Alysa Zeltzer Hutnik

Photo of Alysa Zeltzer Hutnik

 

Email
(202) 342-8603
Bio

Latest Articles

Earlier this month, the Department of Justice released a White Paper and FAQ on the Clarifying Lawful Overseas Use of Data (CLOUD) Act. Enacted in March 2018, the CLOUD Act attempts to resolve the legal conflicts that arise when one country orders the disclosure of electronic data pursuant to a criminal investigation, but another country’s laws restrict or prohibit such disclosure. Communications service providers with customers, offices, and storage facilities worldwide often encounter this issue, and it…
A federal judge allowed a class-action lawsuit alleging Bose collected and shared data about its headphone users to proceed last week on the basis of deceptive advertising. The decision underscores the risks that internet of things (IoT) businesses can face if they fail to accurately communicate to consumers how a mobile app or “smart” product collects and uses personal data. At issue in the case is an allegation that Bose offered a companion app for…
Businesses often include mandatory arbitration clauses in their pre-dispute dealings with customers to prevent costly consumer class actions in favor of streamlined (often individual) arbitration.  The Federal Arbitration Act (“FAA”) makes such arbitration agreements “valid, irrevocable, and enforceable, save upon such grounds as exist at law or in equity for the revocation of any contract.”  Relying on the FAA, the Supreme Court has defended business enforcement of such clauses against state- and judge-made exceptions.  For…
The FTC recently announced a $5.7 million settlement with app developer Musical.ly for COPPA violations associated with its app (now known as TikTok)—the agency’s largest-ever COPPA fine since the enactment of the statute. The agency charged the app company, which allows users to create and share videos of themselves lip-syncing to music, with unlawfully collecting personal information from children. To create a TikTok profile, users must provide contact information, a short bio, and a profile…
The Federal Trade Commission (FTC) announced this week that it is seeking comments on proposed amendments to the Privacy Rule and Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).  These two rules outline obligations for financial institutions to protect the privacy and security of customer data in their control.  While the proposed changes to the Privacy Rule are modest, the expansive list of specific cyber controls proposed for the Safeguards Rule is material and could impose…
The National Institute of Standards and Technology (NIST) released a preview of its plans for a standard Privacy Framework this past week.  The purpose of the Framework is to help organizations better manage privacy risks. The Privacy Framework would breakdown privacy functions into five categories: identify the context of processing, protect private data, control data through data management, inform individuals about data processing, and respond to adverse breach events. Also, organizations would be able to…
The current and future definition of what qualifies as an automatic telephone dialing system (ATDS or autodialer) remains a hotly debated and evaluated issue for every company placing calls and texts, or designing dialer technology, as well as the litigants and jurists already mired in litigation under the Telephone Consumer Protection Act (TCPA).  Last year, the D.C. Circuit struck down the FCC’s ATDS definition in ACA International v. FCC, Case No. 15-1211 (D.C. Cir. 2019). …
Last week, the California Assembly’s Standing Committee on Privacy and Consumer Protection held a hearing to discuss the California Consumer Privacy Act. While many panelists from the private sector pointed out problems with the law, a few panelists defended the law, and some suggested that it didn’t go far enough. For example, Stacey Schesser, the Supervising Deputy Attorney General for the Privacy Unit in the Consumer Law Section of the Office of the California Attorney…
The Federal Trade Commission (FTC) announced this week that it would not update its anti-spam rule, completing the agency’s first 10-year review of the regulation. The FTC last updated the rule, known as the CAN-SPAM Rule, in 2008. The rule requires, among other things, that commercial e-mail messages have a mechanism for allowing the recipient to opt out of future messages. As part of the FTC’s review process, the FTC sought comments on whether the…
Last week, five advertising and marketing trade associations jointly filed comments with the California Attorney General seeking clarification on provisions within the California Consumer Privacy Act (CCPA). While expressing “strong support” for the CCPA’s intent, and noting the online ad industry’s longstanding consumer privacy efforts like the DAA’s YourAdChoices Program, the group proposed the following three clarifications relating to CCPA provisions that, unless modified, the group believes could reduce consumer choice and privacy: Notice…