For the first time since 2015, the Federal Trade Commission (FTC) has been asked to approve a new “verifiable parental consent” (VPC) method under the Children’s Online Privacy Protection (COPPA) Rule. Under COPPA, operators of online sites and services “directed to children” under 13 must obtain VPC before collecting personal information from a child online. The COPPA Rule enumerates several acceptable methods for obtaining VPC, but also allows interested parties to submit new VPC methods to the FTC for approval. The FTC has announced that the Entertainment Software Rating Board (ESRB), which operates a COPPA safe harbor program, along with Yoti Ltd., a digital identity company that offers identity verification, age assurance, reusable digital identity, and e-signature solutions, and SuperAwesome Ltd., which provides technology to help companies comply with parental verification requirements, submitted an application for a new VPC method utilizing “Privacy-Protective Facial Age Estimation,” which is designed to analyze the geometry of a parent’s face to confirm that they are an adult.Continue Reading COPPA: Public Comment Period Open for Proposed Verifiable Parental Consent Method

The Federal Trade Commission (FTC) issued a policy statement on May 18, 2023, addressing concerns relating to the collection and use of biometric information. The Biometrics Policy Statement, which the FTC’s Commissioners voted 3-0 to issue, outlines practices related to biometric information that the FTC views as violations or will take into account when evaluating

On March 24, 2023, Texas House Representative Giovanni Capriglione participated in a virtual interview with the Dallas chapter of the International Association of Privacy Professionals (IAPP) about his recently introduced bill, HB 4, also known as the Texas Data Privacy and Security Act (TDPSA). The interview was moderated by Samantha V. Ettari, Perkins Coie LLP senior counsel and co-chair of the IAPP KnowledgeNet Dallas Chapter, and Justin L. Koplow, AT&T senior legal counsel and also a co-chair of the IAPP Dallas Chapter. The conversation focused on a variety of subjects, including Rep. Capriglione’s professional technology background and subsequent journey into privacy issues, the development of the TDPSA, its specific provisions, and how the bill compares to privacy regimes in other states, including the Virginia Consumer Data Protection Act (VCDPA), on which it was modeled. This is the third comprehensive consumer privacy bill Rep. Capriglione has advanced, and this one appears to be channeling the momentum of six states’ comprehensive privacy laws, Texas denizens’ apparent interest in consumer privacy, and a significant national conversation around consumers’ and children’s privacy. Continue Reading Saddle Up: Texas Makes Another Push to Join States With Comprehensive Consumer Privacy Laws

The Illinois Supreme Court recently opened the floodgates for class actions under the Illinois Biometric Information Privacy Act and created potentially massive and catastrophic exposure for Illinois businesses. In a close 4-3 ruling, the landmark decision in Latrina Cothron v. White Castle System Inc. holds that every individual scan or transmission of biometric data made

Amazon and Microsoft won summary judgment in two class action lawsuits filed in federal court in the U.S. District Court for the Western District of Washington asserting violations of the Illinois Biometric Information Privacy Act. While the facts of the cases are unique—the defendants received a data set that was developed by a third party

Online shopping and the use of virtual try-on technology continue to grow in popularity. Retailers today have a number of options when considering how to bring virtual try-ons to consumers. These range from licensing third-party technology to integrate virtual try-on within their own e-commerce channels to partnering with an online shopping network that offers the

In recent years, apparel and retail businesses have increasingly sought to provide customers with options to interact with the brand’s merchandise and services in virtual environments. This includes everything from virtual try-on to virtual stores in the metaverse. Depending on their specific nature, these services could potentially trigger biometric privacy laws, generating risk for businesses.

In February, the Texas attorney general brought the first enforcement action under Texas’ Capture of Use of Biometric law. CUBI was the first state law to govern the collection and use of biometric data, predating the more well-known Illinois law by seven years.

This update explores (1) the key differences between CUBI and the Illinois

For the second year in a row, amidst a wave of biometric lawsuits in other states, Maryland legislators have introduced a new biometric privacy law mimicking the Illinois Biometric Information Privacy Act (BIPA). In 2021, a similar proposed law (HB 0218) failed to make it past committee hearings and was withdrawn by its sole sponsor, Maryland House Delegate Sara Love.
Continue Reading Maryland Legislators Once Again Push for a BIPA-Style Biometric Privacy Bill