FTC

Subscribe to FTC via RSS

ThinkstockPhotos-178868654The Federal Trade Commission (FTC) recently approved a new method for website operators and mobile application developers (“operators”) to obtain parental consent to collect personal information from children.1 Under this new method, which is the first to use biometric identifiers to verify that a parent is providing consent for a child, the FTC will permit operators to use facial recognition technology to compare an image of the person providing consent with an image of verified photo identification, such as a drivers’ license or passport. If the two images match, the user is verified and can provide consent for the child to use the website or mobile application.
Continue Reading FTC Approves Facial Recognition as Method of Obtaining Parental Consent to Collect Children’s Information

ThinkstockPhotos-489306446On September 9, 2015, the Federal Trade Commission (FTC) held its first “Start with Security” conference at the University of California Hastings College of the Law in San Francisco. The conference was the first in a series of events hosted by the agency intended to provide additional guidance to businesses regarding how to keep consumers’ information secure.

The FTC’s San Francisco event was aimed primarily at start-ups and software developers, with panels focusing on building a culture of security, scaling security during periods of rapid growth, investing in security, vulnerability disclosure and response, and implementing security features. The panels were each moderated by a staff attorney from the FTC’s Division of Privacy and Identity Protection, with panelists hailing primarily from Silicon Valley tech companies. Each panel is summarized below.
Continue Reading FTC Begins “Start with Security” Conference Series

Companies have been pressing the Federal Trade Commission (FTC) for additional guidance on data security, and the agency recently delivered. On August 10, 2015, the FTC issued a public closing letter to Morgan Stanley Smith Barney LLC (Morgan Stanley) regarding the agency’s investigation into concerns that the company “fail[ed] to secure, in a reasonable and appropriate manner, account information related to Morgan Stanley’s Wealth Management clients.”1 In the context of data security investigations, closing letters—which explain why FTC staff opted to close an investigation—have the potential to offer helpful insights on what security measures the FTC considers to be reasonably designed to protect the privacy and security of personal information. Knowing what factors influenced the FTC staff’s decision to close an investigation in one instance is equally instructive as knowing why the staff decided to pursue an enforcement action in another.
Continue Reading FTC Closing Letter Confirms the Importance of Implementing Employee Access Controls

ThinkstockPhotos-504041382-webThe Federal Communication Commission’s (FCC’s) newly promulgated Open Internet rules (2015 rules)—also known as the net neutrality rules—went into effect on June 12, 2015.1 The new rules apply specifically to broadband Internet access service providers, and not to Internet content, application, and device providers (edge providers). Nonetheless, by design, the rules will have a potentially far-reaching impact on edge providers’ and consumers’ rights and the avenues for redress in the face of harm inflicted by broadband providers. To date, the FCC has yet to receive any formal complaints from companies, though those may well be in the offing, according to some media reports and public statements.2
Continue Reading FCC Open Internet Rules Contain Important New Privacy, Data Security, and Transparency Measures

ThinkstockPhotos-503916682-webOn July 10, 2015, the Federal Communications Commission (FCC) released its long-anticipated Declaratory Ruling and Order1 addressing twenty-one petitions and requests seeking clarification of, and relief from, various provisions of the Telephone Consumer Protection Act (TCPA) and the FCC’s implementing regulations.2 The order provides some much-needed clarity in certain areas, but commentators have generally concluded that the order has broadened the reach of the TCPA and inserted uncertainty in other areas, making calling or texting consumers an increasingly risky business practice.
Continue Reading FCC Issues Omnibus TCPA Declaratory Ruling and Order Addressing Numerous Issues Regarding Calling and Texting Consumers

The Children’s Online Privacy Protection Act (COPPA) prohibits companies from collecting personal information from children under the age of 13 without first providing notice to parents and obtaining their verifiable consent. The Federal Trade Commission’s (FTC) recent settlements with Yelp and TinyCo serve as a reminder to mobile app developers that the failure to consider COPPA when developing and testing mobile apps can have serious consequences.
Continue Reading COPPA Looms Large for Mobile Apps