The state attorneys general, led by Maryland Attorney General Doug F. Gansler, are gearing up for a year focused on privacy and the Internet. On June 21, AG Gansler was installed as the 2012-13 president of the National Association of Attorneys General (NAAG). As the NAAG President, AG Gansler announced that he will spearhead a national initiative examining privacy and the Internet, the Presidential Initiative for the coming year. To kick-start that initiative, “Privacy in a Digital Age,” privacy panel discussions during the NAAG summer meeting focused on privacy in online gaming and the theft of children’s Social Security numbers. Although it is impossible to predict what specific topics the attorneys general will focus on as part of the Presidential Initiative, educated guesses can be made by reviewing recent attorney general privacy and data security actions, as well as looking at what is on the radar for federal regulators. Our predictions for the top three issues: (1) children, (2) mobile, and (3) privacy policies.
New Jersey Attorney General Jeffrey S. Chiesa set the stage for AG enforcement action against mobile application (app) developers with his lawsuit against app developer 24 x 7 Digital, LLC. On June 4, New Jersey sued 24 x 7 for collecting and transmitting the names and unique device identifiers (UDIDs) from children without parental consent in violation of the Children’s Online Privacy Protection Act (COPPA). Although most state AGs have not been particularly active in COPPA enforcement, this case is an important reminder that they have that authority, and may be flexing their muscle in this area in the months to come.
It is not a surprise that these areas should be receiving special attention by the states, as mobile apps, children’s issues and disclosures in privacy policies have been front and center for federal agencies looking at privacy issues. We have discussed the Federal Trade Commission’s most recent reports on privacy here and the Department of Commerce’s report here. One recommendation from Commerce’s report – the convening of stakeholder meetings to develop privacy codes of conduct – is already being implemented. Stakeholders interested in the transparency of data collection by mobile applications will converge on Washington, D.C. July 12 to discuss the topic at length. The National Telecommunications and Information Administration’s (NTIA) blog announcing that mobile will be the first topic is available here. FTC Commissioner Julie Brill also reiterated the FTC’s top three privacy issues – data brokers, mobile, and privacy policies for social networks – at the annual privacy and data security Practising Law Institute conference in New York.