LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments including the proposed APPS Act and BYOD
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share

LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments including the proposed APPS Act and BYOD

  • 243 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
243
On Slideshare
243
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
1
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Mobile Privacy: An Overview of Legal and Legislative DevelopmentsA Complimentary LexisNexis® WebinarMay 8, 2013Mary Ellen Callahan, Jenner & BlockOrrie Dinstein, Chief Privacy Leader andSenior IT & IP Counsel, GE Capital
  • 2. 1LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013About the SpeakersMary Ellen Callahan, Chair of Jenner & Block’s Privacy andInformation Governance Practice, has unique and broadexperience with interfacing the protection of privacy, civil rights,and civil liberties with cybersecurity and national security issues.A nationally recognized privacy attorney with over a decade ofoutside counsel experience, she served as Chief Privacy Officer ofthe U.S. Department of Homeland Security from 2009 until August2012. She is also a prolific writer and speaker on cutting edgecommercial privacy issues.Mary Ellen is a graduate of the University of Pittsburgh, Bachelorof Philosophy, magna cum laude, and a Juris Doctor from theUniversity of Chicago.
  • 3. 2LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013About the SpeakersOrrieDinstein is the Chief Privacy Leader and Senior IT & IP Counsel atGE Capital, a division of the General Electric Company. He has globalresponsibility for data protection. Orrie works closely with the IT andinformation security teams as well as other functions to establishpolicies, procedures, processes and tools related to data privacy andsecurity and social media related matters. He is also the leadintellectual property lawyer at GE Capital.Prior to joining GE, Orrie was Counsel in the Intellectual Property &Technology group of the New York office of King & Spalding, handlinglitigation, licensing and corporate matters, and an associate atProskauer Rose LLP in New York. Before moving to the U.S., he workedfor several years in one of Israels premier law firms, and was anassistant professor at the Tel-Aviv University.Orrie is a frequent speaker on privacy, social media and technologymatters and is the author of dozens of articles and book chapters ontechnology and intellectual property related matters.Orrie received an LL.M. law degree (intellectual property) from NewYork University School of Law and is a graduate of the HebrewUniversity of Jerusalem School of Law (LL.B.).
  • 4. 3LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013IntroductionOverview of Legal and Legislative Developments in Mobile Privacy• The Mobile Frontier• Regulatory and Policy Updates• Federal Trade Commission• California Attorney General• Securities and Exchange Commission• Top 10 Takeaways from Recommendations• International Policy Updates• Litigation and Enforcement updates• Proposed State and Federal Legislation• Bring Your Own Device (BYOD) Impacts
  • 5. 4LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013The Mobile Frontier• Mobile growth is exponential:• 70% of shoppers use mobile phone while in retail store• 24% of Black Friday sales were via mobile in 2012• 58% increase of mobile malware reported in 2012 (Symantec)• 28 percent of all mobile phone users and 48 percent of smartphone usershad used mobile banking in the past 12 months(Federal Reserve)• Federal, state, and international regulators are pushing “privacy by design”in the mobile apps arena• Similarly, companies (employees) are trending towards allowing employeeuse of personal mobile devices (“Bring Your Own Device”)
  • 6. Regulatory and Policy Updates
  • 7. 6LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Domestic Regulatory and Policy Actors• Federal Trade Commission• Two reports on mobile apps privacy, focusing on kids• Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing(Feb 2012)• Mobile Apps for Kids: Disclosures Still Not Making the Grade (Dec2012)• FTC Recommendations: Mobile Privacy Disclosures: Building TrustThrough Transparency (Feb 2013)• Updated dot Com Disclosures includes examples of mobile disclosure• Report on mobile payments, Paper, Plastic, or Mobile? March 2013• California Attorney General• Joint Statement of Principles with Platform Providers, February 2012• Letters to 100 App Developers on compliance with California OnlinePrivacy Protection Act (CalOPPA)• CA AG Privacy on the Go Recommendations January 2013• National Telecommunications and Information AdministrationMultistakeholder process on mobile transparency
