Maneesha Mithal

Subscribe to all posts by Maneesha Mithal

Preparing for the UK Online Safety Bill: A Focus on Protecting Children

The UK Online Safety Bill (OSB or the Bill) cleared an important hurdle in January 2023 after passing its third reading in parliament. The Bill was first published in May 2021 and has been subject to intense scrutiny. If enacted, it will place extensive obligations on providers of search engines and online platforms that enable … Continue Reading

NIST Releases Its Artificial Intelligence Risk Management Framework (AI RMF)

On January 26, 2023, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released its Artificial Intelligence Risk Management Framework (AI RMF). The AI RMF is intended to provide a resource to organizations designing, developing, deploying, or using AI systems to manage risks and promote trustworthy and responsible development and use of AI … Continue Reading

2023 U.S. Cybersecurity Predictions

Given that cyberattacks continue to be sophisticated and severe, and cybersecurity continues to be a top concern for regulators, consumers, business partners, and investors, companies should be proactive and devote adequate resources to their security practices and incident response. In addition to the litigation and reputational risks that companies face if they are perceived as … Continue Reading

2023 U.S. Privacy Regulatory Predictions

The year 2023 promises to be another big year for privacy. In 2022, regulators focused on AI, dark patterns and aggressive remedies for allegedly deceptive and unfair data practices, such as disgorgement of algorithms developed through ill-gotten data, and these trends are likely to continue. Privacy professionals continue to focus on the privacy laws in five states coming into … Continue Reading

Colorado Attorney General Issues Draft Rules for the Colorado Privacy Act

On October 10, 2022, the Colorado Secretary of State published draft rules for the Colorado Privacy Act (ColoPA) in the Colorado Register, thus initiating a public comment period that will run through February 1, 2023.1 The draft rules generally cover the topics that the Colorado Attorney General’s Office identified in the April 2022 “Pre-Rulemaking Considerations for … Continue Reading

President Biden Signs Executive Order to Implement the New EU-U.S. Data Privacy Framework

On October 7, 2022, President Biden signed an Executive Order (Order) on Enhancing Safeguards for United States Signals Intelligence Activities. This marks the latest step towards the new EU-U.S. Data Privacy Framework (Framework), a replacement for the defunct EU-U.S. Privacy Shield (Privacy Shield). The next stage in the process is for the European Commission (EC), with input from the … Continue Reading

Gig Economy, Dark Patterns, and Impersonation Scams: FTC Signals Priorities in Open Commission Meeting

On September 15, 2022, the Federal Trade Commission (FTC) held an open Commission meeting that covered three agenda items: 1) a rulemaking on impersonation scams, 2) a policy statement on enforcement related to gig work, and 3) a staff report on dark patterns. While items (1) and (3) moved forward with a bipartisan 5-0 vote, the policy statement on the gig economy was … Continue Reading

CFPB: New Sheriff in Town for Tech Companies?

On August 10, 2022, the Consumer Financial Protection Bureau (CFPB) issued a final Interpretive Rule stating that the Consumer Financial Protection Act (CFPA) applies to companies engaged in targeted advertising of financial products and services. Because the CFPB considers these companies to be covered by the CFPA, they would be subject to civil money penalties … Continue Reading

The FTC Privacy Rulemaking: What’s Next?

On August 11, 2022, the Federal Trade Commission (FTC) took the first step toward creating national privacy and security rules that, if finalized, would apply across most sectors of the U.S. economy. The agency unveiled an Advance Notice of Proposed Rulemaking (ANPRM), which asks for public comment on 95 questions, ranging from topics such as targeted advertising, … Continue Reading

Privacy Post-Dobbs: Recent Guidance from U.S. Regulators

On June 24, 2022, the United States Supreme Court issued its decision in Dobbs v. Jackson Women’s Health Organization,1 opening a legal path to state laws restricting or prohibiting access to certain reproductive health services. To enforce these laws, law enforcement officials may attempt to access individuals’ health information, including from technology platforms that process health information … Continue Reading

Privacy Legislation Update: The “Three Corners” Bill and the Cantwell Draft

On June 3, 2022, members of the U.S. Congress released a bipartisan, bicameral discussion draft of a comprehensive national data privacy and data security framework. The draft is notable in that it reflects a compromise on the two issues that have for years vexed lawmakers angling for federal privacy legislation: preemption and private right of … Continue Reading

California Privacy Protection Agency Releases Draft CPRA Regulations – An In-Depth Analysis

On May 27, 2022, the California Privacy Protection Agency (CPPA) released a much-anticipated first draft of some of the anticipated regulations implementing the California Privacy Rights Act (CPRA).[1] The release accompanied the CPPA’s announcement of its next public meeting on June 8, 2022, where the agency will, among other agenda items, consider possible action regarding … Continue Reading

Privacy and Security of Health Information: A Primer for Digital Health Companies

COVID-19 has rapidly accelerated our expectations that virtual connection can deliver better and more economical care. As a result, digital health companies have an unprecedented opportunity to innovate, but with that opportunity also comes significant regulatory challenges related to the collection and processing of personal health information. What legal requirements apply to processing of health … Continue Reading

