FTC Settlement With Fertility-Tracking App May Have Costly Ramifications for Companies Who Use Third-Party Data Analytics Software
On January 13, 2021, the FTC announced that fertility app developer Flo Health, Inc. ("Flo") agreed to a settlement over allegations that the company shared app users’ health information with third-party data analytics providers, including Facebook and Google. The FTC originally filed the complaint against Flo after 2019 media reports alleged that the app used by more than 100 million consumers had shared customer information despite representations that Flo would keep such information private.
Canada Introduces the Consumer Privacy Protection Act
On November 17, 2020, the Canadian House of Commons introduced the Digital Charter Implementation Act, 2020 ("DCIA"), which includes the Consumer Privacy Protection Act (“CPPA”), a privacy focused arm of the legislation. The full text of the Bill can be found here. The CPPA would act as an update and expansion to the pre-existing federal, privacy law.
China, The World’s Largest Online Population, Introduces Its First Comprehensive Personal Information Protection Law
The People's Republic of China ("China") has introduced its first comprehensive data privacy law, which will explicitly protect the personal information of its residents. On October 21, 2020, China’s legislative body submitted a draft bill for the Personal Information Protection Law (“PIPL”) that would prohibit businesses and enterprises from misusing the personal information of Chinese residents. Like the European Union’s General Data Protection Regulation (“GDPR”), the PIPL defines personal information broadly to include various types of electronic or otherwise recorded information relating to an identified or identifiable natural person.
Criminal Enforcement Against Data Breaches Under the Computer Fraud and Abuse Act
On April 20, 2020, the U.S. Supreme Court granted writ of certiorari in Van Buren v. United States to consider whether a person who is authorized to access information on a computer for certain purposes violates Section 1030(a)(2) of the Computer Fraud and Abuse Act (“CFAA”) if he accesses the same information for an improper purpose. Oral argument before the Supreme Court will be held on November 30, 2020.
Federal Regulation Repeals Will Not Protect Internet Service Providers From Maine’s New Privacy Law
In June 2019, Maine’s state legislature passed the country’s first privacy law specifically regulating Internet Service Providers (“ISPs”) operating within the state. The law was introduced in response to the Trump Administration repealing an Obama Administration rule from 2017 that governed ISPs’ use of customer data. The Maine law, An Act to Protect the Online Privacy of Consumer Information, was passed with bipartisan support and closely replicates the repealed federal provisions. The law went into effect on July 1, 2020.