  • 8. 7LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Top Takeaways from “Recommendations”• Transparency is the key – know what is happening on yourdevice/application, and explain it clearly to consumers• Have privacy policies that encompass mobile activity; these policies shouldbe easily accessible (if possible, before download)• “Sensitive” information – a/k/a personal information expanding to includegeolocation and device_id(others may be added)• Consider providing “just in time” notices when accessing sensitiveinformation, or unexpected collection of info• Customer service – have a mechanism for consumers to ask questionsabout privacy• Privacy by design incorporated into application/ data lifecycle
  • 9. International Policy Updates
  • 10. 9LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Article 29 Working Party Recommendations• More detailed transparency requirements• Proscriptive requirements about what to include in privacy policy(available before download)• Only collect information that is “strictly necessary”• Provide ability to delete data• Policy statement that all U.S.-targeted apps need to comply with EUguidance
  • 11. Enforcement and Litigation Trends
  • 12. 11LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Federal Trade CommissionFTC Consent Order against mobile device manufacturer HTC America, Inc.,February 22, 20131. The definition of covered information is very broad, including “individuallyidentifiable information” such as precise geolocation, static IP address,MAC address, cookies, and almost all information on a particular mobiledevice;2. The FTC is continuing its pursuit of legal theories against “unfair” datasecurity practices whenever it perceives a security gap; and3. Although this Consent Order involves a mobile device manufacturer, theconclusions and content could be applied to many participants in themobile industry.FTC Consent Order again social network Path, February 8, 20131. Deceptive trade practice for collecting mobile address book info, IPaddress, and device ID without consent2. Actual knowledge of collecting personal information about kids under 133. $800,000 fine for violating COPPA
  • 13. 12LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013California AG• October 31, 2012, California AG sends letters to 100 app developersregarding need to display privacy policy before applicationdownload• December 6, 2012 – California AG sues Delta Airlines for violation ofCalOPPA, Cal. Bus. & Prof. Code Section 22575(a)• Delta has unique defense, Airline Deregulation Act federalpreemption• Currently in pleadings stage in CA• California AG has threatened new lawsuits; whether CalOPPAapplies to mobile applications as “online service” issue of firstimpression
  • 14. 13LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Litigation TrendsLitigation is a growing privacy risk faced by mobile companies. In December2012 alone, six new class actions filed alleging privacy violations using afederal law as a basis for the claim.Litigation and enforcement can include “unfair or deceptive trade practices”relating to misstatement or omission of mobile app activity/informationsharing, or unfair data security, e.g.,• Cal. Bus. & Prof. Code § 17200• N.Y. Gen. Bus. Law § 349Federal Telephone Consumer Protection Act, 47 U.S.C.§ 227• Prohibits making calls using an “automatic telephone dialing system oran artificial or prerecorded voice.” 47 U.S.C. § 227(b)(1). A “call”includes text messages.
  • 15. Legislation
  • 16. 15LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Legislation• U.S. Congress• Application Privacy, Protection, and Security Act of 2013 (APPS Act)discussion draft (Rep. Hank Johnson)• Franken Location Privacy bill from last Congress (2012)• Markey Mobile Device Privacy bill from last Congress (2012)• California legislature proposals• 100 word privacy policy• “Right to Know” – amends Shine the Light to include ways when deviceIDs shared for marketing purposes• California Medical Information Act proposal;” “*a]ny business that offersapplication software that is designed to maintain medical information*…+ for purposes of allowing the individual to manage his or herinformation, or for the diagnosis, treatment, or management of amedical condition of the individual . “
  • 17. Bring Your Own Device
  • 18. 17LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013BYOD Overview• What is BYOD?• What should companies do to prepare for BYOD?• Acceptable use policy / End User Agreement• Device management; data deletion; audits; privacy• Training• Tech support / use of cloud• Global issues• What are the risks of BYOD?• Security• Discovery• Loss of control over company data
  • 19. 18LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Question and Answer SessionThank You!Mary Ellen CallahanJenner & Blockmecallahan@jenner.comOrrieDinsteinChief Privacy Leader and Senior IT & IP CounselGE Capitalorrie.dinstein@ge.com