Regulatory

Subscribe to Regulatory via RSS

On January 15, 2014, the Federal Trade Commission (FTC) announced that Apple, Inc. had agreed to pay a minimum of $32.5 million in full refunds to consumers to settle allegations that the company was billing customers for purchases that children made from the company’s App Store without parental consent.1 According to the FTC, since at least 2011, thousands of children had unwittingly racked up significant App Store charges without their parents’ knowledge because the company’s billing procedures allowed users to incur unlimited in-app charges for a 15-minute window after downloading new software onto a device.2
Continue Reading Apple Agrees to Refund at Least $32.5 Million to Settle FTC Complaint Alleging That It Charged Kids’ In-App Purchases Without Parental Consent

The Federal Trade Commission’s (FTC’s) enforcement actions for claims of compliance with Safe Harbor privacy frameworks by U.S. companies have increased significantly over the past few months. In the first two months of 2014 alone, the FTC announced settlements with 13 U.S. companies over allegations that the companies falsely claimed they held current certifications under the U.S.-EU Safe Harbor Privacy Framework.1 The FTC’s focus has not been limited to the EU framework, as three of the settlements include claims that the companies falsely represented holding current certifications under the U.S.-Swiss Safe Harbor Privacy Framework.
Continue Reading FTC Steps Up Enforcement of Safe Harbor Compliance Claims

On February 20, 2014, two of our Brussels-based attorneys specializing in European privacy and data security—Cédric Burton and Chris Kuner—presented a webcast titled “Update on EU Data Protection Law,” with a particular focus on the U.S.-EU Safe Harbor Framework (Safe Harbor).1 The following article summarizes the session and includes a few key takeaways.
Continue Reading Status of the EU Regulation and the Safe Harbor Framework

On October 22, 2013, the Federal Trade Commission (FTC) announced a proposed settlement of a case against Aaron’s, Inc., a national rent-to-own retailer with more than 1,800 locations in 48 states, having alleged that Aaron’s knowingly played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly monitored consumers.
Continue Reading National Rent-to-Own Company Settles FTC Charges of Enabling Computer Spying by Franchisees

The Federal Trade Commission (FTC) announced on December 5, 2013, that Goldenshores Technologies, LLC and its managing member, Erik M. Geidl, agreed to a proposed settlement over claims that Goldenshores, through its “Brightest Flashlight Free” mobile application, violated Section 5(a) of the FTC Act prohibiting unfair or deceptive acts and practices affecting commerce by failing to disclose that the app transmitted user data, including precise geolocation information and persistent identifiers, to third parties such as advertising networks. Under the settlement, Goldenshores must provide just-in-time disclosures outside of the privacy policy and obtain affirmative express consent from users before collecting, using, or disclosing geolocation information. The settlement agreement (referred to here as “the order”) was subject to public comment through January 6, 2014. The FTC will now decide whether to reach a final settlement with Goldenshores.
Continue Reading FTC Settlement with Flashlight App Requires Extensive Disclosures Outside of the Privacy Policy to Collect and Share Geolocation Information

California Governor Jerry Brown recently signed into law A.B. 370,1 which amends the California Online Privacy Protection Act2 (CalOPPA) to require certain operators of websites and other online services to disclose how they respond when a visitor’s web browser sends a “Do Not Track” signal. The bill also requires operators to disclose the data collection practices of certain third parties operating on the website or online service. Because this law affects every person or company that operates a website or online service that collects personally identifiable information from California consumers, it impacts companies beyond California’s borders. The law takes effect on January 1, 2014.
Continue Reading California Amends CalOPPA to Require Do-No-Track Disclosures