Stu Ingis is chairman of Venable. Stu is a nationally recognized attorney who has earned a reputation among peers and the industry as a thought leader in crisis management, privacy, marketing, advertising, consumer protection, eCommerce, and Internet law. Stu's leadership in developing cutting-edge industry self-regulation and coalition building has placed him at the forefront of privacy and data security regulation and public policy. Clients rely on him as a trusted voice, confidant, and advocate before Congress, the Federal Trade Commission, state attorneys general, and other federal and state agencies.

Keep Calm and Carry OnBrexit is likely to cause years of future uncertainty around data protection, including the legal mechanisms for data transfer to countries outside of the United Kingdom (“U.K.”). In the short term, there will be little to no impact on existing data transfer solutions implemented by companies that rely on the U.K. as an entry point into the European Union (“EU”). In the mid-term, with the scheduled implementation of the EU-U.S. Privacy Shield (“Privacy Shield”) in 2016 and the EU’s General Data Protection Regulation (“GDPR”) in 2018, the U.K. will either continue to be subject to EU laws by extending its membership in the European Economic Area (“EEA”) or it will create its own national data protection legislation. Although companies may have to rethink data transfer agreements, this will be part of a long term process as the future of U.K. data protection continues to unfold.

Short Term—What to Expect in the Next 12 Months 
Continue Reading Keep Calm and Carry On: Data Protection Post Brexit

As of January 1, 2014, California law requires operators of websites and online services to publicly disclose how they respond to “do not track” (dnt) signals, though the exact requirements vary depending on whether an entity is a first party (e.g., web publisher) or third party (e.g., ad network). The new law will not require companies to honor dnt signals.

Operators of websites and online services should be prepared to update their privacy policies.

Background

On September 27, 2013, Governor Jerry Brown signed into law AB 370, an amendment to the California Online Privacy Protection Act (CALOPPA). CALOPPA requires online operators to post privacy policies stating: (1) the categories of personally identifiable information (PII) collected through their website or online service, (2) the categories of third parties with whom the operator may share PII, (3) the process by which a consumer may review and request changes to PII collected through the site or service if such a process is maintained, (4) a description of how operators notify consumers of material changes to the privacy policy, and (5) the effective date of the privacy policy. AB 370 will not change these requirements or the meaning of PII, but adds additional disclosure obligations described in the next section.
Continue Reading California’s Do Not Track Disclosure Bill

The Clock Is Ticking – Is COPPA Compliance a “Mission Impossible”?

On July 1, 2013, sweeping new regulations for marketing to children take effect. In updating the Children’s Online Privacy Protection Act (COPPA) Rule, the Federal Trade Commission (FTC) has extended its reach to new businesses and new information.

In this upcoming session presented by

For now, online retailers can rest assured that they are not liable under California’s Song-Beverly Credit Card Act if they require customers to enter their addresses or phone numbers in order to complete downloadable online purchases.  On February 4, 2013, the California Supreme Court held in Apple Inc. v. Superior Court (Krescent) that the Credit

Just in time for Christmas, the Federal Trade Commission (“FTC”) has unveiled its long-anticipated update to the Children’s Online Privacy Protection Rule (“COPPA Rule”).  The COPPA Rule, which has been in place since 1999, imposes a variety of privacy requirements on “operators” of websites and online services that are “directed to children” under

Carrying out a plan announced earlier this year, the Federal Trade Commission (“FTC”) convened a day-long public workshop on “The Big Picture: Comprehensive Online Data Collection” on December 6, 2012.  The workshop was intended to examine the practices and privacy implications of “comprehensive” data collection about consumers’ online activities.  Data collection capabilities of entities like

The Federal Trade Commission (“FTC”) has released a new set of proposed amendments in its ongoing review of its Children’s Online Privacy Protection Act (“COPPA”) regulations. These amendments would alter key definitions in the COPPA regulations, modifying the FTC’s original proposal from September 2011. If finalized, the FTC’s proposals to date will significantly change who

Yesterday, the FTC convened a day-long public workshop to discuss updating its “Dot Com Disclosures” guidance on presenting online advertising disclosures. The FTC is considering whether it should overhaul this guidance, which dates to 2000, to address current trends such as social media and mobile advertising. The workshop also included a panel devoted to mobile

Last week the FTC hosted “Paper, Plastic … or Mobile? An FTC Workshop on Mobile Payments,” to examine the use of mobile payments in the marketplace and how emerging technologies affect consumers. The workshop lasted throughout the day, consisting of presentations and panels with representatives from business, law, finance, and consumer advocacy organizations. At the