Federal Trade Commission

The Federal Trade Commission (FTC) issued a unanimous opinion and order today, vacating the Administrative Law Judge’s (ALJ) initial decision and finding that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act.  In August 2013, the FTC issued a complaint against LabMD, alleging that its failure to implement adequate data security measures led to the disclosure of patient information from LabMD’s networks.  As we previously reported, FTC staff appealed the ALJ’s November 2015 initial decision dismissing the FTC’s complaint against LabMD for allegedly “unfair” data security practices.  The Commission’s Chief ALJ had dismissed the complaint on the ground that there was no injury or likelihood of injury to consumers because there was no evidence of misuse of any of the personal information at issue.  The Commission Opinion reverses that finding and holds that injury, for purposes of the FTC Act, was established on a record of insufficient data security protections.

The Commission’s opinion in LabMD further bolsters the FTC’s authority to regulate corporate data security practices, which was affirmed last year by the Third Circuit in Wyndham.  It also clarifies and expands upon the Commission’s interpretation of the unfairness test under Section 5 of the FTC Act as it relates to data security. 
Continue Reading FTC: LabMD’s Data Security Practices Violated the FTC Act

In a blog post published on the Federal Trade Commission (FTC) website, Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, recently stated that:

“we regard data as ‘personally identifiable,’ and thus warranting privacy protections, when it can be reasonably linked to a particular person, computer, or device. In many cases, persistent identifiers such as device identifiers, MAC addresses, static IP addresses, or cookies meet this test.”

The post (which reiterates Ms. Rich’s remarks at the Network Advertising Initiative’s April meeting) suggests a shift in the FTC’s treatment of IP addresses and other numbers that identify a browser or device.   The FTC previously has taken the position that browser and device identifiers are deserving of privacy protections, but the FTC generally has avoided classifying these identifiers as equivalent to personally identifiable information (such as name, email, and address) except in the narrow context of children’s privacy.  (The FTC’s rule implementing the Children’s Online Privacy Protection Act defines “personal information” to include a “persistent identifier that can be used to recognize a user over time and across different Web sites or online services.”)
Continue Reading FTC’s Jessica Rich Argues IP Addresses and Other Persistent Identifiers Are “Personally Identifiable”

A new post on the Covington eHealth blog discusses the new web-based interactive tool released by the FTC, in conjunction with HHS and the FDA, to assist mobile health app developers in navigating applicable federal laws and regulations in the areas of advertising and marketing, medical devices, and data security
Continue Reading FTC Releases Online Tool to Help Health App Developers Identify Applicable Laws

Yesterday, the Federal Trade Commission (“FTC”) announced that it issued warning letters to mobile app developers that installed software created by an entity called Silverpush that could allow third parties to monitor the television-viewing habits of consumers who have downloaded the mobile apps of those developers.  The letters were sent to 12 developers whose apps are available for download in the Google Play store and appear to include the Silverpush software.
Continue Reading FTC Issues Warning Letters to App Developers Using Technology That Could Monitor What Users Watch on TV

By Megan Rodgers

The FTC today announced that it reached a settlement with Lord & Taylor over a native advertisement and promotion that relied on social media “influencers” to promote a particular product.

This was the first native advertising settlement reached by the FTC since it issued its Policy Statement on Native Advertising in December 2015.

The campaign at issue involved Lord & Taylor’s promotion of its Design Lab clothing collection, which featured a paisley asymmetrical dress.  The FTC identified two problems with Lord & Taylor’s practice.
Continue Reading FTC Settles With Lord & Taylor Over Native Advertisement and “Influencer” Promotion

The FTC has cautioned that a recent settlement holds lessons for companies involved in the Internet of Things.  The settlement, announced on Tuesday, was reached with  hardware manufacturer ASUS over concerns that its router products carried certain security vulnerabilities.  Notably, in addition to alleging that ASUS’s actions violated promises to
Continue Reading FTC Settles Deception and Unfairness Charges Against ASUS Over Router Security

Today (February 2nd, 2016), the European Commission and U.S. Government reached political agreement on the new framework for transatlantic data flows.  The new framework – the EU-U.S. Privacy Shield – succeeds the EU-U.S. Safe Harbor framework (for more on the Court of Justice of the European Union decision in the Schrems case declaring the Safe Harbor invalid, see our earlier post here).  The EU’s College of Commissioners has also mandated Vice-President Ansip and Commissioner Jourová to prepare the necessary steps to put in place the new arrangement.
Continue Reading Agreement Reached on New EU-U.S. Safe Harbor: the EU-U.S. Privacy Shield

On January 6, 2016, the Federal Trade Commission issued its staff report on big data, Big Data:  A Tool for Inclusion or Exclusion? Understanding the Issues, following up on the FTC’s workshop on big data in September 2014 and seminar on alternative scoring products in March 2014.  The report provides an overview of the characteristics and lifecycle of big data, summarizes the benefits and risks of big data, and outlines considerations for companies using big data, including potentially relevant laws such as the Fair Credit Reporting Act, equal opportunity laws, and laws prohibiting unfair and deceptive acts or practices.

The report serves as a helpful resource for a company in evaluating the potential uses, benefits, risks, and compliance requirements for big data.  While many companies that already use big data will be familiar with the laws analyzed in the report and how to comply with them, new or emerging companies or companies that do not regularly work with consumer protection or financial services laws should read the report with care to develop an understanding of the legal framework applicable to the use of big data.
Continue Reading The FTC Staff Report on Big Data

On Tuesday, the FTC announced the agenda for PrivacyCon, which is being billed as a “first-of-its-kind event” that will facilitate discussions between researchers and academics about privacy and security.  The FTC also released abstracts for the research that will be presented at the conference, scheduled for January 14.  PrivacyCon follows a call from the FTC last summer to “white hat” researchers and academics for papers on new vulnerabilities and how they might be exploited to harm consumers, as well as research in the area of big data, the Internet of things and consumer attitudes towards privacy.
Continue Reading FTC Releases Agenda for First-Ever PrivacyCon

By Megan Rodgers

The Federal Trade Commission today issued an Enforcement Policy Statement on Deceptively Formatted Advertisements.  The Policy Statement addresses occasions in which certain media outlets blur the traditional line between advertisements and editorial content, and seeks to clarify advertisers’ and publishers’ obligations regarding native advertising and social media.

Native advertisements can take a variety of forms, but all are intended to look “native” to the outlet in which they appear, unlike traditional display or pop-up advertisements.  As native advertisements have become increasingly popular over the last several years, they have also garnered the attention of the FTC.

In December 2013, the FTC held a workshop on native advertising and brought together academicians, publishers, and ad networks.  Around that time, industry groups such as the Interactive Advertising Bureau and the American Society of Magazine Editors created best practices in the area, and the industry anticipated that the FTC would publish additional guidance on the issue.

In a press release accompanying the Policy Statement today, the FTC’s Director of the Bureau of Consumer Protection Jessica Rich said that the “FTC’s policy applies time-tested truth-in-advertising principles to modern media.”  In addition to the Policy Statement, the FTC released an accompanying guidance, “Native Advertising: A Guide for Business,” to help companies understand and comply with the Policy Statement.  The guidance provides examples of when and how to make effective disclosures in native advertisements.
Continue Reading FTC Issues Policy Statement on Native Advertising