US and Federal Privacy News Roundup – Fall 2021 Compilation

Arizona and Georgia agreed to Apple’s digital driver’s license and state ID plan, making them the first states to sign on. The TSA will be the first agency to accept the new style of ID and make it convenient to travel by simply tapping your phone on an identity reader.

Potential issues are noted in regard to monitoring the data being collected by state governments when creating the digital ID.

Additional concerns revolve around the prevention of using fake IDs and Apple’s new, but still unannounced security verification feature, which would validate the user with selfies to prevent another person from using the license without permission.

On July 29, the New York City Council passed Int. No. 2311, which amended the New York City Administrative Code to allow restaurants using third-party delivery apps to obtain the personal information of customers.

The amendment allows restaurants to request customer names, contact information, delivery address and order history from third-party delivery apps - and requires those apps to disclose the information. It requires restaurants that receive the data to follow sharing limitations - they cannot sell, rent, or disclose the data to other third parties. However, they can use the data for marketing purposes. It restricts third-party apps from having an “opt-out of all” option.

However, on September 15, DoorDash Inc. sued New York City, in regards to a direct relation to the new legislation. DoorDash claimed that the new law violates customer privacy, giving restaurants access to information that would not normally be obtained and puts customers at risk if their information is mishandled.

Governor JB Pritzker signed into law the Protecting Household Privacy Act which focuses on the protection of household electronic data related to electronic communication like Google Home and Alexa. This law will take into effect January 1, 2022.

The appropriate statute of limitations period regarding the Illinois Biometric Information Privacy Act (BIPA) came into question after Black Horse Carriers, Inc., was sued for allegedly violating BIPA when they scanned the fingers of their employees. The court found that different statute of limitations apply to different sections of BIPA.

Legislators have proposed a bill that would better protect student data collected by companies that offer online services to schools. The new bill hopes to provide legislative support under privacy negotiations, concretely define student data, and gives students and schools more control over holding companies accountable for data security.

The United States Treasury Department is working towards finding a way to decrease the number of ransomware attacks by cutting off the flow of money to the attackers.

The U.S. House Energy and Commerce Committee passed a budget that would invest $1 billion for the Federal Trade Commission (FTC) to make a specialized bureau focused on data security and identity theft.

The Securities and Exchange Commission (SEC) issued a fine to App Annie Inc. for $10 million. Their fine comes after they were found guilty of deceiving their clients on how data was obtained.

App Annie Inc. is one of the largest sellers of market data from mobile apps. Mobile app users agreed to share their data on the app under the pretense that their information would not be shared to other third parties. However, clients’ data was sold and the company was also found guilty of lying to trading firms about the privacy regulations they had in place with their clients.