On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without first obtaining affirmative consent and … Continue Reading
Reports of sophisticated cyberattacks and ransomware threats dominated 2021 headlines, along with evolving state data privacy laws in the absence of comprehensive federal data protection regulation. Cross-border data transfers between the EU and US still lack a clear, streamlined mechanism while national authorities continue to negotiate an EU-US Privacy Shield replacement. The past year also … Continue Reading
The FTC indicated that it will use its rulemaking authority under the FTC Act’s Section 18 to create a new rule that will likely seek to rein in broad data collection and use. In October 2021, FTC Commissioner Rebecca Kelly Slaughter made two speeches in which she expressed a desire to move beyond the FTC’s … Continue Reading
With the spread of the novel coronavirus (COVID-19), cybersecurity criminals and scammers are ramping up their efforts to target vulnerable employers and workforces. The FTC announced today that since January they have received more than 7,800 fraud complaints from consumers related to the COVID-19 pandemic. But the FTC isn’t slowing down either. Even with the … Continue Reading
Whether it means taking a prominent role shaping data security for the Internet of Things, or addressing high profile breaches, the FTC has adopted an active position in policing data privacy and security. And, as data becomes increasingly digital in its form and protections, data security is of paramount importance for all types of intelligence—whether … Continue Reading
The Consumer Review Fairness Act (CRFA) began to take effect yesterday, March 14, 2017. One aim of the CRFA is to protect consumers’ ability to publicly review services and vendors without being subject to restrictions or fines imposed by form contracts. It does so by voiding provisions within form contracts between consumers and service providers … Continue Reading
The Federal Communication Commission’s (the “FCC”) landmark decision last year to reclassify Internet service providers (“ISPs”) as common carriers under Title II of the Communications Act of 1934 implicates policy issues that extend well beyond net neutrality. Perhaps chief among them is the treatment of customer proprietary network information (“CPNI”) by broadband access providers. The … Continue Reading
On January 27, 2015 the Federal Trade Commission (the “FTC”) issued a report detailing best practices and recommendations that businesses engaged in the Internet of Things (“IoT”) can follow to protect consumer privacy and security. The IoT refers to the connection of everyday objects to the Internet and the transmission of data between those devices. … Continue Reading
The FTC published on September 5, 2012 guidelines for mobile application developers to assist them observe truth-in-advertising and basic privacy principles when marketing their applications.… Continue Reading
The Federal Trade Commission (“FTC”) recently announced settlements of cases brought against Google and Facebook for alleged privacy violations. The Google settlement drew headlines for being the largest fine ever assessed for the violation of a FTC consent order ($22.5 million). But Commissioner J. Thomas Rosch’s dissents are perhaps more momentous, as they have prompted the … Continue Reading
The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage. That data would then be sent to utilities through a wireless communications network. In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be … Continue Reading
The FTC released its final report titled "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Business and Policymakers" which sets forth principles that companies are recommended to follow with respect to their privacy practices.
… Continue Reading
"Do I really have to obtain consent from all my customers to make a change to my privacy policy? No one else seems to be following that rule." We get this question all the time. It is understandable, given that we often watch Web-based companies expand their usage of consumer data without the affirmative consent … Continue Reading
Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users' personal information, requires Facebook to obtain users' affirmative consent before enacting changes that override the users' privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011.
… Continue Reading
FrostWire LLC (a P2P file-sharing software company) agreed to change the default privacy settings on its mobile and desktop applications and agreed to clearly disclose its applications' content sharing options pursuant to a settlement agreement with the FTC which resulted from claims by the FTC that FrostWire's content sharing practices violated the FTC Act.
… Continue Reading
Playdom, Inc., an online game company owned by Disney, and Playdom's CEO, Howard Marks, agreed to pay $3 million to settle charges brought by the FTC that they violated COPPA by collecting, using and disclosing the personal information of children under the age of 13 without their parents' prior, verifiable consent. The $3 million settlement is the largest civil penalty ever for a COPPA violation.
… Continue Reading
The maker of Rascal Scooters agreed to pay $100,000 as a civil penalty to settle a complaint filed by the FTC alleging that Rascal Scooters violated the FTC Act and the FTC's Telemarketing Sales Rule.
… Continue Reading
Google recently settled charges by the Federal Trade Commission (FTC) that Google's social networking service, Buzz, violated the FTC Act. The FTC-Google settlement prohibits Google from misrepresenting the extent to which it maintains and protects the confidentiality of users' information and from misrepresenting its compliance with the US-EU Safe Harbor Framework. In that regard, the settlement represents two important "firsts" in FTC enforcement.
… Continue Reading
The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and … Continue Reading
Yesterday, we blogged about the FTC’s report released last week, “Protecting Consumer Privacy in an Era of Rapid Change.” But if the FTC’s recommendations become requirements, how would they change what the typical company is doing today? … Continue Reading
On October 19, 2010, speaking at the annual Proskauer on Privacy conference, the Federal Trade Commission's newest Commissioner, Julie Brill, had a lot to say about self-regulation, teen privacy and other FTC privacy initiatives. You can read what she said, in her own words, on our privacy law blog.
… Continue Reading
In a handful of cases, including two which were recently decided, companies have been thwarted in various, unexpected ways by the commitments made in their online privacy policies.
… Continue Reading
Rite Aid has agreed to pay $1 million to resolve allegations that it violated the Health Insurance Portability and Accountability Act ("HIPAA") by pitching pill bottles and prescription information into publicly accessible dumpsters near Rite Aid stores. According to HHS' resolution agreement, released on July 27, Rite Aid must implement a three-year corrective action program, which includes the adoption of revised policies and procedures concerning the disposal of sensitive health-related information, employee training programs and procedures and penalties for employees that fail to comply with them. Rite Aid also entered into a separate, but related settlement with the FTC to resolve allegations that the company failed to live up to promises made in its privacy policy.
… Continue Reading
The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter's promises on its website to protect the personal information of its users, Twitter's practices failed to provide reasonable and appropriate security. Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users.
… Continue Reading
This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.