On Thursday, March 7, 2024, the U.S. Senate confirmed two nominees for the open seats on the Federal Trade Commission: Andrew N. Ferguson, former solicitor general of the Commonwealth of Virginia; and Melissa Holyoak, former solicitor general with the Utah Attorney General’s Office. With this confirmation of two new Republican Commissioners, the FTC is one step closer to a full slate of five bipartisan Commissioners. The Senate also re-confirmed Commissioner Rebecca Kelly Slaughter for a second term. President Biden had nominated Ferguson and Holyoak on July 11, 2023, and renominated Slaughter on February 13, 2023. Continue Reading FTC Returns to Bipartisan Commission with Confirmation of Two New Republican Commissioners
Uncategorized
FTC Announces Proposed Consent Orders Related to Location Data
The FTC recently announced proposed consent orders with Outlogic (formerly X-Mode Social) and InMarket Media concerning their collection and monetization of precise geolocation data. Both companies collect location data using software development kits (“SDKs”) installed in first and third party apps, among other data sources. According to the FTC’s complaints, Outlogic sold this data to third parties (including in a manner that revealed consumer’s visits to sensitive locations) without obtaining adequate consent, and InMarket used this data to facilitate targeted advertising without notifying consumers that their location data will be used for targeted advertising. In both cases, the FTC alleged that these acts and practices constituted unfair and/or deceptive acts or practices under Section 5 of the FTC Act. Continue Reading FTC Announces Proposed Consent Orders Related to Location Data
Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers
On January 29, 2024, the Department of Commerce (“Department”) published a proposed rule (“Proposed Rule”) to require providers and foreign resellers of U.S. Infrastructure-as-a-Service (“IaaS”) products to (i) verify the identity of their foreign customers and (ii) notify the Department when a foreign person transacts with that provider or reseller to train a large artificial intelligence (“AI”) model with potential capabilities that could be used in malicious cyber-enabled activity. The proposed rule also contemplates that the Department may impose special measures to be undertaken by U.S. IaaS providers to deter foreign malicious cyber actors’ use of U.S. IaaS products. The accompanying request for comments has a deadline of April 29, 2024.Continue Reading Department of Commerce Issues Proposed Rule to Regulate Infrastructure-as-a-Service Providers and Resellers
U.S. Tech Legislative, Regulatory & Litigation Update – Fourth Quarter 2023
A new post on the Covington Inside Global Tech blog highlights key legislative, regulatory, and litigation developments in the fourth quarter of 2023 and early January 2024 related to technology issues. These included developments related to artificial intelligence (“AI”), connected and automated vehicles (“CAVs”), data privacy, and cybersecurity. As noted by the post, some of…
U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting Obligations
On December 14, 2023, the U.S. Senate passed the Revising Existing Procedures on Reporting via Technology (“REPORT”) Act (S. 474), which, among other provisions, would impose new obligations on providers to report additional categories of online child sexual abuse material (“CSAM”) under 18 U.S.C. § 2258A. Continue Reading U.S. Senate Passes REPORT Act to Expand Scope of CSAM Reporting Obligations
FTC Enters Consent Decree with Direct-to-Consumer Genetic Testing Company On Heels of Other Significant Health and Genetic Privacy Developments
On Friday, the FTC announced that was entering a consent decree with 1Health.io Inc., which also does business as Vitagene, Inc. This is the fourth health-related FTC enforcement action announced this year (see here and here).
In addition, it comes on the heels of Virginia, Montana, and, as recently as last week, Texas joining California, Utah, and Arizona in adopting legislation specifically regulating the privacy practices of direct-to-consumer genetic testing companies. The recently adopted Montana law has a broader scope and narrower exceptions that raise questions about whether it will impede research, whereas the Texas law adopted last week is more similar to the other state models. Continue Reading FTC Enters Consent Decree with Direct-to-Consumer Genetic Testing Company On Heels of Other Significant Health and Genetic Privacy Developments
DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI
On April 25, 2023, four federal agencies — the Department of Justice (“DOJ”), Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Equal Employment Opportunity Commission (“EEOC”) — released a joint statement on the agencies’ efforts to address discrimination and bias in automated systems. Continue Reading DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI
Washington’s My Health My Data Act Passes State Senate
Washington’s My Health My Data Act (“HB 1155” or the “Act”), which would expand privacy protections for the health data of Washington consumers, recently passed the state Senate after advancing through the state House of Representatives. Provided that the House approves the Senate’s amendments, the Act could head to the governor’s desk for signature in the coming days and become law. The Act was introduced in response to the United States Supreme Court’s Dobbs decision overturning Roe v. Wade. If enacted, the Act could dramatically affect how companies treat the health data of Washington residents.
This blog post summarizes a few key takeaways in the statute.Continue Reading Washington’s My Health My Data Act Passes State Senate
The Colorado AG Posts Revised Draft Regulations
Recently, the Colorado Attorney General’s office posted a revised draft of the regulations implementing the Colorado Privacy Act. The revisions made a number of changes, and we highlight a few key ones below.
- Specifying that the dark patterns provisions apply in certain circumstances only. The rules clarify that the rules governing dark patterns apply only
Inside Privacy Audiocast: Episode 20 – Competition and Privacy Series: The EU’s Digital Markets Act
On Episode 20 of Covington’s Inside Privacy Audiocast, Dan Cooper, Co-Chair of Covington’s Data Privacy and Cyber Security practice, and Christian Ahlborn, Partner in Covington’s Competition practice, discuss the recently enacted EU Digital Markets Act (DMA) in the first part of our “Competition and Privacy” mini series.
For more information on the DMA…