Yesterday, October 12, 2022, was the first time that a case under the Illinois Biometric Information Privacy Act (BIPA) went to trial – and the result was a big win for the Plaintiffs, more than 44,000 truck drivers whose fingerprints were scanned for identity verification purposes without any informed permission or notice. BIPA is an
Privacy
Biden Signs Executive Order Implementing Privacy-Shield Replacement for EU-US Data Transfers
Today, October 7, 2022, President Joe Biden signed an executive order implementing a new privacy framework for data being shared between Europe and the United States. The new framework is called the “Trans-Atlantic Data Privacy Framework,” and it will (hopefully) serve to replace the prior framework, known as “Privacy Shield”, which was struck down by…
Meta’s Annual Report Says It May Have To Shut Down Facebook and Instagram in Europe Because of GDPR – A Fact, Not a Threat
In July 2020, the Schrems II decision issued and the European Commission’s adequacy decision for the EU-US Privacy Shield Framework was invalidated. Further, and broader than the invalidation of Privacy Shield adequacy decision, the Schrems II judgement found that US surveillance measures interfered with what are considered “fundamental rights” under EU law, i.e., the rights…
Heads-Up to Any Companies with Loyalty Programs –They Count as “Financial Incentives” for Purposes of the CCPA
On Friday, January 28, 2022, the California Office of Attorney General issued a press release announcing that California DOJ sent notices alleging non-compliance with the California Consumer Privacy Act (CCPA) to a number of businesses operating loyalty programs in California. The press release stated, inter alia:
“Under the CCPA, businesses that offer financial incentives,…
Can European Websites use Google Analytics and Similar Services Without Violating the GDPR?
It has been nearly a year and a half since the Schrems II decision issued in July 2020, which invalidated the European Commission’s adequacy decision for the EU-US Privacy Shield Framework. As a result, companies were forced to reexamine their transfers of personal information out of the EU, and the safeguards that they rely on…
France Fines Facebook and Google For Violating the EU Cookie Law: You Need to Make it As Easy to Refuse as a Cookie, as it is to Accept One
France recently fined Alphabet Inc’s Google $169 million and Meta Platform’s Facebook $67 million on grounds that the companies violated the EU e-Privacy directive (aka the EU “Cookie Law”) by requiring too many “clicks” for users to reject cookies. The result was that many users just accepted the cookies, thus allowing the identifiers to track…
Virginia is 2nd to Enact Consumer Privacy Law, And It Has a Couple of Twists
Yesterday, Virginia passed the Virginia Consumer Data Protection Act (VCDPA), making it the second state (behind California, with its California Consumer Protection Act (CCPA) to enact a general consumer privacy law. The VCDPA will take effect on January 1, 2023, which is also the same day the California Privacy Rights Act (CPRA), an act to…
10 Thoughts Regarding Apple’s New “Privacy Nutrition Labels”
In December 2020, Apple started requiring Apps to display mandatory labels that provide a graphic, easy-to-digest version of their privacy policies. They are being called “privacy nutrition labels,” presumably a reference to the mandatory FDA-required “Nutrition Facts” labels that have appeared on food since 1990. Below I offer ten thoughts related to these new labelling…
Outer Space Real Estate Wars May Signal a Beginning of Outer Space Privacy Disputes
A recent article from CNN reported on SpaceX and Amazon sparring over their competing satellite-based internet business. The article reports that at the center of the dispute is “a recent attempt by SpaceX to modify its license for Starlink, a massive constellation of internet satellites, of which SpaceX has already launched more than 900.” SpaceX…
WhatsApp – An Example of How Companies Compete Based on Privacy
Facebook, the parent company to WhatsApp, is reporting near-record low revenue growth. Thus, presumably in an effort to monetize WhatsApp more heavily, WhatsApp recently announced changes to its privacy policy: as of February 8, 2021, all WhatsApp users (except those that live in Europe) must agree to share their data with Facebook. If users do…