By almost 1.5 million votes, California voters approved Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”).  The CPRA amends and expands the California Consumer Privacy Act of 2018 (“CCPA”) and is affectionately referred to as “CCPA 2.0.”  While the CPRA’s requirements do not take effect until January 1, 2023, the CPRA ushers in

Music.ly, now known as Tik Tok, an app popular with children and teenagers, settled a lawsuit with the FTC under the Children’s Online Privacy Protection Act (“COPPA”) to the tune of $5.7 Million Dollars.  This sum is the largest civil penalty the FTC has ever obtained under COPPA. 
Continue Reading Popular Children’s App Music.ly Settles FTC COPPA Claims

Just days before the EU Commission reassesses the EU-US Privacy Shield program in light of the EU Parliament’s recent adequacy criticisms, the Federal Trade Commission (FTC) announced settlements with four companies allegedly falsely claiming participation in the program.  One of the issues the EU Parliament cited this summer with the EU-US Privacy Shield program was lack of US oversight and enforcement.
Continue Reading More FTC Privacy Shield Settlements, But Will It Be Enough For The EU?

On September 23, 2018, California’s governor signed into law the first round of revisions to the California Consumer Privacy Act (CCPA), the most sweeping privacy legislation in this country.  California enacted the CCPA in June and it takes effect on January 1, 2020.  Inspired by the European Union’s General Data Protection Regulation, the California legislature initially drafted the CCPA in haste to avoid a ballot initiative containing more onerous provisions for businesses.  Not surprisingly, the hurried and voluminous legislation contained a number of issues that ranged from drafting errors to significant enforcement and compliance hurdles.  Accordingly, as expected, at the end of August, the legislature passed S.B. 1121, which contained several revisions to address some but not all of those issues, including a possible enforcement delay of up to six months.
Continue Reading California Governor Approves Revisions to Consumer Privacy Act

Today, in a 5-4 decision, the US Supreme Court ruled that the government’s acquisition of information regarding an individual’s location based on a cell phone record amounts to a Fourth Amendment search and generally requires a warrant.  In Carpenter v. United States, the government obtained nearly 13,000 location points on Carpenter’s movements over a

In the wake of the Facebook and Cambridge Analytica scandal, another social media company, Grindr, a gay dating app, has come under scrutiny for its sharing of sensitive personal information with third parties.  In particular, Norwegian research outfit SINTEF, after analyzing Grindr’s traffic, alleges that Grindr shares its users’ disclosed HIV status and last tested date , GPS location and other demographic profile information with third parties.
Continue Reading Grindr Grinds Users Gears by Reportedly Sharing Users’ HIV Status