On July 3, 2017, the Federal Trade Commission (FTC) announced that it had settled charges that defendants Blue Global, an operator of dozens of consumer loan lead generation websites, and its founder and CEO, Christopher Kay, violated the FTC Act. The FTC alleges that the defendants had, among other practices, misled consumers about Blue Global’s data security practices and shared information characterized by the FTC as consumers’ “sensitive personal information” with a variety of potential bidders after promising to disclose such information only to “trusted lending partners” meeting specified criteria. As part of the settlement, the defendants are subject to a judgment for more than $104 million,1 must maintain stringent oversight of third-party recipients of consumers’ sensitive personal information, and are enjoined from disclosing a consumer’s sensitive personal information other than when specified conditions, including having obtained that consumer’s express, informed consent, are met.
Continue Reading FTC Cracks Down on Lead Generation Company’s Indiscriminate Sharing of Consumers’ Sensitive Data
Status Update on the EU e-Privacy Regulation Proposal Discussions
On January 10, 2017, the European Commission published a Proposal for a Regulation (Proposal) relating to privacy rules for the electronic communications sector. The Proposal will impose new, more rigorous privacy regulatory obligations on nearly all companies doing business in the EU over the Internet. It will address a host of important issues including the processing of communications content and metadata, and the use of Wi-Fi and Bluetooth tracking for Internet-based services and technology providers. Once enacted, the Proposal will replace the e-Privacy Directive and will complement the EU General Data Protection Regulation (GDPR).
As part of the legislative process, the European Parliament Committee (one of two legislative bodies charged with reviewing the Proposal) issued a Draft Report in June 2017 and is reviewing more than 800 proposed amendments to the Proposal. In addition, the Article 29 Working Party (WP29)—the body of EU data protection authorities—published a non-binding opinion (the Opinion) on the Proposal in April 2017, urging a number of revisions that would impose even more obligations on covered companies.
This article provides a status update about the Proposal, including the main requirements currently under discussion at the European Parliament and an overview of the next steps. Read our previous WSGR Alert for more information about the Proposal and the Draft Report.
Continue Reading Status Update on the EU e-Privacy Regulation Proposal Discussions
Hello, Dolly: What You Need to Know About Connected Smart Toys and Privacy
As connected devices become ubiquitous, it comes as no surprise that interactive toys that connect to the internet are more popular than ever. At the same time, regulators have taken note of the privacy and security concerns raised by lawmakers and privacy advocates about the proliferation of smart toys that collect personal information from kids. Recent guidance issued by both the Federal Trade Commission (FTC) and the Federal Bureau of Investigation (FBI) suggests that the agencies may be taking a closer look at the rapidly expanding connected toy market, a small part of the largely unregulated “Internet of Things.”
Continue Reading Hello, Dolly: What You Need to Know About Connected Smart Toys and Privacy
Ashley Madison: Life Is Short. Settle.
On July 21, 2017, Judge John A. Ross of the U.S. District Court for the Eastern District of Missouri issued a preliminary approval of a settlement agreement between the owner of AshleyMadison.com and the class representing former users whose personal information was breached in July 2015. Under terms of the settlement, Ruby Corp, the operator of the Ashley Madison website, is scheduled to pay $11.2 million. For some, the settlement announcement is a missed opportunity: the litigation represented a chance to clarify the scope of actionable consumer harm in breach-related litigation, as unlike in other notable breaches, the mere identification of individuals who used the website (and were thus affected by the breach) likely produced unwanted consequences. Nonetheless, the settlement agreement is interesting by itself, as it offers unique solutions to address class members seeking financial remuneration but wishing to avoid further publicity regarding their connection to AshleyMadison.com.
Continue Reading Ashley Madison: Life Is Short. Settle.
New EU e-Privacy Regulation: European Parliament Committee Publishes Draft Report
The EU Parliament Committee in charge of reviewing the EU Commission’s Proposal for an e-Privacy Regulation (Proposal) recently released a Draft Report proposing amendments to the regulation.
The e-Privacy Regulation will regulate new electronic communication
Continue Reading New EU e-Privacy Regulation: European Parliament Committee Publishes Draft Report
The Serious and Immense Impact of a Medical Device Hack
On August 25, 2016, investment firm Muddy Waters Research announced it had taken a short position in St. Jude Medical, Inc., and released a report suggesting a “strong possibility that close to half of” St.
Continue Reading The Serious and Immense Impact of a Medical Device Hack