On April 12, 2022, the U.S. Consumer Financial Protection Bureau (CFPB) filed a lawsuit against TransUnion, two of its subsidiaries, and former TransUnion executive John Danaher in his individual capacity for violating an enforcement order. That order, from January 2017, was part of a settlement in which TransUnion agreed to pay $16.9 million in restitution and civil penalties for deceptively marketing credit scores and credit-related products, such as credit monitoring services.
Continue Reading Consumer Financial Protection Bureau Alleges Dark Patterns in Advertising of Financial Products; Files Suit Against TransUnion and Senior Executive for Violating Order
Maneesha Mithal
BBB National Programs’ Center for Industry Self-Regulation Launches Roadmap for Teen Privacy
By Maneesha Mithal, Libby Weingarten & Erin Delaney on
Posted in Privacy, Regulatory
On April 19, 2022, the BBB National Programs’ Center (BBB NP) for Industry Self-Regulation launched the TeenAge Privacy Program (TAPP) Roadmap, a new operational framework to help companies develop digital products and services attuned to privacy risks facing teenage consumers. In the United States, children 12 and under are protected by the Children’s Online Privacy Protection Act (COPPA). Once these children become teenagers, they age out of COPPA’s protections and, with limited exceptions, are treated as adults online. Yet a growing body of research indicates that these teenage consumers are uniquely affected by privacy risks resulting in harms ranging from cyberbullying, to platform addiction, to amplified insecurities.1 Regulators are increasingly interested in investigating these harms. For instance, in a widely publicized incident, a coalition of state Attorneys General recently opened an investigation into Instagram following news reports of a whistleblower’s allegations that Facebook’s privacy practices harmed teenage users. Despite increased public and regulatory scrutiny, no federal law has been enacted to provide companies with guidance on these issues. While it is not legally binding, the TAPP Roadmap aims to help fill this guidance gap by providing organizations with concrete operational considerations and best practices to address teen privacy risks.
Continue Reading BBB National Programs’ Center for Industry Self-Regulation Launches Roadmap for Teen Privacy
Privacy in the Metaverse
By Dan Chase & Maneesha Mithal on
Posted in Privacy
Coined in Neal Stephenson’s 1992 best-selling novel, Snow Crash, the term “metaverse” has recently reentered the general public’s lexicon to denote a technology hailed by some as the successor to the mobile internet and the next step in humankind’s technological evolution. Though there is no consensus on the definition’s precise contours, the metaverse has generally been described as an embodied internet where, instead of passively viewing content in two-dimensional space, users are in the content and experiencing it with others.
Continue Reading Privacy in the Metaverse
Political Agreement on a New Framework for EU-U.S. Personal Data Transfers
By Laura De Boel, Cédric Burton, Maneesha Mithal & Rossana Fol on
Posted in Privacy, Regulatory
On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. The new Framework is yet to be set out in legal documents, which will need to be negotiated and adopted. Timing for the adoption remains unclear.
Continue Reading Political Agreement on a New Framework for EU-U.S. Personal Data Transfers
Rules of the Road for Advertisers and Marketers: The Basics
By Maneesha Mithal on
Posted in Privacy, Regulatory
As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to follow these rules can lead to regulator or competitive lawsuits, reputational harm, loss of consumer trust, significant fines or damages, and in some cases, requirements for corrective disclosures.
Continue Reading Rules of the Road for Advertisers and Marketers: The Basics
FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices
By Roger Li, Megan Kayo, Maneesha Mithal, Tracy Shapiro & Beth George on
Posted in Cybersecurity, Privacy
On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, among other things, failed to implement reasonable security measures, and misrepresented that it would use email addresses for order notification and receipt, when in fact it used email addresses for marketing purposes. As part of the proposed settlements with Residual Pumpkin and Planet Art, each is required, among other things, to implement, annually assess, test, and monitor a comprehensive written information security program. Residual Pumpkin also would be required to pay a $500,000 penalty.
Continue Reading FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices