FTC

Subscribe to FTC via RSS

On February 27, 2018, the Federal Trade Commission (FTC) announced1 that it had reached an agreement with PayPal to settle allegations that its peer-to-peer payment service, Venmo, engaged in deceptive acts and practices and violated the Gramm-Leach-Bliley Act (GLBA)’s Safeguards Rule2 and Privacy Rule.3 Since 2011, Venmo has offered peer-to-peer payment services through an app that consumers can download, link to their external bank accounts, and use to transfer and receive money to and from other users. In its complaint, the FTC alleged that PayPal, through Venmo, failed to adequately disclose that: (1) it could freeze or remove funds credited to a customer’s account; (2) the Default Audience Setting did not ensure that future transactions were visible only to chosen audiences; and (3) the Individual Audience Setting did not ensure that any single transaction was visible only to the chosen audience. The FTC also alleged that PayPal, through Venmo: (1) misrepresented that it protected consumers’ information with “bank-grade security systems;” (2) failed to protect the security, confidentiality, and integrity of customer information in violation of the GLBA’s Safeguards Rule; and (3) failed to send an adequate initial privacy notice to customers detailing its privacy policies and practices in violation of the GLBA’s Privacy Rule.4
Continue Reading FTC Announces Settlement with PayPal for Alleged FTC Act and GLBA Violations by Venmo

On February 5, 2018, the Federal Trade Commission (FTC) announced its most recent Children’s Online Privacy Protection Act (COPPA) case against Explore Talent, an online talent agency marketed to aspiring actors and models.1

According to the FTC’s complaint, the company provided a free platform for users to find information about auditions, casting calls, and other opportunities. Users could sign up for accounts and create publicly available, searchable profiles that included personal information such as names, email addresses, telephone numbers, and mailing addresses. The company’s privacy policy stated that it did not knowingly collect personal information from children under age 13 and that accounts for users under 13 had to be created by a legal guardian. In practice, however, users selected their “age range” during registration, which included options of 0-5 and 6-12 years old. On a later registration screen, the company specifically asked for users’ birthdates.Continue Reading Online Talent Agency Stars in FTC’s 30th COPPA Case

2018 promises to be an interesting year in the world of privacy and cybersecurity. In this article, we highlight a few of the most notable developments we expect this year, including major developments in Europe, changes and pending cases at the Federal Trade Commission (FTC), notable U.S. Supreme Court cases scheduled to be decided this year, and some areas of legislation that actually may become law in the U.S.

Big Changes Taking Effect in the European Union

One of the biggest areas where everyone in the privacy field will be looking in 2018 is the European Union (EU). On the legislative front, the General Data Protection Regulation (GDPR) will enter into force on May 25, 2018; the proposed e-Privacy Regulation is scheduled to be adopted this year; and the EU parliament will issue a report on the proposed Regulation on Non-Personal Data. Additionally, the Court of Justice of the EU (CJEU) will rule on several important data protection cases, including on third-party tracking, the right to be forgotten, and the possibility of class actions.Continue Reading A Look Ahead at Privacy and Data Security in 2018

The Federal Trade Commission (FTC) has provided new guidance on how it will enforce the Children’s Online Privacy Protection Act (COPPA) against companies collecting voice recordings from children, loosening the rules on how companies can collect and use voice data. Under the guidance, online services covered by COPPA can now collect voice recordings from children without obtaining verifiable parental consent so long as they collect and use the voice recording solely as a replacement for written words, such as to perform a search or fulfill a verbal instruction or request, and maintain the file for only the brief period of time necessary for that purpose. The FTC’s publication builds on previous FTC guidance making clear that COPPA applies to Internet of Things devices, including connected children’s toys. The publication marks the first time that the FTC has publicly signaled that it will refrain from bringing enforcement actions in circumstances where it believes COPPA has been violated.
Continue Reading FTC Carves New Path for Collecting Voice Recordings from Children Without Parental Consent

On December 12, 2017, the Federal Trade Commission (FTC) held a workshop to examine consumer injury in the context of privacy and data security. The motivation for the workshop, according to Acting FTC Chairman Maureen Ohlhausen, was to help the FTC better understand consumer informational injury, weigh effectively the benefits of intervention against its inevitable costs, and to help guide the future application of the substantial injury prong of the FTC’s unfairness standard. A variety of panelists from a wide range of backgrounds, including business, academia, and consumer advocacy, addressed questions such as how to best characterize these injuries, how to accurately measure such injuries and their prevalence, and what factors businesses and consumers consider when evaluating the trade-offs between providing information and potentially increasing their exposure to injuries.
Continue Reading FTC Holds Workshop on Informational Injury

The Federal Trade Commission (FTC) is seeking public comment on a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately
Continue Reading Sears Petitions FTC to Reopen and Modify 2009 Order Concerning Online Browsing Tracking