June is proving to be a very active month for the US Federal Communications Commission (FCC) in construing the Telephone Consumer Protection Act, including what sorts of consumer interactions are sufficient to meet the requirements for consent to receive marketing or other messages. This post reports on an extraordinary warning letter issued to PayPal, criticizing a user-agreement based approach to collecting consent. Next week, we will report on a series of TCPA interpretative guidance which was adopted yesterday by a vote of 3 to 2.

On June 11, the FCC publicly released a warning letter sent to PayPal, Inc., by the FCC’s Enforcement Bureau, stating that PayPal’s new user agreement “may violate” a federal law called the Telephone Consumer Protection Act, or TCPA. The TCPA requires a consumer’s consent before a business may make certain types of phone calls or send automated text messages. PayPal had released a modification of its existing user agreement (set to go into effect on July 1) that would authorize the company to make “autodialed or prerecorded calls and text messages” for a variety of purposes and at any telephone number PayPal associates with the customer.

By Kevin Boyle and Alex Stout

On Wednesday, the Attorney General of California released a new privacy guide, titled Making Your Privacy Practices Public.  The guide doesn’t purport to be a restatement of California law (or other law) and expressly disclaims that, but it does present what the AG’s office views as a best practice approach to crafting privacy disclosure materials while covering some unique California requirements.  It also highlights recent revisions to California’s online privacy law (known as

By Kevin Boyle

In a case that is a good reminder of the potential reach of sometimes overlooked state legislation to national practices, the U.S. District Court for the Eastern District of Michigan has sustained the core of several complaints for violation of Michigan’s Video Rental Privacy Act. Among other arguments, defendants in the cases asserted that the plaintiffs’ lacked Article III standing for failure to allege actual injury. 

The cases involve the defendants’ apparently conceded sale of magazine subscription

By Jennifer Archie and Kevin Boyle 

A California state judge has dismissed a state enforcement action against our client Delta Air Lines arising out of the alleged failure to timely post a privacy policy specific to its Fly Delta App in a manner that was reasonably accessible to smartphone users.

In what Law360 characterized as a “major blow to California’s attorney general in the first test of California’s Online Privacy Protection Act,” on May 9, 2013, Superior Court Judge

By Li Jie Han

On December 28, 2012, the Standing Committee of the National People’s Congress (“NPC”) of the People’s Republic of China adopted the Decision on Strengthening the Protection of Online Information (“Decision”). The Decision contains twelve (12) clauses, which are applicable to entities in both the public and private sectors in respect of the collection and processing of electronic personal information on the Internet.

The Decision sets forth a number of provisions specifically governing the activities of Internet

By Gail Crawford and Amy Taylor

Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference.

Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, University of London, kicked off the conference on Monday–day one of the three-day event–aptly setting the scene with a session on the

European Union Justice Commissioner Viviane Reding has confirmed that we can expect to see a draft of the eagerly awaited new Data Privacy Directive in January.

The new rules are likely to significantly strengthen the rights of individuals. According to a press release issued jointly last week by Reding and Germany’s Federal Minister for Consumer Protection, Isle Aigner, “consumers in Europe should see their data strongly protected, regardless of the EU country they live in and regardless of the country in

A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of consumers installing and running it to unwittingly share personal files stored on their mobile computing devices with the public.” It’s desktop software allegedly “conveyed a

In the run up to today’s deadline for EEA Member States to implement the EU’s revised Privacy and Electronic Communications Directive, including its new rules requiring consent to the use of cookies, the UK Department of Culture, Media and Sport (the DCMS) and the UK’s privacy regulator, the ICO, have released further guidance for businesses, both on the requirements of the new rules and how they are expected to be enforced.

In terms of the UK’s revised Privacy