On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

On September 3, 2019, the Federal Trade Commission (“FTC”) announced settlement agreements with five companies for alleged false claims of certification under the EU-U.S. and Swiss-U.S. Privacy Shield frameworks (collectively, “Privacy Shield”).  These settlements indicate that the FTC is continuing to actively enforce Privacy Shield commitments, as it has done with respect to several other

Mobile phone manufacturer BLU Products, Inc. entered into a settlement agreement with the FTC last week to resolve allegations that one of BLU’s China-based vendors collected personal information about its consumers without proper consent.

The settlement agreement, which took the form of a consent order, applies not only to BLU but also to its CEO and any other companies he owns and controls.  It requires that the company clarify its disclosures regarding customer data use and protection. It also requires BLU to implement a new data security program. In the new security program, BLU must address security risks related to the development and management of new and existing covered devices and must better protect the security, confidentiality, and integrity of personal information. These improved protections include developing and using reasonable steps to select and retain service providers capable of appropriately safeguarding consumer personal information. “Personal information” is defined in this context to include persistent identifiers such as cookies.
Continue Reading Mobile Phone Manufacturer Settles with FTC Over Allegations that Its Vendor Collected Personal Data without Consent

The FTC announced today that it has reached a settlement with the operators of AshleyMadison.com (Ashley Madison) for alleged data security deficiencies and deceptive trade practices.  According to the FTC, Ashley Madison, a dating website for married individuals, was hacked in July 2015, leading to the release of 36 million users’ account and profile information.  FTC Chairwoman Edith Ramirez referred to the case as “one of the largest data breaches that the FTC has investigated to date.”

According to the FTC’s complaint, despite Ashley Madison’s representations that it was “100% secure” and “risk free,” the website failed to implement reasonable data security practices.  Specifically, the FTC cited several data security failures, including the lack of a written information security policy, reasonable access controls, employee data security training, or oversight over third-party service providers, and a failure to use “readily available security measures” to monitor its systems.  The complaint also alleged that Ashley Madison staff deceptively created fake profiles as a way to attract users, with no way for users to tell real profiles from fake ones.
Continue Reading Ashley Madison Settles Data Security and Deception Charges

A U.S. district court has approved the Federal Trade Commission’s $22.5 million settlement with Google.  The FTC had charged that Google misrepresented to users of Apple’s Safari browser that it would not place tracking cookies or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC. 

The settlement is

Today the Federal Trade Commission has announced its approval of a consent decree to settle charges that Google misrepresented to users of Apple’s Safari browser that it would not place tracking “cookies” or serve targeted ads to those users, violating an earlier privacy settlement between the company and the FTC.  The decree requires Google to pay a