FTC

Subscribe to FTC via RSS

Federal regulators released guidance in the first half of 2014 that should provide comfort to businesses that are considering sharing information relating to cybersecurity risks with other companies and the government. Although these advisory opinions are nonbinding and do not carry the force of law, they provide strong indications of the priorities of the U.S. Department of Justice (DOJ) and Federal Trade Commission (FTC) with respect to facilitating the ability of businesses to engage in cybersecurity risk mitigation. Notably, under the recent guidance, the federal regulators suggest that antitrust and electronic communications privacy concerns, which may have previously made businesses hesitant to share certain information relating to cybersecurity risks, should not preclude business-to-business or business-to-government information sharing that is tailored to mitigate these risks.
Continue Reading Federal Agencies Reduce Barriers to Cyber Threat Information Sharing

In August 2014, the Federal Trade Commission (FTC) published a staff report that evaluates the consumer disclosures made by a number of popular mobile shopping applications and makes recommendations to the providers and users of those apps.1 The FTC staff did not address or find any fault with app platforms, like Google Play or Apple’s App Store, with respect to the consumer disclosures of those apps. This report follows the FTC staff’s March 2013 mobile payment report that recommended mobile payment providers convey clear policies regarding fraudulent and unauthorized charges, encouraged all stakeholders to raise consumer awareness about mobile payment security, and stressed the applicability of its general privacy recommendations to companies in the mobile payment marketplace.2
Continue Reading FTC Recommends Improved Transparency and Security in Mobile Shopping Apps

Despite reaching settlements with more than 50 organizations on data security issues since the late 1990s, no organization seriously challenged the Federal Trade Commission’s (FTC’s) authority to bring such cases until FTC v. Wyndham Worldwide Corp. made headlines in 20121 The case brought rampant speculation from the privacy and data security community on the likely outcome and potential impact on a number of issues, ranging from the FTC’s enforcement authority to national and state data security laws. Recent rulings rejecting Wyndham’s motions to dismiss may not break new ground for the FTC, but the commission’s ability to overcome the first challenges to its data security enforcement authority are significant and continue the agency’s trajectory as the country’s leading data security enforcer.2
Continue Reading The Wyndham Rulings and the FTC’s Leadership on Data Security Enforcement

On January 15, 2014, the Federal Trade Commission (FTC) announced that Apple, Inc. had agreed to pay a minimum of $32.5 million in full refunds to consumers to settle allegations that the company was billing customers for purchases that children made from the company’s App Store without parental consent.1 According to the FTC, since at least 2011, thousands of children had unwittingly racked up significant App Store charges without their parents’ knowledge because the company’s billing procedures allowed users to incur unlimited in-app charges for a 15-minute window after downloading new software onto a device.2
Continue Reading Apple Agrees to Refund at Least $32.5 Million to Settle FTC Complaint Alleging That It Charged Kids’ In-App Purchases Without Parental Consent

The Federal Trade Commission’s (FTC’s) enforcement actions for claims of compliance with Safe Harbor privacy frameworks by U.S. companies have increased significantly over the past few months. In the first two months of 2014 alone, the FTC announced settlements with 13 U.S. companies over allegations that the companies falsely claimed they held current certifications under the U.S.-EU Safe Harbor Privacy Framework.1 The FTC’s focus has not been limited to the EU framework, as three of the settlements include claims that the companies falsely represented holding current certifications under the U.S.-Swiss Safe Harbor Privacy Framework.
Continue Reading FTC Steps Up Enforcement of Safe Harbor Compliance Claims

On October 22, 2013, the Federal Trade Commission (FTC) announced a proposed settlement of a case against Aaron’s, Inc., a national rent-to-own retailer with more than 1,800 locations in 48 states, having alleged that Aaron’s knowingly played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly monitored consumers.
Continue Reading National Rent-to-Own Company Settles FTC Charges of Enabling Computer Spying by Franchisees