Privacy & Information Security Law Blog

On August 15, 2013, the Federal Trade Commission announced that it is seeking public comment regarding a proposed mechanism to obtain verifiable parental consent in accordance with the new Children’s Online Privacy Protection Rule (the “COPPA Rule”) that came into effect July 1, 2013. The COPPA Rule requires operators of certain websites and online services to obtain a parent’s consent before collecting personal information online from a child under 13.

On March 22, 2013, Peru issued the implementing regulations of its new data protection law. The Reglamento de la Ley No 29733, Ley de Protección de Datos Personales (“Regulations”) provide detailed rules on a variety of topics, including the following:

• Territorial scope;
• notice and consent;
• data transfers;
• processing of personal data relating to children and adolescents;
• data processing in the communications and telecommunications sectors;
• outsourcing;
• information security;
• data subjects’ rights;
• registration of databases;
• codes of conduct; and
• enforcement.

On December 18, 2012, the U.S. House of Representatives passed H.R. 6671, a bill that would amend the Video Privacy Protection Act (“VPPA”) consent requirements for disclosing consumers’ viewing information. The Senate approved the bill without changes on December 20, 2012. The bill would make it easier for companies to develop innovative technologies for the sharing of consumers’ video viewing habits. The current version of the VPPA requires certain video providers to obtain a consumer’s consent each time they wish to share the consumer’s viewing information ...

On December 18, 2012, the Federal Trade Commission issued Orders to File Special Report (the “Orders”) to nine data brokerage companies, seeking information about how these companies collect and use personal data about consumers. In the Orders, the FTC requests detailed information about the data brokers’ privacy practices, including:

• the data brokerage companies’ online and offline products and services that use personal data;
• the sources and types of personal data the data brokerage companies collect;
• whether, and how, the companies acquire consumer consent before obtaining, collecting, generating, deriving, disseminating or storing the personal data;
• whether, and how, the personal data is aggregated, anonymized or de-identified;
• how the companies monitor, audit or evaluate the accuracy of the personal data they obtain;
• if, and how, consumers are able to access, correct, delete or opt out of the collection, use or sharing of the personal data the data brokerage companies maintain about the consumers;
• how the data brokerage companies provide notice to consumers about their data privacy practices;
• the advertisements or promotional materials the companies use to describe their products and services; and
• information about any complaints or disputes, or governmental or regulatory inquiries or actions, related to the companies’ data privacy practices.

On November 27, 2012, the International Chamber of Commerce of the United Kingdom (“ICC UK”) released the second edition of its cookie guidance (the “Guidance”). The ICC UK released the first edition of the Guidance in April of this year, and has produced this latest version to take into account updated guidance released by the UK Information Commissioner’s Office (“ICO”), the Article 29 Working Party Opinion 04/2012 on cookie consent exemption and new UK advertising rules on online behavioral advertising.

On June 7, 2012, the Article 29 Working Party (the “Working Party”) adopted an Opinion analyzing the exemptions to the prior opt-in consent requirement for cookies. Although the Opinion focuses on cookies, the Working Party also notes that the same analysis applies to any technology allowing information to be stored or accessed on a user’s computer or mobile device.

The UK Information Commissioner’s Office’s (“ICO”) has revised its statutory Code of Practice on assessment notices (the “Code”). The ICO first issued the Code in 2010, when its audit powers came into force. The Code has now been updated to reflect changes in auditing standards and practices.