Data Privacy Compliance Attorney Protecting Your Business Online.
Attorney Philip Nicolosi advises businesses and other website regarding data privacy and protection laws related to the collection/use of information from website and app visitors. With changes in FTC guidelines and the adoption of recent state laws (such as the Illinois Biometric Privacy Act), website operators must not only worry about liability from website visitors and/or customers, but with regulatory agencies as well. Mr. Nicolosi understands the marketing and business practices that pose significant liability concerns for businesses operating online. Our years of experience in this niche gives our business clients the ability to grow online, not stumble out of the gates.
Data Collection & Use Disclosure
Appropriately drafted privacy policies are critical to avoiding liability online, including Federal Trade Commission (FTC) liability. While there is no specific federal law governing what a privacy policy should say. failing to disclose how any website collects, shares and uses personally identifying information can be a deceptive practice under the FTC Act. Additionally, some states such as California (Online Privacy Protection Act) have adopted specific privacy laws requiring disclosure of how website’s collect, use and share visitor information. Mr. Nicolosi understands the ways in which websites collect, use and share information and has drafted hundreds of privacy policies on behalf of website operators.
GDPR Compliance
Under the EU General Data Protection Regulation (GDPR), EU natural citizens now have extensive rights to control how their personal data is collected, maintained and/or used. The GDPR includes a comprehensive definition of what constitutes personal data and sets forth numerous rights of individuals to know how their personal data is being used and each data collector must obtain informed consent to collect, maintain or use the individual’s personal data prior to collection. GDPR compliance requires consent prior to automatic data collection and proper data collection and use disclosure is critical. Attorney Philip Nicolosi has advised numerous businesses and website operators on GDPR best practices. This has included website and app data collection compliance audits and assistance with the creation of compliance mechanisms, including working closely with client in-house or contracted website and app developers.
Collecting Information From Children Under 13
The Children’s Online Privacy Protection Act (“COPPA”) applies to operators of commercial websites and online services directed to children under 13 that collect, use or disclose personal information from such children. COPPA also applies to the operators of general audience websites and online services where the operators have actual knowledge that they are collecting, using or disclosing personal information from children under 13. Under COPPA, website operators must:
-
- Post a clear and comprehensive privacy policy describing their collection and disclosure of personal information from children under 13;
- Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information from children;
- Provide parents access to their child’s personal information to review and/or have the information deleted;
- Give parents the opportunity to prevent further use or online collection of a child’s personal information;
- Maintain the confidentiality, security, and integrity of information they collect from children.