Federal Trade Commission

Federal Trade Commission Asks for Ability to Fine Companies for Privacy Violations

• Speaking before the U.S. House of Representatives’ Subcommittee on Digital Commerce and Consumer Protection, the commissioners of the Federal Trade Commission (FTC or Commission) said Congress needs to pass new laws to allow the FTC to fine companies that violate consumer’s privacy rights, as well as allow the Commission greater flexibility to amend its own rules to address potential violations.

• At the same time, Chairman Joseph Simons recognized a “trade off between privacy and data security and competition,” noting that the Commission is “nervous that if [the FTC does] privacy in one way and go[es] too far [in] one direction, [it will] reduce competition.”

Brazil

Brazil Poised to Pass National Data Protection Law

  • Almost 10 years after Brazil began talks on a national data protection law, the country is on the verge of enacting what has been dubbed “Brazilian GDPR.”
  • From enactment of the law by the National Congress, Brazil’s Acting President Michel Temer has 15 days to approve it or veto all or parts of it. As a result of nuances in Brazilian law, it seems likely that the law will take effect, but without the provisions that allow for the creation of a data protection authority (DPA) to enforce the law. That said, commentators speculate that the Brazilian DPA is likely to be created in January 2019, after Brazil’s elections later this year.

Class Actions

Yahoo Email Users Move to Seek Class Certification in Multidistrict Litigation

  • Citing common questions regarding Yahoo’s conduct and its contracts with consumers, a putative class of Yahoo email users sought certification in a California multidistrict litigation regarding their claims surrounding three data breaches that affected billions of users.
  • According to the motion, all the claims of class members rely on whether Yahoo knew or should have known about the breaches earlier than it did, whether it did enough to protect users’ data and whether it complied with its terms of service.
  • The motion sought certification for multiple classes and subclasses, including all U.S. Yahoo users whose personal information was stolen during the breaches, divided among those with free accounts, paying users and small businesses.

Data Breaches

LabCorp Discloses Suspicious Network Activity That Could Indicate a Breach

  • In a recent Securities and Exchange Commission filing, medical diagnostics company LabCorp disclosed that it detected suspicious activity on its information technology network.
  • LabCorp immediately took some of its systems offline in order to contain the activity.
  • According to the statement, there was no evidence of unauthorized transfer or misuse of data. Other reports, however, suggest that the company may have been the victim of a ransomware attack.