France recently fined Alphabet Inc’s Google $169 million and Meta Platform’s Facebook $67 million on grounds that the companies violated the EU e-Privacy directive (aka the EU “Cookie Law”) by requiring too many “clicks” for users to reject cookies. The result was that many users just accepted the cookies, thus allowing the identifiers to track
On August 20, 2021, China passed its first general data protection law, called the Personal Information Protection Law (“PIPL”). The law is set to take effect on November 1, 2021 (two months away), and it applies to both (1) in-country processing of personal information of natural persons; and (2) out-of-country processing of personal information of
On April 22, 2021, the Supreme Court issued a unanimous decision finding that the FTC lacks authority to pursue equitable monetary relief in federal court under Section 13(b) of the Federal Trade Commission Act (the “FTCA”). The result means that defendant Scott Tucker does not have to pay $1.27 billion in restitution and disgorgement, notwithstanding
Yesterday, Virginia passed the Virginia Consumer Data Protection Act (VCDPA), making it the second state (behind California, with its California Consumer Protection Act (CCPA) to enact a general consumer privacy law. The VCDPA will take effect on January 1, 2023, which is also the same day the California Privacy Rights Act (CPRA), an act to
In December 2020, Apple started requiring Apps to display mandatory labels that provide a graphic, easy-to-digest version of their privacy policies. They are being called “privacy nutrition labels,” presumably a reference to the mandatory FDA-required “Nutrition Facts” labels that have appeared on food since 1990. Below I offer ten thoughts related to these new labelling
While Europe is leveraging hefty fines against violators of the EU General Data Protection Regulation (GDPR) (here is a tracker of recent fines: https://www.enforcementtracker.com/), the United States Supreme Court heard oral arguments last month on whether the FTC – the chief federal agency on privacy policy and enforcement since the 1970s – lacks authority
A recent article from CNN reported on SpaceX and Amazon sparring over their competing satellite-based internet business. The article reports that at the center of the dispute is “a recent attempt by SpaceX to modify its license for Starlink, a massive constellation of internet satellites, of which SpaceX has already launched more than 900.” SpaceX
Facebook, the parent company to WhatsApp, is reporting near-record low revenue growth. Thus, presumably in an effort to monetize WhatsApp more heavily, WhatsApp recently announced changes to its privacy policy: as of February 8, 2021, all WhatsApp users (except those that live in Europe) must agree to share their data with Facebook. If users do
Just before the Christmas holidays, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued proposed rulemaking entitled “Requirements for Certain Transactions Involving Convertible Virtual Currency or Digital Assets.” The proposed regulations seek to “require banks and money service businesses (“MSBs”) to submit reports, keep records, and verify the identity of customers in relation
If you’re a company that has been scratching your head and racking your brain since the Schrems II decision issued on July 16, 2020, invalidating Privacy Shield and calling into question all data transfers between the EU and third countries on surveillance-related grounds, your wish for more guidance has finally come true.
This week, the