Last week, the FTC announced its release of a staff report discussing key topics from the April 29, 2021 workshop addressing dark patterns. The report states that the FTC will take action when companies employ dark patterns that violate existing laws, including the FTC Act, ROSCA, the TSR, TILA, CAN-SPAM, COPPA, ECOA, or other statutes and regulations enforced by the FTC. The report highlights examples of cases in which the FTC used its authority under these laws and regulations to bring enforcement actions against companies that allegedly used dark patterns. Accordingly, the report builds upon the FTC’s historical approach of using its existing authority to bring enforcement actions in this context.

Continue Reading New FTC Report on Dark Patterns

2021 was another busy year for data privacy regulatory enforcement and litigation. With some distance to reflect on last year, we have prepared this post identifying and describing important trends from 2021 that can help provide insight into what to expect in the data privacy landscape in 2022.

Data Privacy Regulatory Enforcement Trends

Federal Trade Commission (FTC) and state enforcement action in 2021 centered on several key areas, including protecting children.

An FTC enforcement action last year alleged that the maker of an online coloring book application violated the Children’s Online Privacy Protection Act (COPPA) by collecting personal information about children who used the app without notifying their parents and obtaining their consent.  The allegations note that the app included a “Kids” category that was targeted to children.  The FTC further claimed that the app’s social media features collected personal information from users and that some parents, lacking knowledge of these features, may have inadvertently permitted their young children to use the app.
Continue Reading 2021 Trends in Privacy Regulatory Enforcement and Litigation

In a new post on the Covington Digital Health blog, our colleagues discuss recently announced Federal Trade Commission (“FTC”) guidance meant to help companies determine their obligations under the Health Breach Notification Rule (the “Rule”).  The guidance follows the FTC’s September 2021 Policy Statement, which expanded the Rule’s application to the developers of health

On September 15, the Federal Trade Commission (“FTC”) adopted, on a 3-2 party-line vote, a policy statement that takes a broad view of which health apps and connected devices are subject to the FTC’s Health Breach Notification Rule (the “Rule”) and what triggers the Rule’s notification requirement.

The Rule was promulgated in 2009 under the Health Information Technology for Economic and Clinical Health (“HITECH”) Act.  Under the Rule, vendors of personal health records that are not otherwise regulated under the Health Insurance Portability and Accountability Act (“HIPAA”) are required to notify individuals, the FTC, and, in some cases, the media following a breach involving unsecured identifiable health information.  Third-party service providers also are required to notify covered vendors of any breach.
Continue Reading FTC Adopts Policy Statement on Privacy Breaches by Health Apps and Connected Devices

To add to the growing list of federal privacy frameworks introduced this year, Senator Amy Klobuchar (D-MN) has re-introduced the bipartisan Social Media Privacy Protection and Consumer Rights Act of 2021 (S. 1667).  Senator Klobuchar introduced the bill originally in 2018 and 2019, although it did not advance to committee in either instance.  Senators Kennedy (R-LA), Burr (R-NC), and Manchin (D-WV) have co-sponsored the bill.

Key provisions in this bill include:
Continue Reading New Privacy Bill Provides Opt-Out Rights and New Data Security Requirements

This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA).  COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.
Continue Reading Senators Markey and Cassidy Introduce Bill to Update the Children’s Online Privacy Protection Act

As the push for Congress to pass comprehensive consumer privacy legislation increases, Rep. Suzan DelBene (D-WA) has re-introduced the Information Transparency & Personal Data Control Act, a compromise proposal that contains provisions sought by both parties.  This bill would create national data privacy standards and increase the enforcement authority of the Federal Trade Commission (FTC) and state attorneys general.
Continue Reading Bill Introduced Would Preempt State Laws and Strengthen FTC Enforcement 

On February 4, 2021, the House Energy and Commerce’s Subcommittee on Consumer Protection and Commerce held a hearing entitled, “Safeguarding American Consumers: Fighting Scams and Fraud During the Pandemic.”  The hearing focused on the FTC’s ability to obtain equitable monetary relief under Section 13(b) of the FTC Act – an issue that is currently being considered by the Supreme Court in AMG Capital Management LLC v. Federal Trade Commission.

To gain a better understanding of the deceptive marketing campaigns seeking to exploit the ongoing public health crisis and the challenges the FTC faces in fighting fraud, the Subcommittee invited Bonnie Patten, Executive Director of TruthInAdvertising.org; Jessica Rich, former Bureau of Consumer Protection Director and Distinguished Fellow of the Institute for Technology Law & Policy at Georgetown Law School; William E. Kovacic, former FTC Chairman and Global Competition Professor of Law at George Washington University Law School; and Traci Ponto, Spokane COPS Crime Victim Advocate at Spokane Community Oriented Policy Services.
Continue Reading Hearing on Consumer Protection During the Pandemic Focuses on FTC’s Equitable Monetary Authority

With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC).  The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might not be confirmed for several months.  In the meantime, President Biden has appointed sitting Commissioner Slaughter to serve as Acting Chair.
Continue Reading What A New Administration Means for the FTC’s Data Privacy & Security Enforcement Agenda

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards