Federal Trade Commission

With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC).  The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might not be confirmed for several months.  In the meantime, President Biden has appointed sitting Commissioner Slaughter to serve as Acting Chair.
Continue Reading What A New Administration Means for the FTC’s Data Privacy & Security Enforcement Agenda

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

On Wednesday, January 13, the Supreme Court heard arguments in AMG Capital Management LLC v. Federal Trade Commission.  This case raises the question whether the Federal Trade Commission (FTC) has been properly using Section 13(b) of the FTC Act, the provision authorizing requests for preliminary and permanent injunctions where
Continue Reading FTC Remedial Power Under Scrutiny at U.S. Supreme Court

On September 22, 2020, the Federal Trade Commission (“FTC”) hosted “Data to Go,” a virtual workshop on data portability. The workshop convened experts from civil society, academia, and industry to discuss the potential risks as well as consumer and competition benefits of data portability, as well as issues and best practices related to its implementation in legislative and industry-led initiatives. The discussions emphasized five key themes regarding data portability efforts in the U.S. and globally.
Continue Reading Five Key Themes from the FTC’s Data Portability Workshop

The FTC recently updated Complying with COPPA: Frequently Asked Questions, the set of FAQs meant to provide informal guidance for complying with the Children’s Online Privacy Protection Act and the Commission-issued COPPA Rule.  In an accompanying blog post, the FTC staff emphasized that the revisions to the FAQs “don’t raise new policy issues” and that they were implemented primarily to streamline and reorganize the content “to make the document easier to use.”  While the new FAQs generally only reinforce concepts from recent key settlements, enforcement policy positions, and separately-issued regulatory guidance, some of the updates also provide helpful additional context around specific issues such as mixed audience sites and services, age gates, and common consent mechanisms.
Continue Reading Federal Trade Commission Updates, Streamlines COPPA FAQs

As consumers rely more and more on the “independent” reviews of their peers in choosing products and services, advertisers need to remain vigilant that their role (if any) in disseminating such reviews is fairly disclosed, accurate and not misleading.  The pitfalls in this area were recently illustrated by a pair of enforcement actions brought by the Federal Trade Commission and the National Advertising Division of the Better Business Bureau.  These actions, the latest in a series of similar enforcement efforts, confirm that review sites remain a hotbed of enforcement activity, and both actions serve as good reminders of the standards that review sites must observe to avoid similar actions.

The first of these actions is an FTC enforcement against LendEDU, which centered around the “objective,” “honest,” “accurate,” and “unbiased” rankings of financial products that LendEDU posted to its review site.  The FTC alleged that, far from being objective and honest, these rankings were in fact determined based on compensation from the companies being ranked.  In addition, the FTC alleged that over ninety percent of LendEDU’s “unbiased” positive reviews were in fact written by LendEDU employees and their friends and families.
Continue Reading FTC and NAD Actions Highlight Continued Scrutiny of Online Reviews

On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”).  The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes in the economy, technology, and business models.”

The Rule, which first went into effect in 2009, applies only to vendors of personal health records (“PHRs”) and other related entities that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”).  A PHR is an electronic record of individually identifiable health information “that can be drawn from multiple sources and is managed, shared, and controlled by or primarily for the individual.”  See 16 C.F.R. § 318.2(d).  Under the Rule, PHR vendors and related entities must notify individuals, the FTC, and possibly the media within 60 days after discovering a breach of unsecured personally identifiable health information, or within 10 days if more than 500 individuals are affected by the breach.
Continue Reading FTC to Consider Changes to the Health Breach Notification Rule

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

The Federal Trade Commission has traditionally responded forcefully to public health and economic crises, and it is doing so again in response to the coronavirus pandemic.  The current crisis does present some additional complications, however, because of its impact on the operations of the agency itself.  Three particular aspects of the FTC’s consumer protection-related response stand out: (1) continuation of the agency’s scrutiny of false and deceptive product claims that seek to capitalize on the fears of consumers, (2) signs that the agency will work with businesses to accommodate the special pressures of the crisis, and (3) continuation but postponement of other, non-enforcement activities.

The FTC’s first consumer protection priority in response to the coronavirus pandemic has been to focus on especially egregious marketing scams that target particularly vulnerable populations.  The FTC has already issued a number of warning letters to sellers of supposed COVID-19 cures ranging from tea to edible silver and to voice over internet protocol (“VoIP”) service providers facilitating illegal coronavirus-related calls.  Fraud reports continue to rise rapidly: the FTC has received 7,800 coronavirus-related complaints this year, and almost half of these were filed in the last week.
Continue Reading The FTC’s Response to the Coronavirus Pandemic: Consumer Protection Priorities and Initial Actions