dispute between an Austrian Consumer Protection organization known as VKI (Verein für Konsumenteninformation) and Amazon EU Sàrl, a subsidiary of Amazon registered in Luxembourg. The main issue in this case is whether Amazon General Conditions were enforceable under Consumer Law; however; one of the questions referred to the European Court was about the territorial scope (Article 4) of the 95/46/EC Directive on Data Protection.… More
In Case You Missed It: In a sign of the growing importance of cyber operations in warfare, the Obama administration plans to elevate the status of the Pentagon’s Cyber Command. The U.S. Cyber Command, or USCYBERCOM, was created on June 23, 2009. Its stated mission is to, among other things, “conduct full spectrum military cyberspace operations” to “ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.” Currently,… More
In Case You Missed It: U.S. Major party platforms address cybersecurity. The two major parties have released their 2016 election platforms, both of which include cybersecurity planks. The Republican platform’s perspective of cybersecurity is an element of national security and international relations. The platform called for harsh responses to cyber-attacks against American businesses, institutions, and government, applauded the Cybersecurity Information Sharing Act of 2015, and pledged to “explore the possibility of a free market for Cyber-Insurance.” The Democratic platform is largely as a continuation of President Obama’s cybersecurity policies.… More