On August 14, 2024, the Federal Trade Commission (FTC) issued a final rule that prohibits publishing or trading in fake or misleading consumer reviews and testimonials, or engaging in other related deceptive promotional tactics. Notably, under the FTC’s new rule, the commission will be authorized to seek civil penalties against violators.Continue Reading FTC Issues Final Rule Banning Fake and Misleading Consumer Reviews and Testimonials

On July 16, 2024, the California Privacy Protection Agency (CPPA) Board met to discuss advancing its over 200-page draft rulemaking package to formal proceedings.[1] The proposed regulations include 37 pages of significant new obligations spanning cybersecurity audits, automated decision-making technology (e.g., artificial intelligence, (AI)), privacy risk assessments, and 72 pages of other updates to existing regulations. Together, these regulations would create new compliance obligations for tens of thousands of California businesses and are preliminarily estimated to generate a staggering $4.2 billion in compliance costs for those businesses in their first year alone. Critically, these estimates do not include the many businesses that are based outside of California, yet subject to the California Consumer Privacy Act (CCPA) because they do business in California, meaning the real economic burden is likely to be far more significant.Continue Reading Substantial New CCPA Regulations Inch Closer to Reality: A Detailed Overview of the New Requirements and Their Projected $4 Billion Cost to California Businesses

On June 7, 2023, the New York legislature passed the Stop Addictive Feeds Exploitation (SAFE) for Kids Act (SAFE Act or the Act) and the New York Child Data Protection Act (CDPA), both aimed at protecting children online. The SAFE Act prohibits covered social media companies from providing individuals under 18 (minors) with “addictive feeds” (as defined in the SAFE Act) and overnight notifications, absent parental consent. The CDPA is intended to complement the SAFE Act by limiting the extent to which providers of internet websites, online and mobile applications, and connected devices (service) can collect, use, share, and sell minors’ personal data. If signed into law by Governor Hochul, the SAFE Act and CDPA would create new, onerous requirements for entities doing business in New York. The key provisions of each act are highlighted below.Continue Reading New York Legislature Passes a Pair of Bills to Protect Children’s Privacy Online

On May 16, 2024, the U.S. Securities and Exchange Commission (SEC) announced that it had adopted final amendments to its Regulation S-P (the Rule or Amended Rule), which governs “covered financial institutions’” treatment of consumers’ nonpublic personal information, to ensure that these entities implement incident response programs and notify consumers when their information has been compromised. Brokers, dealers, investment companies, investment advisers, crowdfunding portals, and transfer agents registered with the SEC or another appropriate regulatory agency are all considered covered institutions (CIs) under the Amended Rule.Continue Reading SEC Expands Security and Breach Notification Requirements for Investment Firms

On February 28, 2024, President Biden signed Executive Order 14117 (the Order) aimed at protecting Americans’ sensitive personal data and U.S. Government-related data from exploitation by “countries of concern.” This move constitutes a transformative overhaul in the U.S. approach to data regulation and creates the foundation for a comprehensive regulatory structure governing U.S. data.Continue Reading New Executive Order Restricts Certain Cross-Border Transactions Involving Sensitive Personal Data of U.S. Citizens

Last week, the Federal Trade Commission (FTC) announced a proposed rule that would regulate a broad range of “junk fees” in consumer goods and services, from resort fees associated with travel and lodging, to delivery fees associated with meal and grocery delivery, to convenience fees associated with financial services (the proposed rule). The proposed rule would generally prohibit the omission of mandatory fees from advertised prices. If finalized, violations of the proposed rule could result in civil penalties of up to $50,120 per violation. The public has 60 days to comment after the proposal is published in the Federal Register.Continue Reading FTC Seeks Comments on Proposed Rule Requiring Disclosure of Fees in Consumer Goods and Services