Ballard Privacy & Data Security partners Phil Yannella, Kim Phan and Greg Szewczyk recently wrote an article on managing compliance with the growing patchwork of state privacy laws for the Media Law Resource Center (MLRC). The article was made available at last week’s Legal Frontiers in Digital Media virtual conference sponsored by the MLRC and will appear in an upcoming edition of “Legal Frontiers in Digital Media,” MLRC Bulletin (June 2021). A copy of the article is available here:
Continue Reading Managing Compliance with a Patchwork of State Privacy Laws
FTC Workshop Signals Increased Regulatory Focus on Dark Patterns
On April 29, 2021, the Federal Trade Commission (FTC) hosted a virtual workshop, entitled “Bringing Dark Patterns to Light,” to examine “dark patterns.” In her opening remarks, Acting FTC Chairwoman Rebecca Kelly Slaughter broadly described “dark patterns” as “user interface designs that manipulate consumers into taking unintended actions that may not be in their interest.” Chairwoman Slaughter highlighted several examples of dark patterns, including confusing cancellation procedures that force users to navigate multiple screens, online applications that hide the material terms of a product or service through the use of inconspicuous drop down links and auto-scroll features, and the addition of products to users’ shopping carts without their knowledge or consent.
Continue Reading FTC Workshop Signals Increased Regulatory Focus on Dark Patterns
A Comparison of the Virginia, Washington, and Florida Proposed Privacy Bills
After a pandemic-related hiatus in 2020, a number of U.S. states have proposed new data privacy laws in 2021 – and several are very close to passage. Virginia’s proposed data privacy law appears to be the closest and is likely to be signed into law by Governor Northam in the near future. Washington and Florida’s
Federal Court System—And Possibly Sealed Filings—Breached in Connection With SolarWinds Hack
The Administrative Office of the U.S. Courts (the “AO”) recently disclosed that it has initiated an investigation into an apparent compromise in security of the Judiciary’s Case Management/Electronic Case Files System (“CM/ECF”) as a result of vulnerabilities associated with SolarWinds Orion products. The AO noted that it is currently working with the Department of Homeland
New York Proposes Biometric Privacy Bill With Private Right of Action
On January 6, 2021, a bipartisan group of New York state lawmakers released a copy of Assembly Bill 27 (AB 27), the New York Biometric Privacy Act. If New York passes AB 27, it will join Illinois, Texas, and Washington as states that have adopted laws that strictly regulate the notice, collection, and handling
FTC Seeks Privacy Information from Social Media and Video Streaming Companies
On December 14, 2020, the Federal Trade Commission (FTC) announced in a press release that it is issuing orders under the FTC’s authority in Section 6(b) of the FTC Act to the following nine social media and video streaming companies: Amazon.com, Inc., ByteDance Ltd. (which operates the short video service TikTok), Discord Inc., Facebook, Inc.,
Federal Agencies Consider Requiring Reporting of Computer Security Incidents
On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator. Under the proposed rule, for incidents
California Voters Approve CPRA
On November 4, 2020, California voters approved of the ballot initiative Proposition 24, more commonly known as the California Privacy Rights Act (the “CPRA”). The CPRA goes into effect on January 1, 2023, and will expand several of the existing protections in the California Consumer Privacy Act (the “CCPA”).
As background, the original CCPA
Weakened Privacy and Information Security Tools—the Unintended Consequence of Attacks on Section 230 of the CDA
Assaults on Section 230 of the Communications Decency Act (the “CDA”)—which shields online platforms from civil liability for third party content on their services—are abundant these days. On October 15, 2020, FCC Chairman Ajit Pai announced that his agency, at the request of President Trump, will draft rules explaining when platforms’ efforts to moderate user-posted
HHS Announces Eight HIPAA Settlements
Following a very quiet start to HIPAA settlement activity in 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced eight settlements with covered entities and business associates.
The most recent of these announcements involves the second-largest HIPAA settlement amount in OCR’s history, amounting to $6.85 million.