On December 20, 2023, the Federal Trade Commission (FTC) announced proposed changes to the Children’s Online Privacy Protection Rule (COPPA Rule) that would place significant new restrictions on companies that collect personal information from children under 13.Continue Reading FTC Proposes Significant Changes to COPPA Rule
Kelly Singleton
What’s in a Review? The FTC’s Updated Endorsement Guides and Proposed New Rule on Consumer Reviews
In late June 2023, the Federal Trade Commission (FTC) announced revised Endorsement Guides to strengthen and clarify guidance for advertisers and address emerging market trends concerning the use of endorsements and testimonials in advertising. The FTC also announced a proposed rule banning fake reviews and testimonials.Continue Reading What’s in a Review? The FTC’s Updated Endorsement Guides and Proposed New Rule on Consumer Reviews
FTC Adopts New Policy Statement Warning About Misuses of Biometric Information
On May 18, 2023, the Federal Trade Commission (FTC) unanimously voted during its open meeting to adopt a new policy statement on biometric information and Section 5 of the FTC Act. In the statement, the…
Continue Reading FTC Adopts New Policy Statement Warning About Misuses of Biometric InformationFTC Holds Event on Digital Marketing and Blurred Advertising’s Impact on Children
On October 19, 2022, the Federal Trade Commission (FTC) held a virtual event to explore the concept of “blurred” advertising in digital media and its impact on children. As the FTC is considering updates to…
Continue Reading FTC Holds Event on Digital Marketing and Blurred Advertising’s Impact on ChildrenFTC Votes Unanimously to Release New COPPA Policy Statement and Proposed Amendments to the Endorsement Guides
On May 19, 2022, at an open commission meeting, the Federal Trade Commission (FTC) voted unanimously to: 1) release a new policy statement on the Children’s Online Privacy Protection Act (COPPA) indicating that the FTC will prioritize enforcement of COPPA’s substantive provisions and closely scrutinize EdTech providers; and 2) publish a request for public comment on proposed amendments to the Endorsement Guides (the guides) that are intended to bring them in line with current advertising practices. This was the first open commission meeting for Commissioner Alvaro Bedoya, whose confirmation on May 11 broke the FTC’s months-long 2-2 split along party lines.
Continue Reading FTC Votes Unanimously to Release New COPPA Policy Statement and Proposed Amendments to the Endorsement Guides
WSGR Event Recap: The State of Play at the FTC on Privacy
On May 1, 2019, WSGR held an event in which regulators and experts discussed privacy developments in the U.S. and Europe. The first session featured a fireside chat with the Federal Trade Commission’s (FTC’s) Bureau of Consumer Protection Director, Andrew Smith, on “The State of Play at the FTC on Privacy.” In case you missed it, here are the key takeaways from the discussion:
- More specificity in data security orders. Director Smith noted that we should expect to see more specificity in data security orders moving forward, particularly after the Eleventh Circuit’s decision in LabMD.1 He mentioned that the FTC’s approach to post-LabMD orders is still evolving, but the next data security order entered will likely reflect the FTC’s new approach.
Continue Reading WSGR Event Recap: The State of Play at the FTC on Privacy
New Colorado Law Takes Effect That Includes Strict 30-Day Data Breach Notification Requirement
On September 1, 2018, a new Colorado law took effect that, among other things, amends the state’s data breach law to: (1) expand the scope of the categories of “personal information” that trigger notification requirements; (2) require notification to residents and the state attorney general no more than 30 days after determining that a security breach has occurred; and (3) specify what must be included in these notifications.1 In addition, the statute requires entities that maintain, own, or license personal identifying information (PII) to implement and maintain reasonable security practices and procedures to secure PII and impose similar security obligations on third party service providers with which the entity shares PII. Finally, the law amends Colorado’s data disposal law to clarify the appropriate procedure for disposing of documents that contain PII. The passage of the Colorado law serves as a reminder that not only do state data breach notification requirements vary, but state laws also change over time in significant ways. Companies are well-advised to continue monitoring state laws for such changes.
Continue Reading New Colorado Law Takes Effect That Includes Strict 30-Day Data Breach Notification Requirement