On November 11, 2022, Google entered into a $391.5 million settlement with 40 state attorneys general—the largest ever attorney-general led consumer privacy settlement. The investigation, led by attorneys general in Oregon and Nevada, began after a 2018 Associated Press article reported that Google tracks consumers’ location, even when the settings, including on Google’s Android operating systems and certain Google iPhone apps, appear to prevent such tracking.
Read MoreFTC Issues Proposed Order Against Online Tutoring Company, Chegg, for Lax Security
in FTC
By Sheila Sokolowski and Charlotte Lunday
Following up on its warning that it would be cracking down on Education Technology companies, the Federal Trade Commission (FTC) issued a proposed order against Chegg Inc., an online tutoring and homework aid service for high school college students, for lax security practices. According to its complaint, the FTC alleged that Chegg violated Section 5 of the FTC Act by failing to implement reasonable security measures to protect student and employee data and deceptively claiming in its privacy notice that it engaged in commercially reasonable security measures to protect users’ personal data.
Read MoreHintze Law Global Privacy Updates
FTC Digital Advertising to Kids Event Focuses on "Blurred" Advertising Content
in FTC
The Federal Trade Commission hosted an event October 19, 2022, discussing digital advertising to kids. The event primarily focused on “blurred” or “stealth” advertising.
Read MoreHintze Law PLLC Welcomes Leslie Veloz & Cameron Cantrell as Associates
We are thrilled to announce that first-year associates, Leslie Veloz and Cameron Cantrell, have joined Hintze Law in the Seattle Office.
Read MoreHintze Law Global Privacy Updates
Here’s a snapshot of a few privacy developments from the past few weeks.
Read MoreWhat California’s New Age-Appropriate Design Code Means for Your Business
On September 15, Governor Gavin Newsom signed into law the California Age-Appropriate Design Code Act (CAADC). The law which received bipartisan support in the Legislature has a goal of protecting the wellbeing, data, and privacy of children, including teens, using online platforms. Businesses will be required to comply with significant new documentation and privacy by design and privacy default obligations by July 1, 2024. These obligations are largely adopted from the United Kingdom’s Age-Appropriate Design Code, and the statute’s preamble points to this law and the UK’s Information Commissioner’s Office (ICO) guidance to interpret the CAADC.
Read MoreTaylor Widawski Joins Hintze Law as Senior Associate
Hintze Law PLLC announced today that Taylor Widawski has joined the firm as Senior Associate. Taylor comes to Hintze Law’s Seattle office from Chime Financial, where she was in house privacy counsel. Prior to that, she was privacy counsel at T-Mobile and an associate with a large national law firm.
Read MoreHintze Law Global Privacy Updates
By: Emeka Egwuatu and Destiny Ginn
Here’s a snapshot of a few of the privacy developments we followed over the past few weeks.
Read MoreFirst CCPA Fine Shows Need for Cookie Governance and Vendor Management
By Sam Castic
Last week the California Attorney General’s office announced a settlement with beauty retailer Sephora for $1.2 million - the AG’s first monetary penalty for CCPA violations. Sephora has also agreed to a 2-year consent decree with ongoing monitoring and reporting obligations. This enforcement action confirms the AG’s interpretation that: (1) the CCPA requires specific CCPA-mandated contractual terms with each cookie, pixel, and tracking technology provider that companies use on their websites for personal information sharing not to be a “sale” of data under the CCPA, and (2) companies that engage in “sales” of personal information on their websites must honor the Global Privacy Control signal from consumers who choose to use the GPC.
Read MoreDeb Gray Joins Hintze Law's Growing Team of Privacy & Cybersecurity Analysts
Hintze Law PLLC is very pleased to announce that Deb Gray has joined the firm as a Senior Privacy Analyst. Deb comes to Hintze Law’s Seattle office with over two decades of deep and wide-ranging experience and programmatic skills in privacy and data protection matters, including the California Consumer Protection Act (CCPA), the EU General Data Protection Regulation (GDPR), and COPPA. Deb joins Hintze Law’s growing team of talented privacy analysts who complement Hintze Law’s team of privacy and cybersecurity attorneys.
