Protection background. Technology security, encode and decrypt, techno scheme, vector illustration

Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. And biometrics are behind some cool new in-game offerings in the interactive entertainment and social media space. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation. On January 30, 2017, the Southern District of New York dismissed one such litigation brought against video game publisher Take-Two Interactive Software, Inc. for alleged violation of the Illinois Biometric Information Privacy Act (“BIPA“). Here’s a summary.

Continue Reading No Harm, No Foul: Court Dismisses Biometric Data Privacy Class Action Against NBA 2K Games

For the moment it depends who you ask. In recent weeks, we have heard talk of walls and borders.  But some at the Department of Justice are working to break down barriers and convince the courts that they can gain access to a person’s data regardless of where it is ultimately stored.  In this post I address two recent cases that reached completely different results on whether the government can enforce a warrant that seeks data from a U.S. company but that is stored in a foreign country.  Continue Reading Blurred Lines: Can the Government Seize U.S. Data Housed in a Foreign Country?

Shortly after FTC staff published the results of their study on cross-device tracking (described in this prior blog post), the FTC issued its own comprehensive report on the topic.  In addition to highlighting many of the same benefits and privacy concerns raised by cross-device tracking, the FTC report provides an update on industry self-regulatory efforts in this area, along with practical recommendations for those involved in cross-device tracking, based on learnings from past FTC enforcement actions. Continue Reading Don’t Get Your Wires Crossed When Cross-Device Tracking

In one of its final acts in office, on January 17, 2017, the Obama Administration released a report on privacy entitled “Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation.”

The report recounts key actions taken by the administration over the past eight years to protect consumer privacy, including:

  • redesigning the FTC Identify.gov website to provide resources to victims of identity theft;
  • supporting the FCC in issuing broadband consumer privacy rules that require broadband providers to obtain affirmative consent from customers to use and share sensitive proprietary information;
  • publishing best practices for operating drones that take into account privacy considerations;
  • helping the FTC modernize COPPA regulations in order to address changes in technology and protect children’s interests; and
  • working with ed-tech companies to limit the collection and sharing of student data.

Continue Reading Obama’s Last Word on Privacy?

As an IP and privacy lawyer (@ipprivacylawyer), I always find it interesting when my two usually distinct practice areas converge.  Well, today brought some fascinating news at the intersection of copyright and privacy that I did not expect to see on my otherwise depressing Twitter feed.  Continue Reading Trump’s Copyright Office Expands Privacy Rights For . . . Transgender Individuals?

The new EU General Data Protection Regulation or “GDPR” takes effect May 2018. Many US companies may wonder why they should care about European privacy laws. The answer may surprise you if you are not a close follower of privacy law developments. The GDPR includes an extraterritorial jurisdiction provision pursuant to which many US companies without any personnel or servers in the European Union may still be subject to the law. So how do you know if you are covered? Here’s what you need to know: Continue Reading GDPR Stands for . . . “Gotta Do [Something] Privacy-Related?”; When Is My US Company Subject To the New EU General Data Protection Regulation?

The sudden rise of Pokémon Go was one of the biggest news stories of 2016. While the introduction of reality-altering applications has been underway for some time, the unprecedented popularity of the game and the resulting controversies (discussed in further detail below) generated new buzz in the legal community as it scrambled to reconcile the law with the changing technological landscape. Continue Reading The Legal Challenges of Augmented Reality – Part 1: The Basics

Earlier this month, the FTC announced that a third-party study and report on cross-device tracking had been completed by the Office of Technology, Research and Investigation (“OTech”), following up on their presentation on this topic at the FTC’s 2015 workshop.  The FTC released its own report on cross-device tracking last week, which will be covered in a subsequent blog post.  OTech’s study focused on: 1) what information companies are collecting and may be using to track consumers across devices, and 2) what companies are disclosing about their cross-device tracking in privacy policies or otherwise (the answer is not much!).  Continue Reading FTC Highlights Third-Party Report Finding That Companies Are Hiding the Ball on Cross-Device Tracking

Shortly before the New Year, the United States Attorney for the Southern District of New York unsealed an indictment against three Chinese hackers who allegedly stole information from two prominent U.S. law firms.  According to the indictment the hackers stole upwards of 50 gigabytes of data from the two firms, which related to impending mergers of large public companies.  The indictment alleges that the hackers subsequently traded on the non-public information related to the mergers and reaped profits of more than $2 million.  Regardless of how this case unfolds, it is an important cautionary tale for both lawyers and clients about the risks of the practice of law in the digital age. Continue Reading Don’t Fall Asleep at the Switch: The Ethical Risks of Law Firm Data Breach

In 2016, Amazon sold millions of Amazon Echos worldwide. Brands have taken notice, and begun to develop and release third party software integrations, or “Skills” as Amazon calls them, for the Alexa platform as well as for other voice-enabled platforms and devices. Once again, the law is playing catch-up with technology, and we are here to help you navigate the thorny issues. Continue Reading What Do Brands Need to Know About Voice-Enabled Platforms and Devices? Part I: The Basics and a Few Privacy Issues