Privacy Policy

The FTC Decides to Uphold the CAN-SPAM Rule Without Any Changes

Written by and

On February 12, 2019, the Federal Trade Commission announced that it completed its first review of the CAN-SPAM Rule, a rule governing commercial e-mail. Based on its review, the FTC announced its decision, available here, to “retain the [R]ule in its present form.” The FTC reviewed public comments and proposals in making its determination. According to the FTC’s confirmation of the Rule available here, of the 92 comments received, most were submitted by individual consumers and many suggested modifications to the Rule. Many comments were responses to specific issues raised by the FTC […] Read more

Google-Style GDPR Fines for Everyone? Bavarian DPA Conducts Website Cookie Practices Sweep, Announces Fines under Consideration

Written by

As has been widely reported, in late January the French privacy supervisor CNIL fined Google €50 million for privacy violations relating to targeted marketing using Android user data.  One of the core violations the CNIL found was that Google’s Android user interface did not obtain effective, GDPR-compliant consent to targeted marketing from users.  The amount of the Google fine startled many companies, but with time the shock faded.  Google was seen as a special case, and a number of companies began to presume that, while scrutiny of targeted online marketing may pick up, “we’re not […] Read more

Governor Jerry Brown Signs Amendment to the California Consumer Privacy Act

Written by

On September 23, 2018, Governor Jerry Brown signed SB 1121, the amendment to the California Consumer Privacy Act (CCPA).  SB 1121 attempts to clean up some drafting errors and ambiguities in the original legislation (AB 375), but it also effectively reduces the procedural obstacles to the CCPA’s private right of action by removing the requirement that a plaintiff first notify the Attorney General before filing a lawsuit pursuant to the CCPA, which would have provided the Attorney General the opportunity to order a plaintiff not to proceed.  For a more in-depth analysis of the private right of […] Read more

Alston & Bird Hosts Sept. 12 Webinar on California Consumer Privacy Act

Written by

Save the date! On Sept. 12, 1 – 2 PM ET, Alston & Bird will host a webinar to analyze the new California Consumer Privacy Act. (You can read our prior advisory.) The California Consumer Privacy Act has been compared to the European Union’s General Data Protection Regulation due to its creation of important new privacy rights likely to require significant compliance activity by many companies. Partners Jim Harvey, David Keating, and Senior Counsel Peter Swire will lead discussion of this comprehensive new legislation currently slated to enter into force in less than 18 months.   Registration [...] Read more

Landmark New Privacy Law in California to Challenge Businesses Nationwide

Written by

Following our June 4 and July 2, 2018 blog posts tracking California's November 2018 ballot measure turned hastily enacted new California privacy law titled The California Consumer Privacy Act of 2018 (CCPA), Alston & Bird's Privacy & Data Security Group released a more detailed "first look" review of California’s sweeping new law.  The advisory provides an overview of the new law, which establishes an array of privacy rights for state residents and worries for businesses nationwide, and concludes with key initial takeaways for business. Read the advisory here. [...] Read more

California Approves the California Consumer Privacy Act in Response to Consumer Privacy Ballot Initiative

Written by

As discussed in this blog’s June 4, 2018 blog post, a group called Californians for Consumer Privacy gathered enough signatures for a new measure called the Consumer Right to Privacy Act to qualify for the November 2018 ballot.  With momentum building for passage of that ballot measure, various stakeholders met with California legislators to devise a bill that could be passed in place of the measure (and to the satisfaction of the measure’s backers).  The legislature and governor had until last Thursday, June 28 – the deadline for the measure’s backers to remove it from the November’s [...] Read more

Momentum Building for California’s Consumer Right to Privacy Act Ballot Initiative

Written by

In early May, a group called Californians for Consumer Privacy gathered enough signatures for the Consumer Right to Privacy Act (CRPA) to qualify for the November 2018 ballot. The ballot initiative builds on existing California laws directed at protecting the privacy of California consumers’ personal information, including the Shine the Light law (Civil Code §1798.83) and the California Online Privacy Protection Act (CalOPPA, Business & Professions Code §§22575-22579).    The CRPA sets forth a statutory framework that: 1) gives consumers the right to know what categories of personal [...] Read more

In Order, FTC Recognizes Lower Notice Requirements for “Consumer-Expected” Data Collection

Written by

Last week, the Federal Trade Commission granted a petition by Sears Holding Management seeking modification of a 2009 Commission Order. The notable 2009 Order settled allegations that Sears had improperly failed to provide notice regarding data collection by certain software the company offered to consumers. Sears argued that the 2009 Order placed it at a “competitive disadvantage” in the mobile application marketplace. The now-modified Order enables Sears to conduct certain “consumer-expected” forms of data collection and use without requiring heightened notice or consent under the 2009 [...] Read more

ePrivacy Regulation Trilogue Negotiations Pushed back to Fall 2018; Final ePrivacy Regulation may not be in Place until 2020

Written by

About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation.  The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy Directive and a patchwork of local implementing legislation – with a uniform set of directly-applicable EU-wide rules.  Since the Parliament released its ePrivacy Regulation draft, both the European Council and the European Parliament have reviewed it and released their own revised drafts. The ePrivacy Regulation contains a number of important rules for companies.  Traditionally, [...] Read more

Irish High Court refers Facebook’s data case to the European Court of Justice

Written by

In what it considered “an unusual case” (available here), the Irish High Court has referred the issue of the way data is transferred between the EU and countries outside the EU to the Court of Justice of the European Union (“CJEU”). Ms. Justice Caroline Costello will ask the CJEU for a preliminary ruling on the validity of the Standard Contractual Clauses (“SCCs”) as an adequate data transfer mechanism. Justice Costello did not comment on the laws of the EU or the US, but rather on the validity of SCCs as a data transfer measure between the EU and the US. The case arose from a complaint [...] Read more