privacy protections

Subscribe to privacy protections
Federal Trade Commission

This week, the Commission issued more than 30,000 checks, totaling more than $11 million, to consumers and small businesses for cases settled pre-AMG. The FTC also issued a Notice of Proposed Rule Making for the Motor Vehicle Dealers Trade Regulation Rule that could have a significant impact on car marketing and sales tactics. The Commission also finalized orders against a mattress and bedding retailer making “Made in USA” claims and an online retailer of customizable goods for consumer data and privacy concerns. These stories and more after the jump. 

Continue Reading FTC Updates (June 21-24, 2022)

On November 30, 2020, New York Governor Cuomo signed into law a bill that will allow estates and representatives of deceased individuals to defend their names and likenesses from commercial exploitation, allowing their estates to continue to control and protect their likeness after their death. The new law, which establishes a “Right to Publicity” for deceased individuals who were domiciled in New York at their time of death, allows these individuals to that have commercial value, including their name, picture, voice, or signature, against unauthorized use.

In connection with the new post-mortem right to publicity, Governor Cuomo stated, “In the digital age, deceased individuals can often fall victim to bad actors that seek to capitalize on their death and profit off of their likeness after they pass away – that ends today. This legislation is an important step in protecting the rights of deceased individuals while creating a safer, fairer New York for decades to come.” The new post-mortem right of publicity applies up to 40 years after the death of the deceased personality, and it provides certain exceptions, such as for works of art or political interest, parodies and satires, and the use of names and likenesses in the news.

In enacting this law, New York joins the minority of U.S. states which recognize a post-mortem right of publicity, an area of law that has long been controversial and which has resulted in extensive discussion of choice-of-law rules.
Continue Reading ‘Imagine’ This: John Lennon Would Have Received Post-Mortem Right to Publicity in New York

On November 3, 2020, California voters approved California Proposition 24, also known as the California Privacy Rights Act of 2020, or CPRA. The CPRA expands protections afforded to personal information, building off of the California Consumer Privacy Act (CCPA), which took effect in January of this year. While some of the CPRA changes will take effect immediately, most will not become enforceable until July 1, 2023, and apply only to personal information collected after January 1, 2022.

Key Changes to CA Privacy Law

At 54 pages long, the CPRA makes numerous changes to the CCPA, ranging from minor revisions to the introduction of new concepts and the creation of several new consumer rights. Some of the most impactful changes are discussed below. A series of future client alerts will explore the nuances of these changes in greater detail.

Sensitive Personal Data

The CPRA establishes new rules for a category of “sensitive personal information,” which includes, for example, genetic data and religious or philosophical beliefs, and is defined as personal information that reveals:

(1)

  1. a consumer’s social security, driver’s license, state identification card, or passport number;
  2. a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account;
  3. a consumer’s precise geolocation;
  4. a consumer’s racial or ethnic origin, religious or philosophical beliefs, or union membership;
  5. the contents of a consumer’s mail, email and text messages, unless the business is the intended recipient of the communication; and
  6. a consumer’s genetic data; and

(2)

  1.  the processing of biometric information for the purpose of uniquely identifying a consumer;
  2.  personal information collected and analyzed concerning a consumer’s health; or
  3.  personal information collected and analyzed concerning a consumer’s sex life or sexual orientation.

This definition is among the most impactful changes in the CPRA, given the breadth of data that it sweeps in, along with the creation of new disclosure and opt-out rights associated with “sensitive personal information.” These changes will likely require covered businesses to dive into their data, map it, and ensure they are compliant.

In addition, the CPRA creates a right for consumers to “limit use and disclosure of sensitive personal information.” Similar to existing CCPA opt-out rights, beginning in 2023, consumers may direct businesses that collect sensitive personal information to limit its use to that “which is necessary to perform the services or provide the goods reasonably expected by an average consumer” or to perform a small subset of specifically identified exempt services. Significantly, exemptions to the opt-out will include short-term, transient advertising, and “performing services on behalf of the business,” but not general advertising and marketing, nor long-term profiling or behavioral marketing technologies.
Continue Reading CCPA 2.0? California Adopts Sweeping New Data Privacy Protections

First, it was the “Internet of Things” and now it is the “Internet of Dolls.” Mattel, maker of the iconic Barbie doll, has announced plans to introduce “Hello Barbie,” a doll with a Siri-like ability to communicate. The new Barbie, which connects to the cloud through WiFi, can have conversations, tell jokes, and play games with the children who own them.

Hello Barbie also has the ability to listen and learn girl’s preferences and adapt to them accordingly.  During a recent demonstration when a Hello Barbie prototype was asked “What should I be when I grow up?” she responded “Well, you told me you like being on stage. How about a dancer? Or a politician? Or a dancing politician?”

This Barbie doll is likely just the first in what will surely be a long line of dolls and toys that have incredible technological capabilities—whether it is a Siri-like ability to communicate, video recording technology, or the chance to communicate to friends.

But, as these new frontiers of play develop, manufacturers and marketers need to work to ensure that we can strike a balance between innovative play and children’s safety and privacy. And the lines aren’t always clear.

Continue Reading When Your Toys Talk Back: Children’s Privacy and Safety in an Age of Wired Toys

On September 30, 2014, California Governor Jerry Brown signed into law Assembly Bill 1710, which contains a new set of personal information protections that affect all businesses that “own, license, or maintain personal information about Californians.” In what may become a precedent for other jurisdictions, the law includes the nation’s first mandatory state requirement for breached entities to offer breach mitigation services – including credit monitoring – to all affected individuals. Further, the law includes new restrictions on the sale of social security numbers (SSNs). These amendments to the existing California Civil Code Sections 1798.81.5, 1798.82, and 1798.85 will take effect on January 1, 2015.

While offering some sort of breach mitigation services has become common practice for breached entities, California will now require any notifying entity that is the source of a breach to “offer to provide appropriate identity theft prevention and mitigation services … at no cost to the affected person for not less than 12 months.” This obligation will apply only to breaches involving Californians’ names combined with an SSN, driver’s license number, or California ID number.

Continue Reading California Enacts Tough New Privacy Protections