FTC Votes Unanimously to Release New COPPA Policy Statement and Proposed Amendments to the Endorsement Guides

On May 19, 2022, at an open commission meeting, the Federal Trade Commission (FTC) voted unanimously to: 1) release a new policy statement on the Children’s Online Privacy Protection Act (COPPA) indicating that the FTC will prioritize enforcement of COPPA’s substantive provisions and closely scrutinize EdTech providers; and 2) publish a request for public comment on proposed amendments to … Continue Reading

And Then There Were Five: Connecticut Enacts Comprehensive Privacy Law

Connecticut became the fifth U.S. state to enact a comprehensive consumer privacy law following California, Virginia, Colorado, and Utah. On May 10, 2022, Connecticut Governor Ned Lamont signed “An Act Concerning Personal Data Privacy and Online Monitoring” (SB 6) (CPOMA).1 Substantively, CPOMA largely tracks the Colorado Privacy Act (ColoPA) and Virginia Consumer Data Protection Act (VCDPA). CPOMA’s substantive provisions … Continue Reading

FTC Takes Aggressive Action Against Internet Service Provider for Misrepresenting Internet Speeds

Last week, the Federal Trade Commission (FTC) and the District Attorneys of Los Angeles County and Riverside County agreed to an order to settle claims against Frontier Communications Intermediate, LLC and its parent company, Frontier Communications Parent, Inc. (collectively, Frontier). The plaintiffs alleged that Frontier promised internet speeds that Frontier did not deliver. The order, approved by … Continue Reading

CFPB and Fintech Companies: Charting a New Course on Regulatory Supervision

As a fintech company, platform offering payment services, or a cryptocurrency business, you may be used to operating in uncharted waters; the Consumer Financial Protection Bureau (CFPB), however, is ready to start drawing some maps. It has announced that it will begin to exercise its supervisory authority over non-bank consumer financial entities that the CFPB has reason … Continue Reading

Consumer Financial Protection Bureau Alleges Dark Patterns in Advertising of Financial Products; Files Suit Against TransUnion and Senior Executive for Violating Order

On April 12, 2022, the U.S. Consumer Financial Protection Bureau (CFPB) filed a lawsuit against TransUnion, two of its subsidiaries, and former TransUnion executive John Danaher in his individual capacity for violating an enforcement order. That order, from January 2017, was part of a settlement in which TransUnion agreed to pay $16.9 million in restitution … Continue Reading

BBB National Programs’ Center for Industry Self-Regulation Launches Roadmap for Teen Privacy

On April 19, 2022, the BBB National Programs’ Center (BBB NP) for Industry Self-Regulation launched the TeenAge Privacy Program (TAPP) Roadmap, a new operational framework to help companies develop digital products and services attuned to privacy risks facing teenage consumers. In the United States, children 12 and under are protected by the Children’s Online Privacy … Continue Reading

Privacy in the Metaverse

Coined in Neal Stephenson’s 1992 best-selling novel, Snow Crash, the term “metaverse” has recently reentered the general public’s lexicon to denote a technology hailed by some as the successor to the mobile internet and the next step in humankind’s technological evolution. Though there is no consensus on the definition’s precise contours, the metaverse has generally been described as … Continue Reading

Political Agreement on a New Framework for EU-U.S. Personal Data Transfers

On March 25, 2022, the U.S. and EU announced that they reached a political agreement in principle on a new “Trans-Atlantic Data Privacy Framework” (the Framework). This would be the third framework for EU-U.S. personal data transfers, after the invalidation of the Privacy Shield in 2020 and of its predecessor, the Safe Harbor, in 2015. … Continue Reading

Rules of the Road for Advertisers and Marketers: The Basics

As the United States cautiously emerges from the depths of the pandemic, researchers are forecasting double-digit gains in ad spending for 2022. If you’re part of the wave of companies developing new advertising campaigns, you’ll want to brush up on legal requirements designed to ensure that your ads are truthful, fair, and evidence-based. Failure to … Continue Reading

FTC Issues Complaint and Proposed Settlement with Online Retailer for Deceptive and Unfair Security and Privacy Practices

On March 15, 2022, the Federal Trade Commission (FTC) announced it had filed a complaint against Residual Pumpkin Entity, LLC, formerly doing business as CafePress, and PlanetArt LLC, which bought CafePress in 2020 (collectively, CafePress). The FTC alleged that CafePress, an online platform used by consumers who bought or sold customized t-shirts, mugs, and other merchandise, had, … Continue Reading

FYI on NFTs: Consumer Protection and Privacy Considerations

Thinking of creating a non-fungible token (NFT) marketplace? You’re not alone. Global NFT transactions have risen from $40.96 million in 2018 to around $25 billion in 2021. Organizations from the NBA to Taco Bell have begun implementing NFT strategies. As blockchain-native artifacts, NFTs’ immutability, digital scarcity, and transferability have catalyzed growing interest among consumers and businesses alike, inspiring … Continue Reading
LexBlog