Proskauer on Privacy

Tag Archives: FTC

FTC’s One-Two Punch on Data Tracking and Health Privacy

On March 2, 2023, the Federal Trade Commission (FTC) announced that it had reached a $7.8 million settlement with mental health and online counseling platform, BetterHelp, Inc. (“BetterHelp”). The FTC alleged that BetterHelp shared  consumers’ sensitive health data combined with other personal information (PI) with third party advertising platforms without first obtaining affirmative consent and … Continue Reading

Noteworthy Trends in Privacy and Data Security

Reports of sophisticated cyberattacks and ransomware threats dominated 2021 headlines, along with evolving state data privacy laws in the absence of comprehensive federal data protection regulation. Cross-border data transfers between the EU and US still lack a clear, streamlined mechanism while national authorities continue to negotiate an EU-US Privacy Shield replacement. The past year also … Continue Reading

FTC Seeks to Move Beyond Notice and Consent to Restrict Data Collection and Use

The FTC indicated that it will use its rulemaking authority under the FTC Act’s Section 18 to create a new rule that will likely seek to rein in broad data collection and use. In October 2021, FTC Commissioner Rebecca Kelly Slaughter made two speeches in which she expressed a desire to move beyond the FTC’s … Continue Reading

FTC Ramps up COVID-19 Activity After Improving its Data Security Enforcement Orders

With the spread of the novel coronavirus (COVID-19), cybersecurity criminals and scammers are ramping up their efforts to target vulnerable employers and workforces. The FTC announced today that since January they have received more than 7,800 fraud complaints from consumers related to the COVID-19 pandemic. But the FTC isn’t slowing down either. Even with the … Continue Reading

A Year in Review: FTC Data Privacy Actions and its Impacts on 2017 and Beyond

Whether it means taking a prominent role shaping data security for the Internet of Things, or addressing high profile breaches, the FTC has adopted an active position in policing data privacy and security. And, as data becomes increasingly digital in its form and protections, data security is of paramount importance for all types of intelligence—whether … Continue Reading

Consumer Review Fairness Act Taking Effect

The Consumer Review Fairness Act (CRFA) began to take effect yesterday, March 14, 2017. One aim of the CRFA is to protect consumers’ ability to publicly review services and vendors without being subject to restrictions or fines imposed by form contracts. It does so by voiding provisions within form contracts between consumers and service providers … Continue Reading

Privacy Advocates and ISPs Spar over Targeted Ads

The Federal Communication Commission’s (the “FCC”) landmark decision last year to reclassify Internet service providers (“ISPs”) as common carriers under Title II of the Communications Act of 1934 implicates policy issues that extend well beyond net neutrality.  Perhaps chief among them is the treatment of customer proprietary network information (“CPNI”) by broadband access providers.  The … Continue Reading

FTC Issues Report and Privacy Best Practices for the Internet of Things

On January 27, 2015 the Federal Trade Commission (the “FTC”) issued a report detailing best practices and recommendations that businesses engaged in the Internet of Things (“IoT”) can follow to protect consumer privacy and security. The IoT refers to the connection of everyday objects to the Internet and the transmission of data between those devices. … Continue Reading

Shaking Up the Settlement Process: FTC Reconsiders Whether Companies Can Deny Wrongdoing While Settling Privacy Violation Claims

The Federal Trade Commission (“FTC”) recently announced settlements of cases brought against Google and Facebook for alleged privacy violations. The Google settlement drew headlines for being the largest fine ever assessed for the violation of a FTC consent order ($22.5 million).  But Commissioner J. Thomas Rosch’s dissents are perhaps more momentous, as they have prompted the … Continue Reading

Smart Grid Technology Implicates New Privacy Concerns

The smart grid is an advanced metering infrastructure made up of “smart meters” capable of recording detailed and near-real time data on consumer electricity usage.  That data would then be sent to utilities through a wireless communications network.  In recent years, utilities have increased the pace of smart meter deployment—smart meters are expected to be … Continue Reading

Do I really have to obtain consent from all my customers to make a change to my privacy policy?

