When China’s legislature, the National People’s Congress (“NPC”), enacted the Cybersecurity Law (“CSL”) in 2017, it set into motion a new era of data governance in China.  Three years later, in 2020, the NPC followed up this landmark act with two other legislative milestones in this space: the draft Data Security Law (“DSL”) (see our blogpost here) and draft Personal Information Protection Law (“PIPL”) (see our client alert here).  Both the PIPL and DSL will be finalized this year.  Taken as a whole, these three laws form an over-arching framework that will govern data protection and cybersecurity in China for years to come.

While the DSL and PIPL have remained in draft form over the past year, the Chinese government has not stood idly by – instead, various Chinese regulators have continued to introduce data- and cyber-related rules in  key sectors.  Many of these sectoral rules do not appear to be primarily focused on data protection or cybersecurity, yet they may indirectly impact the collection, use and processing of personal information in specific sectors.  The rollout of these new rules has not been fully coordinated, and the approaches taken in some cases deviate from the over-arching framework mentioned above.  We expect this divergence to remain, even after the finalization of the PIPL and DSL.  Consequently, China’s data and cyber regime will likely present a complex web of regulatory rules for organizations to navigate – both now and in the years ahead.

In this blog series, we examine several recently-introduced data and cyber rules in the areas of e-commerce, finance, healthcare, and artificial intelligence – all of which are rapidly expanding sectors in China where the collection and use of massive amounts of personal information have given rise to a variety of regulatory concerns.  We will also explain, in the last blogpost of this series, China’s recent push to regulate how mobile applications can collect and process user data.

In our first blogpost of this series, we focus on recent developments in China’s e-commerce sector.


Continue Reading Privacy Updates from China: Proliferation of Sector-Specific Rules As Key Legislation Remains Pending – Part 1: Data Protection in the E-Commerce Sector

On February 4, 2021, the House Energy and Commerce’s Subcommittee on Consumer Protection and Commerce held a hearing entitled, “Safeguarding American Consumers: Fighting Scams and Fraud During the Pandemic.”  The hearing focused on the FTC’s ability to obtain equitable monetary relief under Section 13(b) of the FTC Act – an issue that is currently being considered by the Supreme Court in AMG Capital Management LLC v. Federal Trade Commission.

To gain a better understanding of the deceptive marketing campaigns seeking to exploit the ongoing public health crisis and the challenges the FTC faces in fighting fraud, the Subcommittee invited Bonnie Patten, Executive Director of TruthInAdvertising.org; Jessica Rich, former Bureau of Consumer Protection Director and Distinguished Fellow of the Institute for Technology Law & Policy at Georgetown Law School; William E. Kovacic, former FTC Chairman and Global Competition Professor of Law at George Washington University Law School; and Traci Ponto, Spokane COPS Crime Victim Advocate at Spokane Community Oriented Policy Services.
Continue Reading Hearing on Consumer Protection During the Pandemic Focuses on FTC’s Equitable Monetary Authority

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

On May 5th, 2020, the California Assembly Committee on Privacy and Consumer Protection held a hearing and considered AB 2811, a bill that would amend existing California law governing automatic renewals.  As currently drafted, AB 2811 would:

  • require businesses to provide 3-7 days’ notice explaining how to cancel an automatic renewal offer or continuous service offer if the consumer accepted (1) a free gift or trial that lasts for a predetermined period of time as part of an automatic renewal or continuous service offer, or (2) the consumer accepted an automatic renewal or continuous service offer at a discounted price, and the applicability of that price was limited to a predetermined amount of time; and
  • require businesses that permit consumers to accept automatic renewal or continuous service offers online to immediately terminate that service online.


Continue Reading AB 2811: The Future of Automatic Renewals in California

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

The Federal Trade Commission has traditionally responded forcefully to public health and economic crises, and it is doing so again in response to the coronavirus pandemic.  The current crisis does present some additional complications, however, because of its impact on the operations of the agency itself.  Three particular aspects of the FTC’s consumer protection-related response stand out: (1) continuation of the agency’s scrutiny of false and deceptive product claims that seek to capitalize on the fears of consumers, (2) signs that the agency will work with businesses to accommodate the special pressures of the crisis, and (3) continuation but postponement of other, non-enforcement activities.

The FTC’s first consumer protection priority in response to the coronavirus pandemic has been to focus on especially egregious marketing scams that target particularly vulnerable populations.  The FTC has already issued a number of warning letters to sellers of supposed COVID-19 cures ranging from tea to edible silver and to voice over internet protocol (“VoIP”) service providers facilitating illegal coronavirus-related calls.  Fraud reports continue to rise rapidly: the FTC has received 7,800 coronavirus-related complaints this year, and almost half of these were filed in the last week.
Continue Reading The FTC’s Response to the Coronavirus Pandemic: Consumer Protection Priorities and Initial Actions

Last week, the Better Business Bureau’s National Advertising Division (NAD) announced a new expedited process for digital advertising challenges.  The SWIFT (Single Well-defined Issue Fast Track) Process will allow businesses to address concerns of transparency and truthfulness on an accelerated basis, with decisions rendered within twenty business days of case initiation.  The SWIFT process is currently limited to challenges involving one of three issues:  the prominence or sufficiency of disclosures, including disclosure issues in influencer marketing, native advertising, and incentivized reviews; misleading pricing and sales claims; and misleading express claims that do not require review of complex evidence or substantiation such as clinical testing or consumer perception evidence.
Continue Reading The BBB’s National Advertising Division Launches Fast-Track SWIFT Process for Digital Advertising

You may have heard the phrase “dark patterns” as shorthand for various user interfaces designed to influence users’ decisions. They can range from the perfectly innocent to the unethical, and even illegal. Whatever the form, dark patterns have recently drawn attention from the mainstream press.

Dark patterns are coming out from the shadows. And when that happens, class action lawyers can’t be far behind.


Continue Reading Dark Patterns: What They Are and What You Should Know About Them