The European Union’s General Data Protection Regulation (GDPR) sets a high standard for consent. Consent means offering people genuine choice and control over how their data is used. The GDPR definition of consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement … Read more
The FTC has announced that Uber Technologies, Inc. has agreed to expand the proposed settlement it reached with the agency last year over charges that the ride-sharing company deceived consumers about its privacy and data security practices. After the announcement of last year’s proposed settlement, the FTC learned that Uber had failed to disclose a significant breach … Read more
On January 8, 2017 the FTC announced its first children’s privacy settlement involving Internet-connected toys. According to the Commission, electronic toy manufacturer VTech Electronics Limited and its U.S. subsidiary have agreed to settle charges that the company violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information from children without providing direct notice … Read more
The EU General Data Protection Regulation becomes effective in May 2018. It applies to those that (i) offer products/services to EU residents; (ii) monitor the behavior of EU residents; or (iii) handle the personal data of an EU residents. The cornerstone of GDPR is that personal data must be processed lawfully, fairly and in a transparent … Read more
TrustArc (formerly TrustE) has faced some legal issues from New York Attorney General, Eric Schneiderman, who claimed that they failed to adequately assess the websites of companies they were listing as safe. This, he said, left them out of compliance with COPPA. TrustArc settled with the attorney general for $100,000 and an agreement to strengthen … Read more
Nevada recently became the third state to enact legislation requiring website operators and online service providers to post a privacy policy. The California law was passed in 2004 and Delaware’s in 2016. Senate Bill No. 538 mandates that, commencing on October 1, 2017, websites and other online services must make available, in a manner reasonably … Read more
Facebook has had a lawsuit pending since 2013 related to alegations made in 2012 that the company was scanning private messages, and counting the links shared within them as ‘likes’ for their algorithms. This accusation was made by a security researcher, Ashkan Soltani, who found that Facebook was doing this. The social network changed their … Read more
There was a lot of talk about the recent law passed by congress that would allow ISPs, mobile companies, and others to sell the private browser history of users to third party companies. While many people are still very upset with the actual law, ISPs and mobile carriers are making it clear that they have … Read more
Janrain®, the leading company that created the Customer Identity and Access Management (CIAM) category, today announced the results of a new Consumer Identity Trends survey that shows while social login use is growing in popularity thanks to the 75% now suffering from password fatigue, 93% are nonetheless concerned about how their account data and activity … Read more
When Facebook bought WhatsApp in 2014, many people were concerned that the company would begin feeding Facebook with user information. They were assured that the Facebook deal would not result in a change to privacy on WhatsApp. A recent announcement, however, confirms that WhatsApp will begin feeding Facebook with user data, including their phone numbers. … Read more
Practice Fusion is an electronic health record platform that is used by doctors and patients to handle a variety of healthcare related activities. The company was charged by the FTC with violating privacy information used on the site, and they have now settled with the company. The company ran into the trouble because they were … Read more