LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments including the proposed APPS Act and BYODPresentation Transcript
Mobile Privacy: An Overview of Legal and Legislative DevelopmentsA Complimentary LexisNexis® WebinarMay 8, 2013Mary Ellen Callahan, Jenner & BlockOrrie Dinstein, Chief Privacy Leader andSenior IT & IP Counsel, GE Capital
1LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013About the SpeakersMary Ellen Callahan, Chair of Jenner & Block’s Privacy andInformation Governance Practice, has unique and broadexperience with interfacing the protection of privacy, civil rights,and civil liberties with cybersecurity and national security issues.A nationally recognized privacy attorney with over a decade ofoutside counsel experience, she served as Chief Privacy Officer ofthe U.S. Department of Homeland Security from 2009 until August2012. She is also a prolific writer and speaker on cutting edgecommercial privacy issues.Mary Ellen is a graduate of the University of Pittsburgh, Bachelorof Philosophy, magna cum laude, and a Juris Doctor from theUniversity of Chicago.
2LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013About the SpeakersOrrieDinstein is the Chief Privacy Leader and Senior IT & IP Counsel atGE Capital, a division of the General Electric Company. He has globalresponsibility for data protection. Orrie works closely with the IT andinformation security teams as well as other functions to establishpolicies, procedures, processes and tools related to data privacy andsecurity and social media related matters. He is also the leadintellectual property lawyer at GE Capital.Prior to joining GE, Orrie was Counsel in the Intellectual Property &Technology group of the New York office of King & Spalding, handlinglitigation, licensing and corporate matters, and an associate atProskauer Rose LLP in New York. Before moving to the U.S., he workedfor several years in one of Israels premier law firms, and was anassistant professor at the Tel-Aviv University.Orrie is a frequent speaker on privacy, social media and technologymatters and is the author of dozens of articles and book chapters ontechnology and intellectual property related matters.Orrie received an LL.M. law degree (intellectual property) from NewYork University School of Law and is a graduate of the HebrewUniversity of Jerusalem School of Law (LL.B.).
3LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013IntroductionOverview of Legal and Legislative Developments in Mobile Privacy• The Mobile Frontier• Regulatory and Policy Updates• Federal Trade Commission• California Attorney General• Securities and Exchange Commission• Top 10 Takeaways from Recommendations• International Policy Updates• Litigation and Enforcement updates• Proposed State and Federal Legislation• Bring Your Own Device (BYOD) Impacts
4LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013The Mobile Frontier• Mobile growth is exponential:• 70% of shoppers use mobile phone while in retail store• 24% of Black Friday sales were via mobile in 2012• 58% increase of mobile malware reported in 2012 (Symantec)• 28 percent of all mobile phone users and 48 percent of smartphone usershad used mobile banking in the past 12 months(Federal Reserve)• Federal, state, and international regulators are pushing “privacy by design”in the mobile apps arena• Similarly, companies (employees) are trending towards allowing employeeuse of personal mobile devices (“Bring Your Own Device”)
Regulatory and Policy Updates
6LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Domestic Regulatory and Policy Actors• Federal Trade Commission• Two reports on mobile apps privacy, focusing on kids• Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing(Feb 2012)• Mobile Apps for Kids: Disclosures Still Not Making the Grade (Dec2012)• FTC Recommendations: Mobile Privacy Disclosures: Building TrustThrough Transparency (Feb 2013)• Updated dot Com Disclosures includes examples of mobile disclosure• Report on mobile payments, Paper, Plastic, or Mobile? March 2013• California Attorney General• Joint Statement of Principles with Platform Providers, February 2012• Letters to 100 App Developers on compliance with California OnlinePrivacy Protection Act (CalOPPA)• CA AG Privacy on the Go Recommendations January 2013• National Telecommunications and Information AdministrationMultistakeholder process on mobile transparency
7LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Top Takeaways from “Recommendations”• Transparency is the key – know what is happening on yourdevice/application, and explain it clearly to consumers• Have privacy policies that encompass mobile activity; these policies shouldbe easily accessible (if possible, before download)• “Sensitive” information – a/k/a personal information expanding to includegeolocation and device_id(others may be added)• Consider providing “just in time” notices when accessing sensitiveinformation, or unexpected collection of info• Customer service – have a mechanism for consumers to ask questionsabout privacy• Privacy by design incorporated into application/ data lifecycle
International Policy Updates
Enforcement and Litigation Trends
11LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Federal Trade CommissionFTC Consent Order against mobile device manufacturer HTC America, Inc.,February 22, 20131. The definition of covered information is very broad, including “individuallyidentifiable information” such as precise geolocation, static IP address,MAC address, cookies, and almost all information on a particular mobiledevice;2. The FTC is continuing its pursuit of legal theories against “unfair” datasecurity practices whenever it perceives a security gap; and3. Although this Consent Order involves a mobile device manufacturer, theconclusions and content could be applied to many participants in themobile industry.FTC Consent Order again social network Path, February 8, 20131. Deceptive trade practice for collecting mobile address book info, IPaddress, and device ID without consent2. Actual knowledge of collecting personal information about kids under 133. $800,000 fine for violating COPPA
13LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Litigation TrendsLitigation is a growing privacy risk faced by mobile companies. In December2012 alone, six new class actions filed alleging privacy violations using afederal law as a basis for the claim.Litigation and enforcement can include “unfair or deceptive trade practices”relating to misstatement or omission of mobile app activity/informationsharing, or unfair data security, e.g.,• Cal. Bus. & Prof. Code § 17200• N.Y. Gen. Bus. Law § 349Federal Telephone Consumer Protection Act, 47 U.S.C.§ 227• Prohibits making calls using an “automatic telephone dialing system oran artificial or prerecorded voice.” 47 U.S.C. § 227(b)(1). A “call”includes text messages.
Bring Your Own Device
17LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013BYOD Overview• What is BYOD?• What should companies do to prepare for BYOD?• Acceptable use policy / End User Agreement• Device management; data deletion; audits; privacy• Training• Tech support / use of cloud• Global issues• What are the risks of BYOD?• Security• Discovery• Loss of control over company data
18LexisNexis Webinar: Mobile Privacy: An Overview of Legal and Legislative Developments– May 8, 2013Question and Answer SessionThank You!Mary Ellen CallahanJenner & Blockmecallahan@jenner.comOrrieDinsteinChief Privacy Leader and Senior IT & IP CounselGE Capitalorrie.email@example.com