By Sheila Sokolowski and Charlotte Lunday
Following up on its warning that it would be cracking down on Education Technology companies, the Federal Trade Commission (FTC) issued a proposed order against Chegg Inc., an online tutoring and homework aid service for high school college students, for lax security practices. According to its complaint, the FTC alleged that Chegg violated Section 5 of the FTC Act by failing to implement reasonable security measures to protect student and employee data and deceptively claiming in its privacy notice that it engaged in commercially reasonable security measures to protect users’ personal data.
Read MoreBy Leslie Veloz
Here’s a snapshot of a few privacy developments from the past few weeks.
Read MoreBy Charlotte Lunday
The Federal Trade Commission hosted an event October 19, 2022, discussing digital advertising to kids. The event primarily focused on “blurred” or “stealth” advertising.
Read MoreWe are thrilled to announce that first-year associates, Leslie Veloz and Cameron Cantrell, have joined Hintze Law in the Seattle Office.
Read MoreBy Taylor Widawski
Here’s a snapshot of a few privacy developments from the past few weeks.
Read MoreBy Charlotte Lunday
On September 15, Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act (CAADC). The law which received bipartisan support in the Legislature has a goal of protecting the wellbeing, data, and privacy of children, including teens, using online platforms. Businesses will be required to comply with significant new documentation and privacy by design and privacy default obligations by July 1, 2024. These obligations are largely adopted from the United Kingdom’s Age-Appropriate Design Code, and the statute’s preamble points to this law and the UK’s Information Commissioner’s Office (ICO) guidance to interpret the CAADC.
Read MoreHintze Law PLLC announced today that Taylor Widawski has joined the firm as Senior Associate. Taylor comes to Hintze Law’s Seattle office from Chime Financial, where she was in house privacy counsel. Prior to that, she was privacy counsel at T-Mobile and an associate with a large national law firm.
Read MoreBy: Emeka Egwuatu and Destiny Ginn
Here’s a snapshot of a few of the privacy developments we followed over the past few weeks.
Read MoreBy Sam Castic
Last week the California Attorney General’s office announced a settlement with beauty retailer Sephora for $1.2 million - the AG’s first monetary penalty for CCPA violations. Sephora has also agreed to a 2-year consent decree with ongoing monitoring and reporting obligations. This enforcement action confirms the AG’s interpretation that: (1) the CCPA requires specific CCPA-mandated contractual terms with each cookie, pixel, and tracking technology provider that companies use on their websites for personal information sharing not to be a “sale” of data under the CCPA, and (2) companies that engage in “sales” of personal information on their websites must honor the Global Privacy Control signal from consumers who choose to use the GPC.
Read MoreHintze Law PLLC is very pleased to announce that Deb Gray has joined the firm as a Senior Privacy Analyst. Deb comes to Hintze Law’s Seattle office with over two decades of deep and wide-ranging experience and programmatic skills in privacy and data protection matters, including the California Consumer Protection Act (CCPA), the EU General Data Protection Regulation (GDPR), and COPPA. Deb joins Hintze Law’s growing team of talented privacy analysts who complement Hintze Law’s team of privacy and cybersecurity attorneys.
Read MoreBy Susan Hintze and Sam Castic
On August 11, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) in a 3-2 vote on party lines requesting public comment on questions covering a wide range of “commercial surveillance” and data security practices. The FTC defines “commercial surveillance” to include a wide array of practices most businesses commonly engage in with their customers and employees. The FTC’s scope of data security practices includes expected areas such as data breach response but also includes data management, retention, and data minimization areas it has not dedicated significant attention to in the past. The FTC provided additional summaries of these practices in a “fact sheet” it released with the ANPR.
Read MoreHintze Law PLLC is delighted to announce that Sam Castic has joined the firm as its newest Partner. Sam comes to Hintze Law’s Seattle office with over 15 years of global privacy and cybersecurity experience, most recently as Chief Privacy Officer for Blackhawk Network and as Senior Director Privacy & Associate General Counsel at Nordstrom. In addition to Sam’s experience leading corporate privacy teams and programs, he has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.
Read MoreBy Laura Lemire
On Friday, July 8, the California Privacy Protection Agency (CPPA) released a notice of proposed rulemaking to adopt regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA), the law that amends the California Consumer Privacy Act (CCPA) (the “Proposed Regulations”). The Proposed Regulations were previously made available on May 27, 2022, and those remain unchanged. What’s new in the materials released with the notice of proposed rulemaking is rich context on the CPPA’s positions, particularly from the Economic Impact Statement and its supporting Notes.
Read MoreBy Mason Fitch
The Supreme Court’s reversal of Roe v. Wade amplifies attention to concerns around the privacy of abortion-related services, including the provision of healthcare, period tracking apps, and even payment methods and mobile location data. In a direct response to Roe’s reversal, the Department of Health and Human Services (HHS) released guidance underscoring the protections applicable to protected health information (PHI) relating to abortion and other reproductive care under the Health Insurance Portability & Accountability Act (HIPAA), which we outline below. HIPAA, however, is limited in scope and does not protect a vast swath of information relating to abortion care.
Read MoreBy Destiny Ginn, Summer Associate
Here’s a snapshot of a few of the privacy developments we followed over the past few weeks.
Read MoreBy Sheila Sokolowski
On Monday, June 14th the U.S. Department of Health and Human Services (HHS), issued guidance on how the HIPAA rules permit covered health plans to use remote communication technologies for audio-only telehealth.
Read MoreBy Alex Schlight and Emeka Egwuatu
Here’s a snapshot of a few of the privacy developments we followed over the past couple of months from March 22, 2022 – to June 6, 2022.
Read MoreWe are honored to announce that Chambers & Partners has recognized Sheila Sokolowski, Partner and Chair of Hintze Law’s Health & Biotech Privacy Group in its 2022 USA - Nationwide Privacy& Data Security Healthcare rankings. Chambers has also once again recognized Hintze Law and Member Partners, Mike Hintze and Susan Hintze, in its 2022 Privacy & Data Security USA – Nationwide rankings.
Read MoreBy Sheila Sokolowski
On May 19, 2022, the FTC issued a stern warning to ed-tech providers regarding compliance with COPPA suggesting enhanced enforcement in this area. Citing “the steady proliferation of technologies that allow, and business models that depend on, the online collection and monetization of consumers’ personal information” and “the development of ever more sophisticated targeting practices,” the Federal Trade Commission (FTC) voted unanimously to issue a policy statement regarding collection of children’s information by ed tech providers. The Policy Statement of the Federal Trade Commission on Education Technology and the Children's Online Privacy Protection Act states that the FTC “intends to scrutinize compliance with the full breadth of the substantive provisions of the COPPA Rule and statutory language.” The FTC’s statement highlights COPPA’s limitations on collection, use and retention of children’s personal information and security requirements, all of which apply to COPPA-covered ed-tech companies.
Read MoreHintze Law PLLC announced today that Laura Lemire has joined the firm as Of Counsel. Laura comes to Hintze Law’s Seattle office with over a decade of global privacy, cybersecurity, and technology law experience as former privacy counsel for Twitter and Microsoft.
Read More