Read MoreThe FTC Launches Rulemaking Process Covering Sweeping Data Practices
in FTC
By Susan Hintze and Sam Castic
On August 11, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) in a 3-2 vote on party lines requesting public comment on questions covering a wide range of “commercial surveillance” and data security practices. The FTC defines “commercial surveillance” to include a wide array of practices most businesses commonly engage in with their customers and employees. The FTC’s scope of data security practices includes expected areas such as data breach response but also includes data management, retention, and data minimization areas it has not dedicated significant attention to in the past. The FTC provided additional summaries of these practices in a “fact sheet” it released with the ANPR.
Read MoreHintze Law Welcomes Sam Castic as its Newest Partner
Hintze Law PLLC is delighted to announce that Sam Castic has joined the firm as its newest Partner. Sam comes to Hintze Law’s Seattle office with over 15 years of global privacy and cybersecurity experience, most recently as Chief Privacy Officer for Blackhawk Network and as Senior Director Privacy & Associate General Counsel at Nordstrom. In addition to Sam’s experience leading corporate privacy teams and programs, he has advised clients ranging from early-stage startups to large global corporations on privacy, cybersecurity, and data protection matters at Orrick and at K&L Gates.
Read MoreWhat to Expect: The California Privacy Protection Agency Releases Notice of Proposed Regulatory Action
By Laura Lemire
On Friday, July 8, the California Privacy Protection Agency (CPPA) released a notice of proposed rulemaking to adopt regulations implementing the Consumer Privacy Rights Act of 2020 (CPRA), the law that amends the California Consumer Privacy Act (CCPA) (the “Proposed Regulations”). The Proposed Regulations were previously made available on May 27, 2022, and those remain unchanged. What’s new in the materials released with the notice of proposed rulemaking is rich context on the CPPA’s positions, particularly from the Economic Impact Statement and its supporting Notes.
Read MoreAbortion Care Privacy Protection & Gaps Amplified Following Roe Reversal
in HIPAA
By Mason Fitch
The Supreme Court’s reversal of Roe v. Wade amplifies attention to concerns around the privacy of abortion-related services, including the provision of healthcare, period tracking apps, and even payment methods and mobile location data. In a direct response to Roe’s reversal, the Department of Health and Human Services (HHS) released guidance underscoring the protections applicable to protected health information (PHI) relating to abortion and other reproductive care under the Health Insurance Portability & Accountability Act (HIPAA), which we outline below. HIPAA, however, is limited in scope and does not protect a vast swath of information relating to abortion care.
Read MoreHintze Law Global Privacy Updates
By Destiny Ginn, Summer Associate
Here’s a snapshot of a few of the privacy developments we followed over the past few weeks.
Read MoreNew HHS Guidance on HIPAA and Telehealth
in HIPAA
Hintze Law Global Privacy Updates
By Alex Schlight and Emeka Egwuatu
Here’s a snapshot of a few of the privacy developments we followed over the past couple of months from March 22, 2022 – to June 6, 2022.
Read MoreChambers Ranks Hintze Law and Partners Sheila Sokolowski, Susan Hintze, and Mike Hintze in 2022 USA Privacy & Data Security Reviews
We are honored to announce that Chambers & Partners has recognized Sheila Sokolowski, Partner and Chair of Hintze Law’s Health & Biotech Privacy Group in its 2022 USA - Nationwide Privacy& Data Security Healthcare rankings. Chambers has also once again recognized Hintze Law and Member Partners, Mike Hintze and Susan Hintze, in its 2022 Privacy & Data Security USA – Nationwide rankings.
Read MoreFTC Issues Stern Warning on Ed-Tech and COPPA
On May 19, 2022, the FTC issued a stern warning to ed-tech providers regarding compliance with COPPA suggesting enhanced enforcement in this area. Citing “the steady proliferation of technologies that allow, and business models that depend on, the online collection and monetization of consumers’ personal information” and “the development of ever more sophisticated targeting practices,” the Federal Trade Commission (FTC) voted unanimously to issue a policy statement regarding collection of children’s information by ed tech providers. The Policy Statement of the Federal Trade Commission on Education Technology and the Children's Online Privacy Protection Act states that the FTC “intends to scrutinize compliance with the full breadth of the substantive provisions of the COPPA Rule and statutory language.” The FTC’s statement highlights COPPA’s limitations on collection, use and retention of children’s personal information and security requirements, all of which apply to COPPA-covered ed-tech companies.
Read More