"Do I really have to obtain consent from all my customers to make a change to my privacy policy?  No one else seems to be following that rule." We get this question all the time.  It is understandable, given that we often watch Web-based companies expand their usage of consumer data without the affirmative consent … Continue Reading

Facebook Accedes to the FTC’s Poke, Settles FTC’s Charges

Facebook recently agreed to settle charges by the Federal Trade Commission (FTC) that Facebook violated the FTC Act. The FTC-Facebook settlement, which is still subject to final FTC approval, prohibits Facebook from making misrepresentations about the privacy or security of its users' personal information, requires Facebook to obtain users' affirmative consent before enacting changes that override the users' privacy preferences, and requires Facebook to prevent anyone from accessing material posted by a user more than 30 days after such user deleted his or her account. Similar to the March 2011 FTC-Google settlement, the Facebook settlement requires that Facebook enact a comprehensive privacy program and not misrepresent its compliance with the US-EU Safe Harbor Principles. As we previously reported, these two requirements are relatively new FTC settlement terms, which were first used in March 2011. … Continue Reading

The FTC Has Your Back, Even When It’s Naked: FTC Orders P2P Program’s Default File Sharing Settings Changed

FrostWire LLC (a P2P file-sharing software company) agreed to change the default privacy settings on its mobile and desktop applications and agreed to clearly disclose its applications' content sharing options pursuant to a settlement agreement with the FTC which resulted from claims by the FTC that FrostWire's content sharing practices violated the FTC Act. … Continue Reading

COPPA Violations? Cop a Settlement for $3 Million

Playdom, Inc., an online game company owned by Disney, and Playdom's CEO, Howard Marks, agreed to pay $3 million to settle charges brought by the FTC that they violated COPPA by collecting, using and disclosing the personal information of children under the age of 13 without their parents' prior, verifiable consent. The $3 million settlement is the largest civil penalty ever for a COPPA violation. … Continue Reading

FTC-Google Settlement Marks Two “Firsts” in FTC Privacy Enforcement

Google recently settled charges by the Federal Trade Commission (FTC) that Google's social networking service, Buzz, violated the FTC Act. The FTC-Google settlement prohibits Google from misrepresenting the extent to which it maintains and protects the confidentiality of users' information and from misrepresenting its compliance with the US-EU Safe Harbor Framework. In that regard, the settlement represents two important "firsts" in FTC enforcement. … Continue Reading

Credit Report Resellers Settle FTC Charges Over Poor Security

The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and … Continue Reading

Sanctions for Lazy Disposal Require Drug Store Chain to Re-“Rite” its Data Security Policies and Procedures

Rite Aid has agreed to pay $1 million to resolve allegations that it violated the Health Insurance Portability and Accountability Act ("HIPAA") by pitching pill bottles and prescription information into publicly accessible dumpsters near Rite Aid stores. According to HHS' resolution agreement, released on July 27, Rite Aid must implement a three-year corrective action program, which includes the adoption of revised policies and procedures concerning the disposal of sensitive health-related information, employee training programs and procedures and penalties for employees that fail to comply with them. Rite Aid also entered into a separate, but related settlement with the FTC to resolve allegations that the company failed to live up to promises made in its privacy policy. … Continue Reading

Twitter’s Settlement With the FTC Demonstrates that “Reasonable Security” Isn’t Only About Online Commerce

The social networking and micro-blogging service Twitter recently agreed to settle charges with the Federal Trade Commission (FTC) regarding its privacy and data security practices. Similar to settlement terms reached with other online merchants, the settlement bars Twitter for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information. Notably, the agreement also requires Twitter to maintain a comprehensive information security program and submit to audits of the program for 10 years. The settlement agreement does not include a monetary penalty. The FTC alleged that despite Twitter's promises on its website to protect the personal information of its users, Twitter's practices failed to provide reasonable and appropriate security. Unlike many of the other companies that the FTC has pursued regarding online security practices, Twitter does not sell goods online or collect financial information from its users. … Continue Reading
LexBlog

This website uses third party cookies, over which we have no control. To deactivate the use of third party advertising cookies, you should alter the settings in your browser.

OK