Potential FTC Priorities Under the Biden Administration

On February 10, 2021, Acting FTC Chairwoman Slaughter delivered her keynote address “Protecting Consumer Privacy” at the Future of Privacy Forum. Chairwoman Slaughter emphasized the importance of transparent notice to consumer surrounding privacy practices, noting that it allows consumers the “dignity of knowing what is happening.”

Chairwoman Slaughter outlined the following areas of focus for FTC enforcement in 2021:

  1. Protecting privacy during the pandemic, especially in the ed-tech world, where Slaughter  emphasized the importance of children’s privacy, and health applications , including tele-health and contact tracing apps, where she discussed the importance of application of the Health Breach Notification Rule to FTC enforcement actions;
  2. Conducting a follow up study on broad band service providers’ privacy practices, continuing the work the FTC began in 2019; and
  3. Racial Equity, and the targeting of vulnerable populations by digital services, facial recognition technologies, location data, and algorithmic discrimination.

Chairwoman Slaughter also noted the importance of the FTC pursuing all methods of relief at its disposal in its enforcement actions, including disgorgement of not only monetary gains, but other benefits (like algorithms developed) from “ill gotten data.”

Read Chairwoman Slaughter’s full remarks here: https://www.ftc.gov/system/files/documents/public_statements/1587283/fpf_opening_remarks_210_.pdf

CJEU Declares Privacy Shield Invalid but Upholds Validity of Model Clauses (Sort Of)

A sense of déjà vu descended over the international data transfer landscape on July 16, 2020. In a landmark ruling, the Court of Justice of the European Union (CJEU) announced that Privacy Shield, one of the main mechanisms used by companies to transfer personal data from the EU to the United States, is invalid.

To read the full text of this Duane Morris Alert, please visit the firm website.

How to Heed Privacy Law in the Midst of a Pandemic

As countries grapple with the global threat of COVID-19, some are leveraging user location data and tracking apps to model potential contamination paths. China has tapped into its facial recognition tools to track the virus and has deployed drones that tell people to wear masks. Singapore has launched an app called TraceTogether which uses Bluetooth to determine who could be at risk of infection. And the United Kingdom is reportedly in talks with telecom providers on how to best use location data to stem the crisis.

But the coronavirus turning the world upside down does not mean companies can throw out the General Data Protection Regulation and the California Consumer Privacy Act, as well as other privacy protections.

To read an excerpt from this article, which quotes Duane Morris partner Sandra Jeskie, please visit the firm website.

Oregon Senator Proposes Robust Federal Privacy Legislation

Frustrated by privacy lapses by US companies, Democrat Senator Ron Wyden of Oregon has introduced proposed federal legislation referred to as the Mind Your Own Business Act (the Act). If enacted, this law could put serious teeth into efforts to protect consumer data.

Serious Penalties for Noncompliance

Indeed, the Act could cause certain executives to find themselves in prison for as many as twenty years if their companies are found to have lied to legal authorities about improper use of consumers’ personal information. On top of that, the Act could lead to such companies incurring special tax penalties corresponding to executives’ salaries.

If this were not enough, the Act would empower the Federal Trade Commission with the ability to fine companies for violating this law up to four percent of corporate annual revenues. For some companies, this could amount to fines in the billions of dollars. Continue reading “Oregon Senator Proposes Robust Federal Privacy Legislation”

California Consumer Privacy Act (“CCPA”) Amendments One Step Closer to Passage

By Angelica A. Zabanal

When the California Consumer Privacy Act (“CCPA”) was passed last year, it was generally acknowledged that the CCPA would need to be clarified prior to its January 1, 2020, implementation. A variety of CCPA amendments are now one step closer to full passage.

Last month, the California Senate Judiciary Committee passed seven amendment bills to the California Consumer Privacy Act (“CCPA”).  The bills are now headed to the Committee on Appropriations for a vote. Any bills amended by the Senate will need to return to the Assembly for a vote and a possible reconciliation.  Lawmakers have until September 13, 2019 to vote on these CCPA amendments, which are summarized in their current form below:

  • B. 25 (regarding Employee Exception):  Amends the CCPA so that it excludes the collection of personal information (“PI”) from job applicants, employees, business owners, directors, officers, medical staff, or contractors, who would not be considered as “consumers” under the CCPA.  Now amended to weaken the employee exception with a sunset exemption on January 1, 2021 and negating the exemption as it pertains to the CCPA’s notice and data breach liability provisions;
  • B. 846 (regarding Customer Loyalty Programs):  Excludes application of certain prohibitions in the CCPA to loyalty or rewards programs.  Now amended to prohibit a business from selling consumer PI that was collected as part of a loyalty, reward, discount, premium features, or club card program;
  • B. 1202 (regarding Data Brokers):  Requires data brokers to register with the California Attorney General.  Now amended to exclude language that would have provided consumers the right to opt-out of the sale of their personal information by data brokers;
  • B. 1564 (regarding Disclosure Methods):  Requires businesses to provide consumers with two methods for the submission of privacy requests, including a toll-free telephone number at a minimum.  Excludes smaller online companies from the toll-free number and allows these companies to provide an email address for submitting privacy requests;
  • B. 1146 (regarding Warranty and Vehicle Repairs):  Exempts vehicle information retained or shared for purposes of a warranty or recall-related vehicle repair.  Now amended to provide a clearer description of vehicle recalls;
  • B. 874 (regarding “Publicly Available” Information):  Expands definition of “publicly available” to include information that is lawfully made available from federal, state, or local government records.  Amends definition of “personal information” to exclude de-identified or aggregate consumer information.  (Approved by the Judiciary Committee without amendments);
  • B. 1355 (regarding Opt-In Clarification):  Exempts de-identified or aggregate consumer information from the definition of PI.  Also clarifies that consumers over 13 years of age but younger than 16 years of age are required to opt in. Furthermore, parents need to authorize consent only for consumers under 13 years of age. (Approved by the Judiciary Committee without amendments.)

Stay tuned for more updates from Duane Morris LLP regarding the advancement of these CCPA amendments and join us for our CCPA webinar series.

The Federal Government Seeks to Get Hip to Artificial Intelligence

Are the robots going to take over the world?! There is no question that artificial intelligence is finding its way into our everyday lives. Some people love interacting with Alexa as part of their daily activities. Others worry about the loss of autonomy and privacy that accompanies the burgeoning AI world, and some dread that someday humans may become secondary to the artificial intelligence we have created. The AI train already is leaving the station, and before it gets too far down the tracks, what is the federal government doing in terms of potential regulation?

In a time of deep partisan divide in which Republicans and Democrats in Congress disagree on practically everything, a bipartisan group of legislators has reintroduced a bill to accelerate the adoption of artificial intelligence in the federal government. Continue reading “The Federal Government Seeks to Get Hip to Artificial Intelligence”

New California Law Seeks to Lead the U.S. in Online Privacy Protection

Privacy is like oxygen. It generally is not noticed by a consumer until it is gone. California lawmakers, however, are quite aware of privacy and have recently passed perhaps the most strict privacy law in the United States.

Only days ago, the California Consumer Privacy Act of 2018 (“the Act”) was signed into law by Governor Jerry Brown after it had been approved on a unanimous basis by the California State Assembly and the California Senate. The Act does not become operative until 2020, but when it goes it to effect, it will pack a punch. Indeed, the Act will provide great control to consumers with respect to their own personal data.  Continue reading “New California Law Seeks to Lead the U.S. in Online Privacy Protection”

Vanishing Privacy and the Right to Be Let Alone

A scholarly law review article talks about the right to privacy in the face of new technology encroachments and speaks of “the right to be let alone.” When was this article written? This year? Last year? No, in 1890, and think of all the technological advancements that jeopardize the right to privacy since then!

The article by Samuel Warren and Louis Brandeis (who later became a renowned U.S. Supreme Court Justice) was titled “The Right to Privacy,” 4 Harvard Law Rev. 193 (1890). It was published in the wake of the development of the portable camera. Obviously, with movable cameras, people could be captured on film doing all sorts of things as never before. This raised a panoply of privacy concerns and heightened the need for the development of laws to address those issues.  Continue reading “Vanishing Privacy and the Right to Be Let Alone”

Facial Recognition – You Can Run, but You Cannot Hide

You might like to think that you can move about in the world without being noticed. Perhaps you relish the idea of being able to disappear into a crowd while not being recognized. But such notions of anonymity are disappearing.

Of course, you probably have heard about GPS tracking that can be used to determine the specific geographic whereabouts of a person. And now facial recognition can be used to pinpoint the identity of a person in a crowd or frankly at any location where the technology is implemented.  Continue reading “Facial Recognition – You Can Run, but You Cannot Hide”