As reported on the Privacy & Information Security Law Blog on February 8, 2019, the European Commission has issued an EU-wide recall of the Safe-KID-One children’s smartwatch marketed by ENOX Group over concerns that the device leaves data such as location history, phone and serial numbers vulnerable to hacking and alteration.
As reported on the Privacy & Information Security Law Blog on January 31, 2019, Hunton Andrews Kurth celebrates the 10-year anniversary of our award-winning Privacy and Information Security Law Blog. Download a copy of “Ten Years Strong: A Decade of Privacy and Cybersecurity Insights.”
As reported on Hunton Andrews Kurth’s Privacy & Information Security Law Blog on January 25, 2019, the Illinois Supreme Court ruled that an allegation of “actual injury or adverse effect” is not required to establish standing to sue under the Illinois Biometric Information Privacy Act.
On January 7, 2019, California Assemblyman Phil Ting introduced Assembly Bill 161 which would prohibit businesses from providing paper receipts except upon request, citing “significant positive environmental and public health effects.” The goal of the Bill is to reduce consumers’ exposure to chemicals contained on paper receipts, such as BPA, and to reduce the carbon footprint.
On January 17, 2019, Hunton Andrews Kurth’s retail industry team, composed of more than 200 lawyers across practices, released their annual Retail Industry Year in Review publication.
In a 2017 interview, Nigel Travis, former CEO of Dunkin’ Brands, stated that “delivery will be the next wave” in the restaurant industry and that it would “be like a revolution,” occurring “faster than anyone thinks.” Travis was not wrong; in fact, recent statistics shared by Melissa Wilson at the 2018 Restaurant Leadership Conference show Travis’ prediction quickly taking hold – 86% of consumers are using off-premise delivery services at least monthly and one third of consumers are using it more than they did a year ago. By some estimates, delivery services are projected to grow at least 12% per year over the next five years. While a handful of restaurants are filling the delivery demand themselves, more and more restaurants are looking to third-party delivery service providers to help them connect with the consumer. In fact, “third-party delivery services like UberEats, Grubhub, and Postmates currently represent $9 billion in restaurant sales today, and they are predicted to account for $16 billion in sales by 2022.”
The Federal Trade Commission announced the opening dates of its Hearings on Competition and Consumer Protection in the 21st Century, a series of public hearings that discuss whether broad-based changes in the economy, evolving business practices, new technologies or international developments might require adjustments to competition and consumer protection law, enforcement priorities and policy. The FTC and Georgetown University Law Center will co-sponsor two full-day sessions of hearings on September 13 and 14, 2018, to be held at the Georgetown University Law Center facility.
Panelists at the hearings will consider, among other topics, the regulation of consumer data and whether the U.S. economy has become more concentrated and less competitive. The FTC invites public comment on any of the issues.
More information is available on the FTC’s website.
As reported on Hunton’s Privacy and Information Security Law blog, on June 28, 2018, the Governor of California signed AB 375, the California Consumer Privacy Act of 2018 (the “Act”). The Act introduces key privacy requirements for businesses, and was passed quickly by California lawmakers in an effort to remove a ballot initiative of the same name from the November 6, 2018, statewide ballot. We previously reported on the relevant ballot initiative. The Act will take effect January 1, 2020. Continue Reading California Consumer Privacy Act Signed, Introduces Key Privacy Requirements for Businesses
As reported on Hunton’s Privacy and Information Security Law blog, the FTC has modified its 2017 settlement with Uber after learning of an additional breach that was not taken into consideration during its earlier negotiations with the company. The revised proposed agreement goes beyond the FTC’s original settlement mandating that Uber implement a comprehensive privacy program. The expanded FTC order would require Uber to address software design, development and testing; how the company reviews and responds to third-party security vulnerability reports; and prevention, detection and response to attacks, intrusions or systems failures. Uber also would be required to report to the FTC any episode where it has to notify any U.S. government entity about the unauthorized access of any consumer’s information. Continue Reading FTC Revises Its Security Settlement with Uber
As reported on the Hunton Privacy & Information Security Law Blog, on March 8, 2018, the Ninth Circuit Court of Appeals (“Ninth Circuit”) reversed a decision from the United States District Court for the District of Nevada. The trial court found that one subclass of plaintiffs in In re Zappos.Com, Inc. Customer Data Security Breach Litigation had not sufficiently alleged injury in fact to establish Article III standing. The opinion focused on consumers who did not allege that any fraudulent charges had been made using their identities, despite hackers accessing their names, account numbers, passwords, email addresses, billing and shipping addresses, telephone numbers, and credit and debit card information in a 2012 data breach. Continue Reading Ninth Circuit Reverses District Court Decision in Zappos Consumer Data Breach Case