To continue my prior post on the Article 29 Working Party’s Opinion 6/2014, it is important to take a closer look at the specifics of the notion of a Controller’s “Legitimate Interests”

Unlike all the other criteria for lawful processing, Article 7(f) is the only one which specifically articulates the idea that commercial interests should have weight in the calculus of “fair and lawful” processing. In each of the other criteria, if the criteria is met, the grounds for processing are considered a priori legitimate. In Article 7(f), each purpose for processing will need to have the balancing test engaged. This is going to require a bit more analysis than the other criteria. However, because of the fact that this analysis is internal to the business, it may well be less onerous than other options would be (e.g. having the DPA opine as to the legitimacy of the processing).
Continue Reading Legitimate Interests – Alternative to Notice & Choice?

In 2003 the California legislature enacted §22575 of the business and professions code into law.  It was the first State law that required a website to post a privacy policy. However, the Internet ecosystem has changed since 2003. Facebook has come into existence, and the “behavioral advertising” industry has developed into a multi-billion dollar-a-year exercise. As a result, two new disclosure requirements have been added to §22575. Consequently, all commercial entities that collect PII from consumers in California will need to re-evaluate their underlying technology and privacy policies for compliance.
Continue Reading New CA Privacy Policy Requirements – 3rd Party Tracking

Last year, the Federal Communications Commission (“FCC”) issued an update to its rules implementing the Telephone Consumer Protection Act of 1991 (“TCPA”). These changes became effective October 16th of this year. At its core, the TCPA requires consent (either express or implied) to make telemarketing calls. Now, the TCPA now requires prior express consent for the majority of telemarketing efforts.  In addition, the “established business relationship” exception for calls to a residential landline has been eliminated.  Finally, there are additional “opt-out” requirements for any pre-recorded messages.  Considering the fact that the TCPA is functionally a “strict liability” statute with statutory damages of $500 to $1500 per violation, this isn’t something that one should ignore. It is too easy of a case for a bored plaintiff’s lawyer to make.
Continue Reading Recent Changes to Telephone Consumer Protection Act – the US is starting to look like the EU