Tag Archives: FTC

Babies and Baby-making, or Not… Privacy and Security Lessons for the Internet of Things

What do babies, sex toys and wireless head phones have in common? Apparently, the privacy concerns of the Federal Trade Commission (FTC), state AGs and legislatures, class action plaintiffs, and consumer advocacy groups, at least when it comes to the Internet of Things (IoT). The IoT refers to consumer devices that are connected, directly or … Continue Reading

FTC Nets $500,000 Settlement for Alleged Consent Order Violation Related to Online Data Collection Practices

On March 17, 2017, the Federal Trade Commission (FTC) announced that it had reached a $500,000 settlement with Upromise, a membership reward service aimed at families saving for college. The FTC had alleged that Upromise violated a 2012 FTC consent order by failing to make required disclosures about its data collection and use practices and … Continue Reading

Unexpected Consumer Data Collection Concerns FTC

The Federal Trade Commission (FTC) has been turning its attention to consumer data collection and use that consumers may not expect, such as tracking of TV viewing by smart TVs, and use of cross-device technologies and techniques to try to associate users and households to multiple devices (e.g., TVs, mobile phones, tablets, computers, and other … Continue Reading

FTC’s $2.2m Smart TV Settlement Signals Continued IoT Enforcement Focus

On February 6, 2017, the Federal Trade Commission announced that it had settled charges against VIZIO, Inc., a consumer electronics manufacturer of Internet-connected televisions. The FTC alleged that VIZIO unfairly tracked sensitive TV viewing data of millions of American consumers, and deceptively failed to disclose how the collected data was being used. This action was … Continue Reading

Latest Data Breach Settlement Illustrates Need for Companies to Prioritize Cybersecurity

On Aug. 5, 2016, the New York attorney general, Eric Schneiderman, announced a $100,000 settlement with an e-retailer following an investigation of a data breach that resulted in the potential exposure of more than 25,000 credit card numbers and other personal information. According to the investigation, on Aug. 7, 2014, in an all-too-common scenario, an … Continue Reading

Unanimous FTC Finds LabMD’s Data Security Practices Violated Section 5 of the FTC Act

On July 29, 2016, a unanimous Federal Trade Commission (“FTC” or “Commission”) issued its Opinion and Final Order reversing the decision of an administrative law judge (“ALJ”) and holding that LabMD engaged in “unfair” practices in violation of Section 5 of the FTC Act because it failed to provide reasonable and appropriate security for personal … Continue Reading

Mobile Ad Co Settles with FTC Over Allegations of Deceptive Geolocation Tracking And Children’s Privacy Violations for $4 Million

On June 22, 2016, mobile advertising company InMobi Private Ltd. settled Federal Trade Commission (“FTC” or “Commission”) claims of violations of Section 5 of the FTC Act, and the Children’s Online Privacy Protection Act and Rule (COPPA), for $4 million.  The violations of COPPA supported the monetary penalty since, unlike Section 5, COPPA provides for … Continue Reading

Balancing Innovation With Privacy Concerns: The FTC Provides Comment on the Internet of Things

On June 3, 2016, the Federal Trade Commission (FTC) responded to a Request for Comments issued by the Department of Commerce, National Telecommunications and Information Administration (NTIA) regarding the Internet of Things (IoT). The NTIA, which issued its Request for Comments on April 5, 2016, stated that it will use commentary to expand on its … Continue Reading

Mobile Apps That Appeal to Children Face Increased Regulatory Scrutiny

In September 2015, the Online Interest-based Advertising Accountability Program (Accountability Program) of the Advertising Self-regulatory Council (ASRC) began enforcing the Digital Advertising Alliance (DAA) Guidelines for Mobile Advertising (Mobile Guidance) and now the inevitable has happened: the Accountability Program has issued three compliance decisions with mobile app publishers whose apps allegedly failed to comply with … Continue Reading

Internet Service Providers Face New Regulatory Environment in the FCC’s Privacy and Security Proposal

On March 31, 2016, the Federal Communications Commission (FCC) issued a Notice of Proposed Rulemaking (NPRM) of privacy and security regulations for Internet service providers (ISPs). The NPRM, In The Matter of Protecting the Privacy of Customer of Broadband and Other Telecommunications Service, available here, is intended to apply privacy requirements of the federal Communications … Continue Reading

FTC And ASUS Reach Settlement Over Risk To Consumer Privacy In ASUS-Branded Routers

To date, the U.S. Federal Trade Commission has brought over 60 enforcement actions regarding company data security practices, and 2016 is already no different. On February 23, 2016, the FTC and Taiwanese computer hardware manufacturer ASUSTeK Computer, Inc., settled the FTC’s charges that ASUS-branded wireless routers, which were manufactured for home use and allowed consumers … Continue Reading

