Companies that automatically renew customers’ subscriptions or memberships, take note. On October 16, 2024, the Federal Trade Commission (FTC) announced sweeping amendments to the Negative Option Rule, which would apply to a host of subscription-based products and services that have an auto-renewal feature (i.e., a negative option offering), including those directed to businesses. The Rule includes specific and prescriptive requirements, such as requirements to 1) obtain consumers’ affirmative consent to an auto renewal feature “separate from any other portion of the transaction,” 2) present all material terms of the transaction “immediately adjacent to” the means of recording consumer consent, and 3) allow for simple cancellation in the same medium the consumer used to consent, noting that a chatbot cancellation method would not be acceptable unless the initial transaction was made through a chatbot. Violations of the Rule would be subject to $51,744 in civil penalties per violation.Continue Reading Subscription and Auto-Renew Offerings Face New Hurdles: FTC Issues Broad “Click-to-Cancel” Rule Imposing Nationwide Requirements

On April 7, 2024, Representative Cathy McMorris Rogers (R-WA) and Senator Maria Cantwell (D-WA) announced that Congress will once again consider a comprehensive federal data privacy bill that, if passed, would dramatically alter the privacy landscape across the United States.Continue Reading Congress Proposes New Comprehensive Privacy Legislation: The American Privacy Rights Act

On October 24, 2023, a bipartisan coalition of 33 states’ attorneys general filed suit against Meta Platforms, Inc., alleging in a lengthy complaint that Meta’s social media platform features are unsafe and designed to induce young users’ compulsive and extended use.[1] According to the complaint, which is currently heavily redacted, Meta engaged in a four-part “scheme” to exploit young users for profit. The alleged scheme involved the following:Continue Reading Coalition of States Sues Meta for Alleged Harms to Children and Teens, and Alleged COPPA Violations

On June 19, 2020, the Federal Trade Commission (FTC) submitted to Congress two reports that Congress requested in connection with the spending bill that funds the FTC. One of these reports (the “Resources Report”) describes the resources used and needed by the FTC to protect consumer privacy and security, and the second (the “Authorities Report”) describes the FTC’s use of its existing authorities to protect consumer privacy and security.
Continue Reading FTC Outlines Potential Changes to Enhance Privacy and Security Enforcement Efforts If Given More Resources

California Signs the First IoT Security Bill into Law, and the FTC Submits Comments to the Consumer Product Safety Commission Regarding the IoT

California’s New IoT Law

On September 28, 2018, California Governor Jerry Brown signed into law a cybersecurity bill governing Internet of Things (IoT) devices, the first law of its kind in the nation. SB 327 requires manufacturers of internet-connected, or “smart” devices, to ensure the devices have “reasonable” security features by January 1, 2020.

The law applies to any “device, or other physical object that is capable of connecting to the Internet, directly or indirectly, and that is assigned an Internet Protocol address or Bluetooth address.” This definition is broad and includes not only smart TVs, smart speakers, and other smart home devices, but also computers (laptops and desktops), connected cars, smartphones, smartwatches, and many other modern electronics.

The law does not contemplate further rulemaking, and it is unclear whether revisions to the law will be sought.
Continue Reading Key Developments in Internet of Things Law

The U.S. Supreme Court has handed down a major decision, Carpenter v. United States,1 concerning the Fourth Amendment’s application to the rapidly evolving technological landscape. The 5-4 decision dramatically alters the status quo concerning government requests for data about individuals that is collected and held by third parties. Under Carpenter, personal location information maintained by a third party that the government could previously obtain with a subpoena or similar order will now require a warrant meeting the standards of the Fourth Amendment.

By finding that information held by a third party is—in at least some circumstances—protected by the Fourth Amendment, the Supreme Court has upended decades of precedent in an effort to keep the amendment relevant in the digital age. Although portrayed by the court as a narrow decision, like other recent Supreme Court decisions concerning privacy and the Fourth Amendment, Carpenter will likely result in a broad reconsideration of what information law enforcement can properly obtain without a warrant. Companies will now have to carefully consider their statements regarding the sharing of data with law enforcement, and how they will respond to law enforcement agencies’ requests for data without a warrant.
Continue Reading U.S. Supreme Court Requires Warrant for Law Enforcement Requests for Location Information from Third Parties

In a surprising twist, the California legislature rushed last week to pass one of the most comprehensive privacy laws in the country. The bill was introduced only a week prior, and within hours of passage,
Continue Reading California Enacts Sweeping Privacy Law to Avert Potential Ballot Measure