Photo of Hannah Lepow

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

Last month, a Michigan federal district court judge denied defendant’s motion for summary judgment regarding application of the Telephone Consumer Protection Act (“TCPA”) to “direct drop” voicemail messages (also known as “ringless voicemail”).  Emphasizing the “broad net” cast by the TCPA, Judge Gordon J. Quist of the Western District of Michigan held that such messages

A recent District of New Jersey case emphasizes that while, under the FCC’s 2015 interpretation of the law, a customer has a broad right to revoke consent to receive automated calls and texts under the Telephone Consumer Protection Act (“TCPA”), the manner in which the consumer seeks to revoke his or her consent must be reasonable.

On November 27, 2017, a New Jersey federal judge dismissed a putative class action against Kohl’s, rejecting the plaintiff’s assertion that her sentence-long opt-out replies to automated text message “sales alerts” were reasonable when she was presented with other clear and simple opt-out mechanisms.
Continue Reading District Court Rejects Consent Revocation Claim Under TCPA

Automated vehicle technology is accelerating, and regulators are racing to keep up.  On June 28, 2017, the Federal Trade Commission and the National Highway Traffic Safety Administration (“NHTSA”) will hold a workshop to examine the consumer privacy and security issues posed by automated and connected vehicles.  The workshop comes several months after the Department of Transportation and NHTSA promulgated a Notice of Proposed Rulemaking (“NPRM”) that would require all new passenger vehicles to be capable of vehicle-to-vehicle (“V2V”) communications by the early 2020s.
Continue Reading Parties Discuss Privacy Issues in Advance of FTC, NHTSA Workshop on Connected Cars

On December 20, 2016, the White House released a report examining the potential economic effects of artificial intelligence (“AI”).  This report follows closely on the heels of another released by the White House only two months ago that explored more broadly the questions raised for society and public policy by progress in AI.

The December report posits that accelerating AI capabilities could have the effect of increasing economic inequality by enabling automation of tasks that have long required human labor.  While these transformations open up new employment opportunities and create benefits for society, they will also displace the individuals currently performing these jobs.  Research consistently finds that the jobs threatened by automation are highly concentrated among lower-paid and less-educated workers, and that the benefits of technology tend to accrue fastest to highly skilled workers.

The report presents three strategies the U.S. government could take to reap the benefits of AI while softening the effects of potential displacement:
Continue Reading White House Issues Report on Artificial Intelligence and the Economy

On November 30, the FTC released a staff summary of its September 15, 2016 public workshop, Putting Disclosures to the Test.  Numerous goods and services, from home appliances to financial services, make use of disclosures to inform users of their privacy practices.  These disclosures—whether delivered offline or online, via text, video, or audio—are a key tool for consumers in learning the information they need to make informed decisions in the marketplace.  The FTC has previously issued guidance about making effective digital disclosures and mobile privacy notices.  The workshop went beyond these areas and discussed disclosures for a range of products through the lens of multiple disciplines.

The FTC workshop had nearly 1,000 attendants (including, of course, online participants).  These participants explored the following topics:
Continue Reading FTC Releases Privacy Disclosure Staff Summary

Today, Rep. Jackie Speier (D-Calif.) introduced legislation that would criminalize the non-consensual distribution of sexually explicit images, commonly referred to as “revenge porn.”

The Internet Privacy Protection Act would make it a federal crime for individuals to knowingly distribute sexually explicit images or video of a person without or with a “reckless disregard” for their

By Jack Schenendorf, Brian Smith, and Hannah Lepow

Tuesday, the Federal Aviation Administration (“FAA”) finalized its long-awaited rule on the commercial use of small unmanned aircraft systems (“UAS” or “drones”).  The rule comes a month after the National Telecommunications and Information Administration multistakeholder group reached consensus on best practices for drone privacy.  The FAA’s action is significant—for the first time, there will be a comprehensive and generally applicable set of rules for anyone wishing to operate a small drone for commercial purposes.

Before the adoption of this rule, which will take effect in August 2016, anyone wishing to operate a drone for anything other than hobbyist recreation had to apply for an individualized authorization from the FAA.  Although the FAA had made an effort to process the authorizations quickly, the applications quickly developed a backlog.  We expect that the new rule, which applies to drones weighing less than 55 pounds, will spur widespread use of drones for a variety of commercial operations, including aerial video for newsgathering, pipeline and radio tower inspections, aerial surveying, aerial photography for real estate and construction site monitoring, disaster response, and other uses still to be developed.
Continue Reading Federal Aviation Administration Finalizes Small Unmanned Aircraft Rule

Last week, the multistakeholder group convened by the National Telecommunications and Information Administration (“NTIA”) to create set of voluntary best practices for the commercial use of facial recognition technology finalized its guidelines.  While the three-page code of conduct was praised by industry groups, including the Software & Information Industry Association and Consumer Technology Association, many consumer groups, who withdrew from the process before the guidelines were finalized, criticized the final product as weak and flawed.

The guidelines are the result of a more than two-year process, first announced by the NTIA in December 2013.  They recommend commercial entities do the following:

  • Disclose their practices regarding collection, storage, and use of facial template data to consumers, including any sharing, retention, and de-identification policies;
  • Provide notice to consumers where facial recognition is used on a physical premises;
  • Consider privacy concerns when developing data management programs;
  • Protect facial recognition data by implementing a program that contains administrative, technical, and physical safeguards appropriate to the entity’s size, complexity, the nature of its activities, and the sensitivity of the data;
  • Take reasonable steps to maintain the integrity of the data collected; and,
  • Provide a means for consumers to contact the entity regarding its use of the data.


Continue Reading NTIA Multistakeholder Group Reaches Consensus on Best Practices for Commercial Use of Facial Recognition Technology