Today, the Federal Trade Commission (FTC) announced that it anticipates proposing a privacy rulemaking this month, with comments closing in August. This announcement follows the agency’s statement in December that it planned to begin a rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”
On March 21, 2022, the European Data Protection Board (“EDPB”) published its draft Guidelines 3/2022 on Dark patterns in social media platform interfaces (hereafter “Guidelines”, available here), following the EDPB’s plenary session held on March 14, 2022. The stated objective of the Guidelines is to provide practical guidance to both designers and users of social media platforms about how to identify and avoid so-called “dark patterns” in social media interfaces that would violate requirements set out in the EU’s General Data Protection Regulation (“GDPR”). In this sense, the Guidelines serve both to instruct organizations on how to design of their platforms and user interfaces in a GDPR-compliant manner, as well as to educate users on how certain practices they are subject to could run contrary to the GDPR (which could, as a result, lead to an increase in GDPR complaints arising from such practices). The Guidelines are currently subject to a 6-week period of public consultation, and interested parties are invited to submit feedback directly to the EDPB here (see “provide your feedback” button).
In this blog post, we summarize the Guidelines and identify key takeaways. Notably, while the Guidelines are targeted to designers and users of social media platforms, they may offer helpful insights to organizations across other sectors seeking to comply with the GDPR, and in particular, its requirements with respect to fairness, transparency, data minimization, purpose limitation, facilitating personal data rights, and so forth.Continue Reading EDPB Publishes Draft Guidelines on the Use of “Dark Patterns” in Social Media Interfaces
|Link to Source
|The European Parliament Research Service published a study on biometrics and AI, with recommendations for the draft Artificial Intelligence Act.
|The UK Government published its 2022 National Cyber Strategy. The strategy is built around five core pillars:
On December 10th, the Federal Trade Commission (FTC) published a Statement of Regulatory Priorities that announced the agency’s intent to initiate rulemakings on issues such as privacy, security, algorithmic decision-making, and unfair methods of competition.
Continue Reading FTC Announces Regulatory Priorities for Both Privacy and Competition
When China’s legislature, the National People’s Congress (“NPC”), enacted the Cybersecurity Law (“CSL”) in 2017, it set into motion a new era of data governance in China. Three years later, in 2020, the NPC followed up this landmark act with two other legislative milestones in this space: the draft Data Security Law (“DSL”) (see our blogpost here) and draft Personal Information Protection Law (“PIPL”) (see our client alert here). Both the PIPL and DSL will be finalized this year. Taken as a whole, these three laws form an over-arching framework that will govern data protection and cybersecurity in China for years to come.
While the DSL and PIPL have remained in draft form over the past year, the Chinese government has not stood idly by – instead, various Chinese regulators have continued to introduce data- and cyber-related rules in key sectors. Many of these sectoral rules do not appear to be primarily focused on data protection or cybersecurity, yet they may indirectly impact the collection, use and processing of personal information in specific sectors. The rollout of these new rules has not been fully coordinated, and the approaches taken in some cases deviate from the over-arching framework mentioned above. We expect this divergence to remain, even after the finalization of the PIPL and DSL. Consequently, China’s data and cyber regime will likely present a complex web of regulatory rules for organizations to navigate – both now and in the years ahead.
In this blog series, we examine several recently-introduced data and cyber rules in the areas of e-commerce, finance, healthcare, and artificial intelligence – all of which are rapidly expanding sectors in China where the collection and use of massive amounts of personal information have given rise to a variety of regulatory concerns. We will also explain, in the last blogpost of this series, China’s recent push to regulate how mobile applications can collect and process user data.
In our first blogpost of this series, we focus on recent developments in China’s e-commerce sector.Continue Reading Privacy Updates from China: Proliferation of Sector-Specific Rules As Key Legislation Remains Pending – Part 1: Data Protection in the E-Commerce Sector
On February 4, 2021, the House Energy and Commerce’s Subcommittee on Consumer Protection and Commerce held a hearing entitled, “Safeguarding American Consumers: Fighting Scams and Fraud During the Pandemic.” The hearing focused on the FTC’s ability to obtain equitable monetary relief under Section 13(b) of the FTC Act – an issue that is currently being considered by the Supreme Court in AMG Capital Management LLC v. Federal Trade Commission.
To gain a better understanding of the deceptive marketing campaigns seeking to exploit the ongoing public health crisis and the challenges the FTC faces in fighting fraud, the Subcommittee invited Bonnie Patten, Executive Director of TruthInAdvertising.org; Jessica Rich, former Bureau of Consumer Protection Director and Distinguished Fellow of the Institute for Technology Law & Policy at Georgetown Law School; William E. Kovacic, former FTC Chairman and Global Competition Professor of Law at George Washington University Law School; and Traci Ponto, Spokane COPS Crime Victim Advocate at Spokane Community Oriented Policy Services.
Continue Reading Hearing on Consumer Protection During the Pandemic Focuses on FTC’s Equitable Monetary Authority
On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications. According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards
On May 5th, 2020, the California Assembly Committee on Privacy and Consumer Protection held a hearing and considered AB 2811, a bill that would amend existing California law governing automatic renewals. As currently drafted, AB 2811 would:
- require businesses to provide 3-7 days’ notice explaining how to cancel an automatic renewal offer or continuous service offer if the consumer accepted (1) a free gift or trial that lasts for a predetermined period of time as part of an automatic renewal or continuous service offer, or (2) the consumer accepted an automatic renewal or continuous service offer at a discounted price, and the applicability of that price was limited to a predetermined amount of time; and
- require businesses that permit consumers to accept automatic renewal or continuous service offers online to immediately terminate that service online.
On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.” The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act. In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies
The Federal Trade Commission has traditionally responded forcefully to public health and economic crises, and it is doing so again in response to the coronavirus pandemic. The current crisis does present some additional complications, however, because of its impact on the operations of the agency itself. Three particular aspects of the FTC’s consumer protection-related response stand out: (1) continuation of the agency’s scrutiny of false and deceptive product claims that seek to capitalize on the fears of consumers, (2) signs that the agency will work with businesses to accommodate the special pressures of the crisis, and (3) continuation but postponement of other, non-enforcement activities.
The FTC’s first consumer protection priority in response to the coronavirus pandemic has been to focus on especially egregious marketing scams that target particularly vulnerable populations. The FTC has already issued a number of warning letters to sellers of supposed COVID-19 cures ranging from tea to edible silver and to voice over internet protocol (“VoIP”) service providers facilitating illegal coronavirus-related calls. Fraud reports continue to rise rapidly: the FTC has received 7,800 coronavirus-related complaints this year, and almost half of these were filed in the last week.
Continue Reading The FTC’s Response to the Coronavirus Pandemic: Consumer Protection Priorities and Initial Actions