Just this month, Major League Baseball issued a ground-breaking decision approving players’ use of biometric devices during games in the 2017 baseball season. The devices, made by Whoop Inc. and which look like a sleek watch or bracelet, have been billed as the fitness tracker for elite athletes, with their ability to monitor various biometric factors like the wearer’s heart rate, heart rate variability, sleep performance, and recovery. The data generated by the device will be used to assess players’ performance, endurance and recovery, with the goal of optimizing training and rest periods for players and potentially influencing batter line-ups and pitcher workloads. Although the MLB’s decision marks the first time a major U.S. professional league has allowed such devices to be worn in-game, it is only the latest sign that the professional sports world is embracing wearable technology. But as the saying goes, “with great power comes great responsibility,” and many are wondering whether the potential risks involved have been taken into account. While few would dispute the helpful insights this technology can provide, there’s no doubt that significant privacy legal concerns are raised by professional athletes’ use of fitness trackers “at work.” Continue Reading SHOW ME THE DATA – How Wearable Technology Data May Change Baseball
On March 1, 2017, the Federal Communications Commission (the “FCC”) voted 2-1 to issue a stay order temporarily halting the implementation of the Protecting the Privacy of Customers of Broadband and Other Telecommunications Services order (the “2016 Privacy Order”). The 2016 Privacy Order was adopted in October 2016 with the intention of imposing greater obligations on broadband Internet service providers and other telecommunications carriers to protect the privacy of their customers. Specifically, the 2016 Privacy Order created three categories for the use and sharing of customer information based on sensitivity: opt-in, opt-out, and exceptions to the consent requirements. In addition, the 2016 Privacy Order imposed new requirements related to notice, customer approval, and breach notification. You can read further about the elements of the 2016 Privacy Order in our previous post. The 2016 Privacy Order faced criticism from broadband industry trade groups, who alleged that it would subject Internet service providers to a different standard than other companies operating in the Internet space. Continue Reading Not So Fast: FCC Halts Implementation of Controversial 2016 Broadband Privacy Order and Congress Takes Steps to Roll Back Rules
On February 6, 2017, the Federal Trade Commission (“FTC”) in conjunction with the Office of the New Jersey Attorney General announced a settlement with Vizio Inc. (“Vizio”), including payment of $1.5 million to the FTC and $1 million to the New Jersey Division of Consumer Affairs, with $300,000 of that amount suspended, over claims that Vizio’s smart TVs collected information about consumers’ video viewing behavior and shared that data with third parties without sufficient notice or consent. This settlement, along with pending class action litigation against Vizio involving similar allegations, reflects some of the privacy issues faced by developers in the Internet of Things space. Continue Reading Get Smart: Takeaways from FTC Settlement with Vizio over TV Viewing Data
On February 22, 2017, the FTC announced that it had reached a settlement with three companies over charges that the companies had falsely represented their involvement in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (APEC CBPR) in their online privacy policies. Continue Reading Keep Your Promises: FTC Settles Misrepresentation Claims With Three Tech Companies
Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. And biometrics are behind some cool new in-game offerings in the interactive entertainment and social media space. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation. On January 30, 2017, the Southern District of New York dismissed one such litigation brought against video game publisher Take-Two Interactive Software, Inc. for alleged violation of the Illinois Biometric Information Privacy Act (“BIPA“). Here’s a summary.
For the moment it depends who you ask. In recent weeks, we have heard talk of walls and borders. But some at the Department of Justice are working to break down barriers and convince the courts that they can gain access to a person’s data regardless of where it is ultimately stored. In this post I address two recent cases that reached completely different results on whether the government can enforce a warrant that seeks data from a U.S. company but that is stored in a foreign country. Continue Reading Blurred Lines: Can the Government Seize U.S. Data Housed in a Foreign Country?
Shortly after FTC staff published the results of their study on cross-device tracking (described in this prior blog post), the FTC issued its own comprehensive report on the topic. In addition to highlighting many of the same benefits and privacy concerns raised by cross-device tracking, the FTC report provides an update on industry self-regulatory efforts in this area, along with practical recommendations for those involved in cross-device tracking, based on learnings from past FTC enforcement actions. Continue Reading Don’t Get Your Wires Crossed When Cross-Device Tracking
In one of its final acts in office, on January 17, 2017, the Obama Administration released a report on privacy entitled “Privacy in our Digital Lives: Protecting Individuals and Promoting Innovation.”
The report recounts key actions taken by the administration over the past eight years to protect consumer privacy, including:
- redesigning the FTC Identify.gov website to provide resources to victims of identity theft;
- supporting the FCC in issuing broadband consumer privacy rules that require broadband providers to obtain affirmative consent from customers to use and share sensitive proprietary information;
- publishing best practices for operating drones that take into account privacy considerations;
- helping the FTC modernize COPPA regulations in order to address changes in technology and protect children’s interests; and
- working with ed-tech companies to limit the collection and sharing of student data.
As an IP and privacy lawyer (@ipprivacylawyer), I always find it interesting when my two usually distinct practice areas converge. Well, today brought some fascinating news at the intersection of copyright and privacy that I did not expect to see on my otherwise depressing Twitter feed. Continue Reading Trump’s Copyright Office Expands Privacy Rights For . . . Transgender Individuals?
The new EU General Data Protection Regulation or “GDPR” takes effect May 2018. Many US companies may wonder why they should care about European privacy laws. The answer may surprise you if you are not a close follower of privacy law developments. The GDPR includes an extraterritorial jurisdiction provision pursuant to which many US companies without any personnel or servers in the European Union may still be subject to the law. So how do you know if you are covered? Here’s what you need to know: Continue Reading GDPR Stands for . . . “Gotta Do [Something] Privacy-Related?”; When Is My US Company Subject To the New EU General Data Protection Regulation?