Privacy

NAI Issues 2018 Update to Its Code of Conduct

By Matthew Staples & Claire Readhead on January 24, 2018

On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),¹ issued an update to its Code of Conduct (the “Code”). The Code imposes notice, choice, accountability, data security, and use limitation requirements on NAI member companies.

The 2018 Code update is most significant for combining the NAI’s web-focused Code with its previously-separate mobile application code of conduct (the “App Code”) and incorporating the NAI’s prior guidance on cross-device tracking. These updates reflect the NAI’s recognition of the decreasing significance of the distinction between web and mobile advertising, with today’s advertisers increasingly savvy at tracking users and advertising effectiveness across devices, browsers, and platforms. The update also revises some terminology for greater clarity. The 2018 Code update went into effect on January 1, 2018.
Continue Reading NAI Issues 2018 Update to Its Code of Conduct

FTC Holds Workshop on Informational Injury

By Edward Holman & Brett Weinstein on January 24, 2018

Posted in Privacy, Regulatory

On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable costs, and to help guide the future application of the substantial injury prong of the FTC’s unfairness standard. A variety of panelists from a wide range of backgrounds, including business, academia, and consumer advocacy, addressed questions such as how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the trade-offs between providing information and potentially increasing their exposure to injuries.
Continue Reading FTC Holds Workshop on Informational Injury

Judge Dismisses Facebook Web-Tracking MDL

By Sonal Mittal Tolman on January 24, 2018

Posted in Litigation, Privacy

In November 2017, Judge Edward J. Davila dismissed a major multidistrict litigation accusing Facebook of unlawfully tracking users’ browsing activity across websites while they were signed out of their accounts.¹ The plaintiffs originally asserted several common law, tort, and statutory claims. Judge Davila dismissed most of those claims pursuant to earlier motions, leaving only the plaintiffs’ breach of contract claims intact.
Continue Reading Judge Dismisses Facebook Web-Tracking MDL

Cybersecurity for This Tax Season

By Beth George on January 24, 2018

Posted in Privacy

Nearly a year ago, in February 2017, the IRS issued a warning regarding phishing attacks targeting a broad range of companies. The scam involves a hacker impersonating an employee of a company, usually the CEO, and sending an email asking for a list of employees and their W-2 forms. The hacker would then make fraudulent tax filings using the W-2 forms. The scam is similar to the traditional Business Email Compromise (BEC), which involves spoofing an employee account in order to direct wire transfers to fraudulent accounts.
Continue Reading Cybersecurity for This Tax Season

Sears Petitions FTC to Reopen and Modify 2009 Order Concerning Online Browsing Tracking

By Libby Weingarten, Lydia Parnes & Edward Holman on November 20, 2017

Posted in Privacy, Regulatory

The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately…
Continue Reading Sears Petitions FTC to Reopen and Modify 2009 Order Concerning Online Browsing Tracking

To Disclose or Not To Disclose: The FTC’s Dueling Concurrences over Deceptive Omissions in Lenovo

By Lydia Parnes & Libby Weingarten on November 15, 2017

Posted in Cybersecurity, Privacy

On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo, Inc., regarding the company’s practice of pre-loading advertising software on its laptops that compromised consumers’ cybersecurity and privacy.¹ In many respects, the case was reasonably straightforward: the facts as alleged were clear, and the terms of the settlement were not unusual. But what makes this case interesting are the dueling concurrences issued by Acting Chairman Ohlhausen and Commissioner McSweeny regarding the FTC’s authority to challenge omissions. These concurrences continue a debate that has been stirring on and off at the FTC for more than 30 years, and they raise important questions about the agency’s future enforcement priorities.
Continue Reading To Disclose or Not To Disclose: The FTC’s Dueling Concurrences over Deceptive Omissions in Lenovo

The Data Advisor