Tag Archives: enforcement

EU adopts New Deal for Consumers

On November 8, 2019, the European Union adopted the “Directive Modernizing Consumer Law”. This directive is part of the so-called “New Deal for Consumer” (see here), a package of legislative reforms designed to revise existing EU consumer laws. The main objective of these reforms is to adapt EU consumer protection legislation to the realities of … Continue Reading

New Calculation Model for Data Protection Fines in Germany

Update, September 19, 2019: Further to the reports on its scheme for calculating fines, which prompted requests on the supervisory to publish it, the Datenschutzkonferenz has clarified that fines in individual cases are calculated on the basis of Art. 83(2) GDPR, and that the model is only used on a complimentary basis. Furthermore, the model … Continue Reading

European Commission Issues Report on the Implementation of the GDPR

On July 24, 2019, the European Commission (“the Commission”) published a report appraising Europe’s progress in implementing the General Data Protection Regulation (“GDPR”) as a central component of its revamped data protection framework.  In its report, the Commission highlights certain achievements resulting from implementation efforts, calls attention to issues that require further action, and describes … Continue Reading

EDPS-BEUC Joint Conference on Big Data Promotes Closer Dialogue

Last week, the European Data Protection Supervisor (the “EDPS”), in collaboration with European consumer organisation BEUC, hosted a joint conference on Big Data: individual rights and smart enforcement in Brussels (for the conference agenda, see here).  The conference brought together leading regulators and experts in the areas of competition, data protection and consumer protection, including … Continue Reading

Company Receives Record Fine from UK Regulator For Cold Calling

The UK’s data protection regulator, the Information Commissioner’s Office (“ICO”), has imposed a fine of £350,000 on Prodial Ltd (“Prodial”) for making over 46 million unsolicited automated telephone calls to generate leads in relation to payment protection insurance refunds.  This is the highest fine issued by the ICO to date.… Continue Reading

EU DPA Enforcement Guidance Post-Schrems

Industry eagerly awaits further guidance from data protection authorities (“DPAs”) relating to the EU-U.S. Privacy Shield as well as on the validity (or otherwise) of other mechanisms for transfers to the U.S. such as standard contractual clauses (“SCCs”) and binding corporate rules (“BCRs”).  As we explained in recent posts (here and here), publication of an … Continue Reading

FTC Obtains Record $100 Million Settlement with LifeLock

By Megan Rodgers The FTC announced that the identity theft protection firm LifeLock will pay $100 million to resolve allegations that the company made false statements about its services and failed to safeguard consumer data.  This settlement represents the largest of its kind in an FTC order enforcement action. The FTC first sued LifeLock in … Continue Reading

Global App Review Finds 85% of Apps Have Privacy Shortcomings

In May 2014, the Global Privacy Enforcement Network (“GPEN”) performed its second Global Privacy Sweep, in which 26 privacy enforcement authorities from 19 countries downloaded 1,211 mobile apps and assessed their privacy practices. On September 10, 2014, the Office of the Privacy Commissioner of Canada (“OPC”) published the results of the Sweep (the “OPC Report”). … Continue Reading

FCC Fines Company $2.9 Million for Political Robocalls to Cell Phones

Last week, the Federal Communications Commission announced plans to fine Dialing Services, LLC, nearly $3 million for making illegal “robocalls” to cell phones. The FCC has specific rules for automatic telephone dialing systems, also known as “autodialers,” that have the capacity to produce, store, and dial telephone numbers using a random or sequential number generator. … Continue Reading

FDA Issues Untitled Letter Focused On Promotional Claims On Facebook

FDA has previously included claims made on Facebook or other social media platforms along with broader allegations of misbranding using a variety of sources in its enforcement letters . . . [b]y contrast, the present untitled letter focuses solely on a single statement on a Facebook page, and does not take issue with any statements outside the Facebook page.… Continue Reading

Dissuading Companies from Violating Data Protection Rules: Senior European Commission Official Calls for ‘Significant’ Fines

By Charlotte Ryckman & Jetty Tielemans Speaking at Berkeley’s Online Tracking Workshop today, Françoise Le Bail, Director-General of the European Commission’s DG Justice (the leading department regarding the EU data protection reforms) confirmed the European Commission’s vision that the EU needs stronger penalties in order to ensure effective enforcement of European data protection rules. Ms. … Continue Reading

SEC Exams of Asset Managers to Include Focus on Cybersecurity

Routine SEC examinations of investment advisers and investment companies this year will include scrutiny of these entities’ cybersecurity policies, an SEC official told attendees Thursday at a national agency-hosted compliance seminar. The SEC’s Regulation S-P, which implements the federal Gramm-Leach-Bliley Act, requires brokers, dealers, investment companies, and registered investment advisers to “adopt policies and procedures … Continue Reading

HHS Announces First HIPAA Settlement Based on Lack of Breach Notification Policies and Procedures

By Anna Kraus On December 27, 2013, the Office for Civil Rights (OCR) within the Department of Health and Human Services (HHS) announced a HIPAA settlement with Adult & Pediatric Dermatology, P.C. (APDerm), a private dermatology practice with locations in Massachusetts and New Hampshire.  According to HHS, this is the first settlement based on a … Continue Reading

HHS Settles HIPAA Privacy Case With California Medical Center

By Anna Kraus The Department of Health and Human Services (HHS) announced on June 14 that it reached a settlement with Shasta Regional Medical Center (SRMC) in California over potential violations of the HIPAA Privacy Rule.  Under the settlement, SRMC agreed to pay $275,000 and implement a comprehensive corrective action plan (CAP). HHS’s investigation was … Continue Reading

FTC Official Highlights FCRA Enforcement as a High Priority

Earlier this month, Maneesha Mithal, Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, testified before the U.S. Senate Subcommittee on Consumer Protection, Product Safety, and Insurance regarding consumer report accuracy and the FTC’s efforts to improve accuracy through education and enforcement.  Her testimony emphasized the impact that consumer report errors may … Continue Reading

FTC’s Current Enforcement Priorities: Infographic

Speaking at a seminar hosted by the International Association of Privacy Professionals, Assistant Director Chris Olsen and Senior Attorney Peder Magee, both of the Federal Trade Commission’s Division of Privacy and Identity Protection, provided a useful overview of the FTC’s recent enforcement actions and current enforcement priorities.  Based on this discussion, the following infographic identifies the … Continue Reading

Google Fined by German Data Protection Authority Over WiFi Data Collection

The data protection authority in Hamburg, Germany, issued an administrative fine in the amount of € 145,000 against Google for its illegal WiFi data collection activities. This fine fell just short of the maximum amount for such fines under German data protection law, which is € 150,000 (in cases of negligence).  Between 2008 and 2010, … Continue Reading

Mexico’s DPA Begins Enforcing Data Protection Law

BNA is reporting that Mexico’s data protection authority, the Federal Institute for Access to Information and Data Protection (IFAI), will issue a fine of $1 million against one of Mexico’s largest banks for violating the country’s Federal Law on the Protection of Personal Data in Possession of Private Parties.  The action against the bank — … Continue Reading

FTC Finalizes Settlements with Companies for Exposing Sensitive Consumer Information through Installation of Peer-to-Peer File Sharing Software

On October 26, 2012, the FTC finalized settlements with Georgia auto dealer Franklin Budget Car Sales, Inc. and Utah-based debt collector EPN Inc. over charges that each company illegally exposed sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems.  The final settlements follow a notice-and-comment period … Continue Reading

Wyndham: FTC Lacks Authority to Regulate Data Security

Earlier this week, Wyndham Hotels & Resorts LLC moved to dismiss the complaint filed against it by the Federal Trade Commission in connection with Wyndham’s data security practices, asserting that the FTC has neither the authority nor the expertise to regulate them. As we previously noted, the FTC filed a complaint against Wyndham in June … Continue Reading

California AG Creates New Privacy Enforcement and Protection Unit

California Attorney General Kamala Harris yesterday announced the creation of a Privacy Enforcement and Protection Unit in her office that will focus on protecting consumer and individual privacy through civil prosecution of federal and state privacy laws.  The Unit will be staffed by six prosecutors who will focus on privacy enforcement.  Joanne McNabb, formerly of … Continue Reading

The FTC’s Lawsuit Against Wyndham

By Ryan Mowery Last week, the FTC filed suit in federal court against global hospitality firm Wyndham Worldwide Corporation in connection with a series of data breaches affecting Wyndham and its subsidiaries between 2008 and 2010.  The complaint alleges that Wyndham misrepresented the security measures it employed to protect consumers’ personal information and that consumers … Continue Reading
LexBlog