Regulatory

Subscribe to Regulatory via RSS

On February 27, 2018, the Federal Trade Commission (FTC) announced1 that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and violated the Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule2 and Privacy Rule.3 Since 2011, Venmo has offered peer-to-peer payment services through an app that consumers can download, link to their external bank accounts, and use to transfer and receive money to and from other users. In its complaint, the FTC alleged that PayPal, through Venmo, failed to adequately disclose that: (1) it could freeze or remove funds credited to a customer’s account; (2) the Default Audience Setting did not ensure that future transactions were visible only to chosen audiences; and (3) the Individual Audience Setting did not ensure that any single transaction was visible only to the chosen audience. The FTC also alleged that PayPal, through Venmo: (1) misrepresented that it protected consumers’ information with “bank-grade security systems;” (2) failed to protect the security, confidentiality, and integrity of customer information in violation of the GLBA’s Safeguards Rule; and (3) failed to send an adequate initial privacy notice to customers detailing its privacy policies and practices in violation of the GLBA’s Privacy Rule.4
Continue Reading FTC Announces Settlement with PayPal for Alleged FTC Act and GLBA Violations by Venmo

Let’s face it: The residential phone line is on the verge of suffering the same fate as the 8-track tape. Anyone who doesn’t know what an 8-track tape is most assuredly uses a cell phone—and only a cell phone—to communicate. Email takes too long. And younger generations don’t even use the actual phone part of their cell phones.

The reality is that if you want to communicate with a very large segment of the U.S. population, you have to text. This explains why everyone is doing it. Doctors, dentists, veterinary practices, hair salons, airlines, car dealerships—businesses that make appointments—all send text reminders. Schools notify parents of school cancellations by texts. Hotels offer “virtual concierge” services entirely by texts. Retailers offer special discounts via texts. Should your business jump on the text message bandwagon? Maybe. The reward is high, but so is the risk.Continue Reading To Text or Not to Text? That Is the Question

On February 5, 2018, the Federal Trade Commission (FTC) announced its most recent Children’s Online Privacy Protection Act (COPPA) case against Explore Talent, an online talent agency marketed to aspiring actors and models.1

According to the FTC’s complaint, the company provided a free platform for users to find information about auditions, casting calls, and other opportunities. Users could sign up for accounts and create publicly available, searchable profiles that included personal information such as names, email addresses, telephone numbers, and mailing addresses. The company’s privacy policy stated that it did not knowingly collect personal information from children under age 13 and that accounts for users under 13 had to be created by a legal guardian. In practice, however, users selected their “age range” during registration, which included options of 0-5 and 6-12 years old. On a later registration screen, the company specifically asked for users’ birthdates.Continue Reading Online Talent Agency Stars in FTC’s 30th COPPA Case

In early January 2018, U.S. Customs and Border Protection (CBP) announced an updated policy for searching electronic devices at U.S. borders. The new directive supersedes a previous directive that was released in August 2009.

Under the policy, CBP agents—with or without suspicion—may conduct a “basic search” of electronic devices encountered at the border, including smartphones and tablets, by examining such devices and analyzing information visible on them. In contrast, CBP agents need to have “reasonable suspicion” or a “national security concern” to carry out an “advanced search,” that is, any search in which an agent connects external equipment, through a wired or wireless connection, to an electronic device in order to review, copy, or analyze its contents.Continue Reading New Policy for Device Searches at Borders Issued by CBP

2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this year, and some areas of legislation that actually may become law in the U.S.

Big Changes Taking Effect in the European Union

One of the biggest areas where everyone in the privacy field will be looking in 2018 is the European Union (EU). On the legislative front, the General Data Protection Regulation (GDPR) will enter into force on May 25, 2018; the proposed e-Privacy Regulation is scheduled to be adopted this year; and the EU parliament will issue a report on the proposed Regulation on Non-Personal Data. Additionally, the Court of Justice of the EU (CJEU) will rule on several important data protection cases, including on third-party tracking, the right to be forgotten, and the possibility of class actions.Continue Reading A Look Ahead at Privacy and Data Security in 2018