LabMD and Wyndham Decisions Curtail FTC’s Data Privacy and Security Reach

Both the administrative law judge’s decision in LabMD and the Third Circuit’s recent decision in Wyndham, which we previously blogged about, put the FTC on notice that it cannot assume that in the wake of a security breach, allegedly inadequate data security will necessarily constitute an unfair practice under Section 5 of the FTC Act. Further, … Continue Reading

What the FTC’s Settlement With Wyndham Means for Your Company

The recent settlement entered into between the Federal Trade Commission (FTC) Wyndham Hotels and Resorts and related companies (Wyndham) provides an important roadmap for companies seeking to avoid running afoul of the FTC’s regulation of data security. In particular, this settlement, as embodied in a Consent Order entered by the Court provides Wyndham Hotels and … Continue Reading

The FTC and DAA Set Their Sights on Cross-Device Tracking

Gone are the days of single-browser tracking. Accordingly, cross-device tracking – the process of tracking a single consumer across all of the consumer’s devices – is the new Holy Grail for marketers. Both the Federal Trade Commission (FTC) and the Digital Advertising Alliance (DAA), a U.S. advertising industry self-regulatory program, have taken notice. On November … Continue Reading

ALJ Issues Sweeping Decision Dismissing FTC’s Action Against LabMD

On November 13, 2015, the chief administrative law judge (“ALJ”) handling the Federal Trade Commission’s (“FTC” or “Commission”) complaint against LabMD Inc. (“LabMD”) dismissed the case in its entirety. As we previously reported, following two data security incidents involving the disclosure of personal information, the FTC brought an action against LabMD, a clinical testing laboratory, … Continue Reading

What Now? What Next? FAQs and Answers Regarding the Safe Harbor Decision

As we discussed in our blog post last week, on October 6, 2015, the Court of Justice of the European Union issued a judgment that invalidated the EU-U.S. Safe Harbor Framework. For the past 15 years, thousands of companies have been using the Safe Harbor Framework to transfer personal data from the EU to the … Continue Reading

EU High Court Invalidates Safe Harbor Framework for Cross-Border Data Transfers

On October 6, 2015, the Court of Justice of the European Union (CJEU) issued a highly anticipated judgment that has the potential to impact how thousands of companies transfer data from the EU to the United States. The Court’s decision effectively invalidates the European Commission’s “adequacy” determination with respect to the U.S.-EU Safe Harbor Framework, … Continue Reading

Federal Trade Commission Joins with Industry Experts to Provide Start-Ups and Developers with Practical Advice at “Start with Security” Conference

The FTC has a history of offering practical advice to organizations and consumers to protect against security threats and related concerns, and is continuing this practice with the upcoming – and very first – “Start with Security” conference, taking place at the University of California’s Hastings College of the Law on September 9, 2015. The … Continue Reading

Federal Trade Commission Continues Its Enforcement Campaign Against False Safe Harbor Claims

Reiterating its commitment to enforcing the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks, the Federal Trade Commission announced on Monday that it has reached settlements with 13 companies alleged to have misled consumers either by claiming Safe Harbor membership despite never having applied, or by allowing their Safe Harbor certifications to lapse. A related FTC Business … Continue Reading

FTC to Host Workshop on Online Lead Generation

The FTC has increasingly focused its attention on the online lead generation industry by bringing enforcement actions against payday loan lead generators (lead generators alleged to have engaged in advertising that lacked disclosures required by the Truth in Lending Act), mortgage lead generators (lead generators alleged to have deceptively advertised mortgage products by misrepresenting their … Continue Reading

As FCC Flexes New Consumer Protection and Privacy Regulatory Enforcement Muscles Against ISPs, Some Call for Expanded Authority Over Online Services

The Federal Communications Commission (FCC) has imposed a record $100M forfeiture fine against a global telecommunications company for alleged deceptive data plan promotions. The FCC’s fine comes on the heels of revisions to its 2010 Open Internet rules that expanded its enforcement authority over “telecommunications service” providers to cover broadband Internet service providers (ISPs). Under … Continue Reading

FTC Clarifies Native and Online Ad Obligations

The FTC, in recent staff statements, has sought to clarify advertisers’ and publishers’ obligations regarding native advertising and social media promotions, particularly regarding when and how to clarify to readers that a message is promotional and that the speaker has a material connection to the brand mentioned in the content. Further, the FTC has announced … Continue Reading

FTC Director Jessica Rich Discusses Privacy and Data Security at BakerHostetler Symposium

On February 26, 2015, Jessica L. Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission, spoke at the BakerHostetler Symposium on Section 5 of the FTC Act on how the FTC approaches privacy and data security. Director Rich’s comments on this subject were particularly timely, with the Third Circuit poised to … Continue Reading
LexBlog