Dec 312014
 December 31, 2014  Posted by  Business, Govt

From the FTC’s press release:

Following a public comment period, the Federal Trade Commission has approved a final order settling charges that Snapchat deceived consumers with promises about the disappearing nature of messages sent through the service.

According to the FTC’s complaint, which was first announced in May, 2014, Snapchat also deceived consumers over the amount of personal data it collected and the security measures taken to protect that data from misuse and unauthorized disclosure.

The settlement with Snapchat is part of the FTC’s ongoing effort to ensure that companies market their apps truthfully and keep their privacy promises to consumers. It prohibits Snapchat from misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information. In addition, the company will be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.

The Commission vote approving the final order and letters to members of the public who commented on them was 5-0.  (FTC File No. 132-3078; the staff contacts are Allison Lefrak, 202-326-2804, and Nithan Sannappa, 202-326-3185.)


Dec 312014
 December 31, 2014  Posted by  Court, Online

Aimee Green reports:

A Lincoln City hotel lost its fight to hold an anonymous person liable for a scathing review on that its owners worried was driving away business.

A Multnomah County Circuit judge said he would not compel the travel website to hand over the name of the commenter because — just like traditional news organizations, such as newspapers and TV stations — TripAdvisor is protected under Oregon’s media shield law.

Read more on Oregon Live.

Dec 312014
 December 31, 2014  Posted by  Breaches, Business, Featured News, Non-U.S.

Hunton & Williams report:

On December 29, 2014, the Commissioner for Data Protection and Freedom of Information of the German state Rhineland-Palatinate issued a press release stating that it imposed a fine of €1,300,000 on the insurance group Debeka. According to the Commissioner, Debeka was fined due to its lack of internal controls and its violations of data protection law. Debeka sales representatives allegedly bribed public sector employees during the eighties and nineties to obtain address data of employees who were on path to become civil servants.

Read more on Hunton & Williams Privacy and Information Security Law Blog.

Dec 312014
 December 31, 2014  Posted by  Surveillance

Sean Gallagher reports:

On Christmas Eve, as the National Security Agency was releasing a report on NSA employees’ abuses of surveillance technology, Google was telling WikiLeaks about another sort of surveillance. According to a statement by WikiLeaks on Twitter, Google informed the organization on December 24 that the Gmail mailboxes and account metadata of a WikiLeaks employee had been turned over to law enforcement under a US federal warrant.

Update: WikiLeaks did not respond to initial requests for more details on the notification. However, WikiLeaks journalist and Courage Foundation acting director Sarah Harrison displayed a redacted copy of the warrant during her presentation on source protection at the Chaos Communications Congress yesterday in Hamburg, Germany. The warrant was dated for execution by April 5, 2012 by the United States District Court for the Eastern District of Virginia, and was apparently part of the continuing investigation by the Justice Department into criminal charges against WikiLeaks and its founder Julian Assange.

Read more on Ars Technica.