Archives: Regulatory

Subscribe to Regulatory RSS Feed

A Look Ahead at Privacy and Data Security in 2018

2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this … Continue Reading

FTC Carves New Path for Collecting Voice Recordings from Children Without Parental Consent

The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children … Continue Reading

NAI Issues 2018 Update to Its Code of Conduct

On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),1 issued an update to its Code of Conduct (the “Code”).  The Code imposes notice, choice, accountability, data security, and use limitation requirements on NAI … Continue Reading

FTC Holds Workshop on Informational Injury

On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable … Continue Reading

Sears Petitions FTC to Reopen and Modify 2009 Order Concerning Online Browsing Tracking

The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app. For more information, click here to see our … Continue Reading

Starting Up the CFPB’s No-Action Letter Program

The expanding use of mobile technologies, cloud computing, and the Internet of Things has greatly increased the amount of available consumer data. The ability to efficiently process this information has the potential to provide countless consumer benefits. Nevertheless, companies must navigate an ever-expanding patchwork of domestic and foreign laws and uncertainty regarding the application of … Continue Reading

FTC Steps Up Scrutiny of Social Media Marketing

The Federal Trade Commission (FTC) has settled its first-ever complaint against social media influencers for deceptive endorsements.1 According to the FTC’s complaint, Trevor “TmarTn” Martin and Thomas “Syndicate” Cassell, two influencers who have wide followings in the online gaming community, promoted an online gambling service called CSGO Lotto on YouTube and Twitter without disclosing that … Continue Reading

EU-U.S. Privacy Shield Passes First Annual Review

On October 18, 2017, the European Commission (EU Commission) published its report on the first annual review of the EU-U.S. Privacy Shield Framework (Privacy Shield). The EU Commission confirms that the Privacy Shield ensures an adequate level of protection for EU personal data that is transferred to the U.S., but calls on the U.S. government … Continue Reading

Key New Takeaways from Uber’s Privacy and Data Security Settlement with the FTC

On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its privacy and data security promises.1 Specifically, the FTC levied two deception counts against Uber: (1) that the company had … Continue Reading

FTC Cracks Down on Lead Generation Company’s Indiscriminate Sharing of Consumers’ Sensitive Data

On July 3, 2017, the Federal Trade Commission (FTC) announced that it had settled charges that defendants Blue Global, an operator of dozens of consumer loan lead generation websites, and its founder and CEO, Christopher Kay, violated the FTC Act. The FTC alleges that the defendants had, among other practices, misled consumers about Blue Global’s … Continue Reading

Status Update on the EU e-Privacy Regulation Proposal Discussions

On January 10, 2017, the European Commission published a Proposal for a Regulation (Proposal) relating to privacy rules for the electronic communications sector. The Proposal will impose new, more rigorous privacy regulatory obligations on nearly all companies doing business in the EU over the Internet. It will address a host of important issues including the … Continue Reading

Hello, Dolly: What You Need to Know About Connected Smart Toys and Privacy

As connected devices become ubiquitous, it comes as no surprise that interactive toys that connect to the internet are more popular than ever. At the same time, regulators have taken note of the privacy and security concerns raised by lawmakers and privacy advocates about the proliferation of smart toys that collect personal information from kids. … Continue Reading

EU Commission Publishes Proposal for e-Privacy Regulation: The Top Nine Key Points You Need to Know

On January 10, 2017, the European Commission published a Proposal for a Regulation  that if adopted would have significant and far-reaching implications for Internet-based services and technologies. The proposal seeks to revise the current EU ePrivacy Directive. It creates strict new rules regarding confidentiality of electronic communications, including content and metadata. In addition, the proposal … Continue Reading

FCC Orders Far-Reaching New Privacy and Data Security Rules

As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new rules, which impose strict new requirements for ISPs’ collection, use, sharing, and protection of their customers’ information, including information ISPs … Continue Reading

Article 29 Working Party Issues Statement Following Adoption of EU-U.S. Privacy Shield

On July 26, 2016, the body of European Data Protection Authorities (DPAs)—the “Article 29 Working Party” (WP29)—issued a statement commending the improvements made to the EU-U.S. Privacy Shield (Privacy Shield). Although the WP29 continues to have some of the concerns raised in its April 2016 opinion, and the Privacy Shield will most likely face legal … Continue Reading

The EU-U.S. Privacy Shield Is Adopted and Available as of August 1, 2016

On July 12, 2016, the EU Commission and the U.S. Secretary of Commerce announced the adoption of the EU-U.S. Privacy Shield (Privacy Shield). This announcement follows today’s adequacy decision by the College of EU Commissioners which recognizes that the Privacy Shield provides an adequate level of protection under EU data protection law. The adequacy decision … Continue Reading

HHS Brings Landmark HIPAA Enforcement Action Against a Business Associate for Alleged Data Security Failures

On June 29, 2016, the U.S. Department of Health and Human Services (HHS) announced a Resolution Agreement with Catholic Health Care Services of the Archdiocese of Philadelphia (CHCS), settling charges that CHCS failed to comply with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Security Rule. As part of the settlement, CHCS will pay … Continue Reading

EU Cyber Security and Incident Notification Rules Enacted

On July 6, 2016, the European Parliament adopted the first-ever pan-European law on cyber security. The law, entitled the “Directive on the Security of Network and Information Systems” (NIS Directive), imposes security requirements and security incident notification obligations on digital service providers and operators of essential services. The NIS Directive was enacted as part of … Continue Reading

ISPs Could Face New Privacy Regulations Under FCC Proposed Rulemaking

On March 31, 2016, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that proposed to establish new privacy guidelines for broadband Internet service providers (ISPs).1 The FCC designed the proposal to “ensure broadband customers have meaningful choice, greater transparency and strong security protections for their personal information collected by ISPs.”2 To … Continue Reading

FTC Increases Maximum Civil Penalties for HSR Act, COPPA, and Other Violations from $16,000 to $40,000

On June 30, 2016, the Federal Trade Commission (FTC) issued an interim final rule that substantially increases the maximum civil penalties for violations of the competition and consumer protection laws enforced by the FTC that authorize the assessment of civil penalties. The increased amounts will apply to penalties assessed on or after August 1, 2016, even … Continue Reading

WSGR Alert: FTC Brings First Privacy Enforcement Action Against a Mobile Ad Network

On June 22, 2016, the Federal Trade Commission (FTC) announced that it has settled charges that InMobi, a Singapore-based mobile advertising company, deceptively tracked the locations of hundreds of millions of consumers, including children, to deliver geo-targeted advertising, and violated both the FTC Act and the Children’s Online Privacy Protection Act (COPPA). This is the … Continue Reading

Monitoring and Recording Consumers’ Calls in California Can Be a Risky Practice

Many businesses monitor or record customer service, telemarketing, and other telephone calls with consumers to help them improve customer service and for evidentiary reasons. Under federal and many state laws, calls may lawfully be monitored or recorded by businesses as long as those businesses have permission from their employees who participate on the calls. However, … Continue Reading

Tennessee Updates Data Breach Notification Law

The State of Tennessee recently amended its data breach notification statute, Tenn. Code Ann. § 47-18-2107, which is set to go into effect on July 1, 2016. Numerous commentators have proclaimed that the amendment1 marks a watershed moment—that with the enactment of S.B. 2005, Tennessee becomes the first state to eliminate the encryption safe harbor … Continue Reading
LexBlog