Last week, Senators Richard Blumenthal (D-CT) and Marsha Blackburn (R-TN) introduced the bipartisan Kids Online Safety Act (“KOSA”), which would impose new safeguards, tools, and transparency requirements for minors online. The bill applies to entities that are a “commercial software application or electronic service that connects to the internet and that is used, or is
On January 4, 2022, the Federal Trade Commission published a warning to companies and their vendors to take reasonable steps to remediate the Log4j vulnerability (CVE-2021-44228). The FTC provided a list of recommended remedial actions for companies using the Log4j software. The FTC’s warning references obligations under the FTC Act and Gramm Leach Bliley Act (“GLBA”) to take reasonable action to remediate vulnerabilities, and hints at potential inquiries and enforcement actions against companies and vendors that fail to do so. As the FTC notes in its warning, the “FTC intends to use its full legal authority to pursue companies that fail to take reasonable steps to protect consumer data from exposure as a result of Log4j, or similar known vulnerabilities in the future.” …
Continue Reading FTC Warns Companies to Remediate the Log4j Vulnerability and Hints at Potential Enforcement Actions
On December 10th, the Federal Trade Commission (FTC) published a Statement of Regulatory Priorities that announced the agency’s intent to initiate rulemakings on issues such as privacy, security, algorithmic decision-making, and unfair methods of competition. …
Continue Reading FTC Announces Regulatory Priorities for Both Privacy and Competition
On September 29, 2021, the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “Protecting Consumer Privacy.” The hearing centered on strengthening consumer privacy rights, including by increasing the FTC’s resources and creating a comprehensive federal privacy law.
To explore these issues, the Committee invited David Vladeck, Professor and Faculty Director of the Center on Privacy and Technology at Georgetown Law and former Director of the FTC Bureau of Consumer Protection; Morgan Reed, President of The App Association; Maureen Ohlhausen, Partner and Section Chair (Antitrust & Competition Law) at Baker Botts and former Acting Chairman of the FTC; and Ashkan Soltani, Independent Researcher and Technologist and former Chief Technologist of the FTC.
Continue Reading Consumer Privacy Hearing Focuses on Expanding FTC Resources, Creating Federal Privacy Law
On September 15, the Federal Trade Commission (“FTC”) adopted, on a 3-2 party-line vote, a policy statement that takes a broad view of which health apps and connected devices are subject to the FTC’s Health Breach Notification Rule (the “Rule”) and what triggers the Rule’s notification requirement.
The Rule was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act. Under the Rule, vendors of personal health records that are not otherwise regulated under the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify individuals, the FTC, and, in some cases, the media following a breach involving unsecured identifiable health information. Third-party service providers also are required to notify covered vendors of any breach.
Continue Reading FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices
Yesterday, Rep. Kathy Castor (D-FL) introduced an updated version of the “Protecting the Information of our Vulnerable Children and Youth Act” (Kids PRIVCY Act), which would make broad changes the Children’s Online Privacy Protection Act (COPPA). Rep. Castor introduced a similar bill in early 2020, but it stalled alongside other proposals to overhaul the federal children’s privacy law last year.
Continue Reading Rep. Castor Reintroduces Bill to Rewrite the Children’s Online Privacy Protection Act
To add to the growing list of federal privacy frameworks introduced this year, Senator Amy Klobuchar (D-MN) has re-introduced the bipartisan Social Media Privacy Protection and Consumer Rights Act of 2021 (S. 1667). Senator Klobuchar introduced the bill originally in 2018 and 2019, although it did not advance to committee in either instance. Senators Kennedy (R-LA), Burr (R-NC), and Manchin (D-WV) have co-sponsored the bill.
Key provisions in this bill include:…
Continue Reading New Privacy Bill Provides Opt-Out Rights and New Data Security Requirements
As the push for Congress to pass comprehensive consumer privacy legislation increases, Rep. Suzan DelBene (D-WA) has re-introduced the Information Transparency & Personal Data Control Act, a compromise proposal that contains provisions sought by both parties. This bill would create national data privacy standards and increase the enforcement authority of the Federal Trade Commission (FTC) and state attorneys general. …
Continue Reading Bill Introduced Would Preempt State Laws and Strengthen FTC Enforcement
With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC). The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might not be confirmed for several months. In the meantime, President Biden has appointed sitting Commissioner Slaughter to serve as Acting Chair.
Continue Reading What A New Administration Means for the FTC’s Data Privacy & Security Enforcement Agenda
On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications. According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards