Tag Archives: FTC

FCC Orders Far-Reaching New Privacy and Data Security Rules

As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new rules, which impose strict new requirements for ISPs’ collection, use, sharing, and protection of their customers’ information, including information ISPs … Continue Reading

FTC Increases Maximum Civil Penalties for HSR Act, COPPA, and Other Violations from $16,000 to $40,000

On June 30, 2016, the Federal Trade Commission (FTC) issued an interim final rule that substantially increases the maximum civil penalties for violations of the competition and consumer protection laws enforced by the FTC that authorize the assessment of civil penalties. The increased amounts will apply to penalties assessed on or after August 1, 2016, even … Continue Reading

WSGR Alert: FTC Brings First Privacy Enforcement Action Against a Mobile Ad Network

On June 22, 2016, the Federal Trade Commission (FTC) announced that it has settled charges that InMobi, a Singapore-based mobile advertising company, deceptively tracked the locations of hundreds of millions of consumers, including children, to deliver geo-targeted advertising, and violated both the FTC Act and the Children’s Online Privacy Protection Act (COPPA). This is the … Continue Reading

CFPB Brings First Data Security Enforcement Action

The Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action was against Dwolla Inc., a Des Moines, Iowa-based online payment platform. The CFPB alleged that Dwolla misrepresented its data security practices, and as a … Continue Reading

WSGR Alert: FTC Settles with Manufacturer of Home Network Routers over Alleged Data Security Flaws

On February 23, 2016, the Federal Trade Commission (FTC) announced a settlement with computer hardware maker ASUSTeK Computer, Inc. (ASUS). The ASUS settlement highlights the FTC’s position regarding security in the connected device market: connected device manufacturers are responsible for security shortcomings in their devices and are expected to promptly update or patch any identified … Continue Reading

FTC Approves Facial Recognition as Method of Obtaining Parental Consent to Collect Children’s Information

The Federal Trade Commission (FTC) recently approved a new method for website operators and mobile application developers (“operators”) to obtain parental consent to collect personal information from children.1 Under this new method, which is the first to use biometric identifiers to verify that a parent is providing consent for a child, the FTC will permit … Continue Reading

FTC Begins “Start with Security” Conference Series

On September 9, 2015, the Federal Trade Commission (FTC) held its first “Start with Security” conference at the University of California Hastings College of the Law in San Francisco. The conference was the first in a series of events hosted by the agency intended to provide additional guidance to businesses regarding how to keep consumers’ … Continue Reading

FTC Closing Letter Confirms the Importance of Implementing Employee Access Controls

Companies have been pressing the Federal Trade Commission (FTC) for additional guidance on data security, and the agency recently delivered. On August 10, 2015, the FTC issued a public closing letter to Morgan Stanley Smith Barney LLC (Morgan Stanley) regarding the agency’s investigation into concerns that the company “fail[ed] to secure, in a reasonable and … Continue Reading

FCC Open Internet Rules Contain Important New Privacy, Data Security, and Transparency Measures

The Federal Communication Commission’s (FCC’s) newly promulgated Open Internet rules (2015 rules)—also known as the net neutrality rules—went into effect on June 12, 2015.1 The new rules apply specifically to broadband Internet access service providers, and not to Internet content, application, and device providers (edge providers). Nonetheless, by design, the rules will have a potentially … Continue Reading

FCC Issues Omnibus TCPA Declaratory Ruling and Order Addressing Numerous Issues Regarding Calling and Texting Consumers

On July 10, 2015, the Federal Communications Commission (FCC) released its long-anticipated Declaratory Ruling and Order1 addressing twenty-one petitions and requests seeking clarification of, and relief from, various provisions of the Telephone Consumer Protection Act (TCPA) and the FCC’s implementing regulations.2 The order provides some much-needed clarity in certain areas, but commentators have generally concluded … Continue Reading

FTC Updates School-Related COPPA Guidance

The use of technology in classrooms across the country has exploded in recent years. This has prompted increased activity by federal and state lawmakers to enact laws to protect student privacy,1 as well as raised numerous questions about how the Children’s Online Privacy Protection Act (COPPA) applies to schools, the technologies they use, and the … Continue Reading

COPPA Looms Large for Mobile Apps

The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider … Continue Reading

FTC Issues Carrier Billing Recommendations to Protect Consumers Against Mobile Cramming

On July 28, 2014, the Federal Trade Commission (FTC) issued a staff report on “mobile cramming”—the unlawful practice of placing unauthorized third-party charges on mobile phone accounts. The report recommended five best practices primarily directed to mobile carriers but at times also directed to merchants and billing intermediaries. This report follows a number of FTC … Continue Reading

Federal Agencies Reduce Barriers to Cyber Threat Information Sharing

Federal regulators released guidance in the first half of 2014 that should provide comfort to businesses that are considering sharing information relating to cybersecurity risks with other companies and the government. Although these advisory opinions are nonbinding and do not carry the force of law, they provide strong indications of the priorities of the U.S. … Continue Reading

FTC Recommends Improved Transparency and Security in Mobile Shopping Apps

In August 2014, the Federal Trade Commission (FTC) published a staff report that evaluates the consumer disclosures made by a number of popular mobile shopping applications and makes recommendations to the providers and users of those apps.1 The FTC staff did not address or find any fault with app platforms, like Google Play or Apple’s … Continue Reading

The Wyndham Rulings and the FTC’s Leadership on Data Security Enforcement

Despite reaching settlements with more than 50 organizations on data security issues since the late 1990s, no organization seriously challenged the Federal Trade Commission’s (FTC’s) authority to bring such cases until FTC v. Wyndham Worldwide Corp. made headlines in 20121 The case brought rampant speculation from the privacy and data security community on the likely … Continue Reading

Apple Agrees to Refund at Least $32.5 Million to Settle FTC Complaint Alleging That It Charged Kids’ In-App Purchases Without Parental Consent

On January 15, 2014, the Federal Trade Commission (FTC) announced that Apple, Inc. had agreed to pay a minimum of $32.5 million in full refunds to consumers to settle allegations that the company was billing customers for purchases that children made from the company’s App Store without parental consent.1 According to the FTC, since at … Continue Reading

FTC Steps Up Enforcement of Safe Harbor Compliance Claims

The Federal Trade Commission’s (FTC’s) enforcement actions for claims of compliance with Safe Harbor privacy frameworks by U.S. companies have increased significantly over the past few months. In the first two months of 2014 alone, the FTC announced settlements with 13 U.S. companies over allegations that the companies falsely claimed they held current certifications under … Continue Reading

National Rent-to-Own Company Settles FTC Charges of Enabling Computer Spying by Franchisees

On October 22, 2013, the Federal Trade Commission (FTC) announced a proposed settlement of a case against Aaron’s, Inc., a national rent-to-own retailer with more than 1,800 locations in 48 states, having alleged that Aaron’s knowingly played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly … Continue Reading

FTC Settlement with Flashlight App Requires Extensive Disclosures Outside of the Privacy Policy to Collect and Share Geolocation Information

The Federal Trade Commission (FTC) announced on December 5, 2013, that Goldenshores Technologies, LLC and its managing member, Erik M. Geidl, agreed to a proposed settlement over claims that Goldenshores, through its “Brightest Flashlight Free” mobile application, violated Section 5(a) of the FTC Act prohibiting unfair or deceptive acts and practices affecting commerce by failing … Continue Reading

California Amends CalOPPA to Require Do-No-Track Disclosures

California Governor Jerry Brown recently signed into law A.B. 370,1 which amends the California Online Privacy Protection Act2 (CalOPPA) to require certain operators of websites and other online services to disclose how they respond when a visitor’s web browser sends a “Do Not Track” signal. The bill also requires operators to disclose the data collection practices of … Continue Reading

Policing Privacy: Undercover FTC Staff “Test-Shop” Data Brokers to Identify FCRA Violators

In early May, Theodore Moss, the CEO of online background-check provider Crimcheck.com, received a letter from the Federal Trade Commission (FTC) notifying him that “recent test-shopping contacts” had indicated that his company was possibly selling consumer information unlawfully.1 Crimcheck.com provides background-check services to businesses conducting employment screenings for potential job candidates.2 Such companies, often referred … Continue Reading

Digital Advertising Alliance Releases Guidance on the Application of Its Self-Regulatory Principles to the Mobile Environment

New Self-Regulatory Guidance Joins Other Privacy and Transparency-Related Considerations for Participants in the Mobile Ecosystem On July 24, 2013, the Digital Advertising Alliance (DAA), comprised of the largest media and marketing trade associations in the U.S., released new guidance regarding mobile and other devices (Mobile Guidance).1 The Mobile Guidance explains how the DAA’s existing Self-Regulatory … Continue Reading

FTC Issues New Guidance for Disclosures in Online Advertising

Mobile and social media marketing are on the rise.1 With that in mind, the Federal Trade Commission issued new guidance for advertisers on how to make effective mobile and other online disclosures. Entitled “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,”2 the guidance provides an update to the FTC’s 2000 publication on the … Continue Reading
LexBlog