On February 26, 2018, the U.S. Court of Appeals for the Ninth Circuit issued an en banc decision in FTC v. AT&T holding that the Federal Trade Commission (FTC) Act’s “common carrier” exemption is activity-based, reversing the panel’s decision that the exemption is status-based, which would have opened a large enforcement gap for telecommunications companies … Continue Reading
On February 27, 2018, the Federal Trade Commission (FTC) announced1 that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and violated the Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule2 and Privacy Rule.3 Since 2011, Venmo has offered peer-to-peer payment services through an app … Continue Reading
On February 5, 2018, the Federal Trade Commission (FTC) announced its most recent Children’s Online Privacy Protection Act (COPPA) case against Explore Talent, an online talent agency marketed to aspiring actors and models.1 According to the FTC’s complaint, the company provided a free platform for users to find information about auditions, casting calls, and other … Continue Reading
2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this … Continue Reading
The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children … Continue Reading
On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable … Continue Reading
The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app. For more information, click here to see our … Continue Reading
On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo, Inc., regarding the company’s practice of pre-loading advertising software on its laptops that compromised consumers’ cybersecurity and privacy.1 In many respects, the case was reasonably straightforward: the facts as alleged were clear, and … Continue Reading
The U.S. District Court for the Northern District of California recently issued a mixed ruling on D-Link Systems’ motion to dismiss in FTC v. D-Link Sys., Inc.1 D-Link sells routers and Internet protocol (IP) cameras that it markets as having good data security, including “the latest wireless security features to help prevent unauthorized access” and … Continue Reading
The Federal Trade Commission (FTC) has settled its first-ever complaint against social media influencers for deceptive endorsements.1 According to the FTC’s complaint, Trevor “TmarTn” Martin and Thomas “Syndicate” Cassell, two influencers who have wide followings in the online gaming community, promoted an online gambling service called CSGO Lotto on YouTube and Twitter without disclosing that … Continue Reading
On September 5, 2017, the Federal Trade Commission (FTC) announced that it and 32 state attorneys general had settled charges with Lenovo regarding the company’s practice of pre-loading software on its laptops that compromised consumers’ cybersecurity and privacy. As part of the settlement, Lenovo agreed to pay $3.5 million in penalties to the states, and per an … Continue Reading
On August 15, 2017, the Federal Trade Commission (FTC) announced that it had reached an agreement with Uber Technologies to settle allegations that the ride-sharing company had deceived consumers by failing to live up to its privacy and data security promises.1 Specifically, the FTC levied two deception counts against Uber: (1) that the company had … Continue Reading
On July 3, 2017, the Federal Trade Commission (FTC) announced that it had settled charges that defendants Blue Global, an operator of dozens of consumer loan lead generation websites, and its founder and CEO, Christopher Kay, violated the FTC Act. The FTC alleges that the defendants had, among other practices, misled consumers about Blue Global’s … Continue Reading
As connected devices become ubiquitous, it comes as no surprise that interactive toys that connect to the internet are more popular than ever. At the same time, regulators have taken note of the privacy and security concerns raised by lawmakers and privacy advocates about the proliferation of smart toys that collect personal information from kids. … Continue Reading
As expected, the Federal Communications Commission (FCC) has handed down sweeping new privacy and security rules for Internet service providers (ISPs). On Thursday, October 27, 2016, a sharply divided commission voted to enact these new rules, which impose strict new requirements for ISPs’ collection, use, sharing, and protection of their customers’ information, including information ISPs … Continue Reading
On June 30, 2016, the Federal Trade Commission (FTC) issued an interim final rule that substantially increases the maximum civil penalties for violations of the competition and consumer protection laws enforced by the FTC that authorize the assessment of civil penalties. The increased amounts will apply to penalties assessed on or after August 1, 2016, even … Continue Reading
On June 22, 2016, the Federal Trade Commission (FTC) announced that it has settled charges that InMobi, a Singapore-based mobile advertising company, deceptively tracked the locations of hundreds of millions of consumers, including children, to deliver geo-targeted advertising, and violated both the FTC Act and the Children’s Online Privacy Protection Act (COPPA). This is the … Continue Reading
The Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action was against Dwolla Inc., a Des Moines, Iowa-based online payment platform. The CFPB alleged that Dwolla misrepresented its data security practices, and as a … Continue Reading
On February 23, 2016, the Federal Trade Commission (FTC) announced a settlement with computer hardware maker ASUSTeK Computer, Inc. (ASUS). The ASUS settlement highlights the FTC’s position regarding security in the connected device market: connected device manufacturers are responsible for security shortcomings in their devices and are expected to promptly update or patch any identified … Continue Reading
The Federal Trade Commission (FTC) recently approved a new method for website operators and mobile application developers (“operators”) to obtain parental consent to collect personal information from children.1 Under this new method, which is the first to use biometric identifiers to verify that a parent is providing consent for a child, the FTC will permit … Continue Reading
On September 9, 2015, the Federal Trade Commission (FTC) held its first “Start with Security” conference at the University of California Hastings College of the Law in San Francisco. The conference was the first in a series of events hosted by the agency intended to provide additional guidance to businesses regarding how to keep consumers’ … Continue Reading
Companies have been pressing the Federal Trade Commission (FTC) for additional guidance on data security, and the agency recently delivered. On August 10, 2015, the FTC issued a public closing letter to Morgan Stanley Smith Barney LLC (Morgan Stanley) regarding the agency’s investigation into concerns that the company “fail[ed] to secure, in a reasonable and … Continue Reading
The Federal Communication Commission’s (FCC’s) newly promulgated Open Internet rules (2015 rules)—also known as the net neutrality rules—went into effect on June 12, 2015.1 The new rules apply specifically to broadband Internet access service providers, and not to Internet content, application, and device providers (edge providers). Nonetheless, by design, the rules will have a potentially … Continue Reading
On July 10, 2015, the Federal Communications Commission (FCC) released its long-anticipated Declaratory Ruling and Order1 addressing twenty-one petitions and requests seeking clarification of, and relief from, various provisions of the Telephone Consumer Protection Act (TCPA) and the FCC’s implementing regulations.2 The order provides some much-needed clarity in certain areas, but commentators have generally concluded … Continue Reading
