Privacy & Information Security Law Blog

On December 5, 2012, the Federal Trade Commission announced that the online advertising company Epic Marketplace, Inc. (“Epic”) agreed to settle charges that it engaged in “history sniffing” to secretly and illegally collect information about consumers’ interest in sensitive medical and financial issues. History sniffing is the practice of determining whether a consumer has previously visited a webpage by checking how a browser displays a hyperlink. The consent order requires Epic to destroy all data collected from history sniffing and bars Epic from engaging in history sniffing in the future.

The Hunton Employment & Labor Perspectives Blog examines issues related to professional use of social media: who owns social media accounts, contacts and valuable consumer data when an employee resigns? Read the full blog entry.

On November 20, 2012, the European Network and Information Security Agency (“ENISA”) published a new report entitled “The Right to Be Forgotten – Between Expectations and Practice.” The report complements two earlier papers which focused on data collection and storage and online behavioral advertising, and focuses on the technical implications of the proposed General Data Protection Regulation’s new right to be forgotten.

On November 30, 2012, the Federal Trade Commission announced the issuance of an interim final rule (“Interim Final Rule”) that makes the definition of “creditor” in the FTC’s Identity Theft Red Flags Rule (“Red Flags Rule”) consistent with the definition contained in the Red Flag Program Clarification Act of 2010.

On November 21, 2012, the UK Committee of Advertising Practice (“CAP”) released new rules on online behavioral advertising (“OBA”). CAP is the UK body which writes and maintains the UK advertising codes, which are administered and enforced by the UK Advertising Standards Authority (“ASA”).

On November 29, 2012, the Federal Communications Commission (“FCC”) issued a declaratory ruling finding that certain text messages businesses send to confirm a consumer’s request to opt out of text message programs do not violate a federal prohibition on sending text messages without prior express consent. This prohibition has spawned class actions against companies that have followed the provisions in the Mobile Marketing Association’s U.S. Consumer Best Practices and other industry guidelines that require companies to send a confirmatory text message in response to a consumer’s opt-out request. The FCC’s finding is limited to sending confirmatory text messages under the following conditions:

On November 21, 2012, the UK Supreme Court handed down a judgment in The Rugby Football Union vs. Consolidated Information Services Limited (Formerly Viagogo Limited), a case addressing the application of Article 8 of the EU Charter of Fundamental Rights (Protection of Personal Data) in the context of court orders seeking to disclose the identities of alleged wrongdoers.

On November 22, 2012, the Brussels-based publication European Voice published an editorial by U.S. Department of Commerce General Counsel Cameron Kerry entitled Avoiding a Data Divide Between the US and the EU. The article notes the importance of continued collaboration between the European Union and the United States as both assess their respective privacy frameworks to ensure that any changes encourage enhanced trade and strong economic growth, but also contain robust protections for consumers. Mr. Kerry’s editorial emphasizes the need to foster global privacy ...

On November 22, 2012, the UK Ministry of Justice released a written ministerial statement (“Statement”) announcing the publication of its Government Impact Assessment on the European Commission’s legislative reform package on the EU data protection framework. The European Commission has claimed that a regulation implementing a single set of data protection rules across the European Union would save businesses around €2.3 billion a year. In its Statement, the Ministry of Justice disagrees, stating that the Commission’s proposals will impose burdens that “far outweigh” the benefits. At a time of great economic upheaval across Europe, the Ministry of Justice asserts that the regulatory burden should be reduced, not increased, to stimulate growth, and that it is “difficult therefore to justify the extra red-tape and tick box compliance that the proposals represent.” The Ministry of Justice also notes that “[t]he UK Government is seriously concerned about the potential economic impact of the proposed data protection Regulation.”

On November 28, 2012, the UK Information Commissioner’s Office (“ICO”) issued monetary penalties totaling £440,000 to two owners of a marketing company that sent millions of unlawful spam SMS text messages over a period of three years.