To add to the growing list of federal privacy frameworks introduced this year, Senator Amy Klobuchar (D-MN) has re-introduced the bipartisan Social Media Privacy Protection and Consumer Rights Act of 2021 (S. 1667).  Senator Klobuchar introduced the bill originally in 2018 and 2019, although it did not advance to committee in either instance.  Senators Kennedy (R-LA), Burr (R-NC), and Manchin (D-WV) have co-sponsored the bill.

Key provisions in this bill include:
Continue Reading New Privacy Bill Provides Opt-Out Rights and New Data Security Requirements

This week, Senators Ed Markey (D-Mass.) and Bill Cassidy (R-La.) introduced the Children and Teens’ Online Privacy Protection Act, which would update the Children’s Online Privacy Protection Act (COPPA).  COPPA is the comprehensive federal children’s privacy law enacted in 1998 that regulates the collection, use, and disclosure of personal information online from children under 13.
Continue Reading Senators Markey and Cassidy Introduce Bill to Update the Children’s Online Privacy Protection Act

As the push for Congress to pass comprehensive consumer privacy legislation increases, Rep. Suzan DelBene (D-WA) has re-introduced the Information Transparency & Personal Data Control Act, a compromise proposal that contains provisions sought by both parties.  This bill would create national data privacy standards and increase the enforcement authority of the Federal Trade Commission (FTC) and state attorneys general.
Continue Reading Bill Introduced Would Preempt State Laws and Strengthen FTC Enforcement 

On February 4, 2021, the House Energy and Commerce’s Subcommittee on Consumer Protection and Commerce held a hearing entitled, “Safeguarding American Consumers: Fighting Scams and Fraud During the Pandemic.”  The hearing focused on the FTC’s ability to obtain equitable monetary relief under Section 13(b) of the FTC Act – an issue that is currently being considered by the Supreme Court in AMG Capital Management LLC v. Federal Trade Commission.

To gain a better understanding of the deceptive marketing campaigns seeking to exploit the ongoing public health crisis and the challenges the FTC faces in fighting fraud, the Subcommittee invited Bonnie Patten, Executive Director of TruthInAdvertising.org; Jessica Rich, former Bureau of Consumer Protection Director and Distinguished Fellow of the Institute for Technology Law & Policy at Georgetown Law School; William E. Kovacic, former FTC Chairman and Global Competition Professor of Law at George Washington University Law School; and Traci Ponto, Spokane COPS Crime Victim Advocate at Spokane Community Oriented Policy Services.
Continue Reading Hearing on Consumer Protection During the Pandemic Focuses on FTC’s Equitable Monetary Authority

With a new administration and a new Congress come key leadership changes and new priorities at the Federal Trade Commission (FTC).  The change in administration paves the way for a Democratic-led Commission, though a permanent FTC Chairman and a successor to Commissioner Chopra (who has been nominated to head the Consumer Financial Protection Bureau) might not be confirmed for several months.  In the meantime, President Biden has appointed sitting Commissioner Slaughter to serve as Acting Chair.
Continue Reading What A New Administration Means for the FTC’s Data Privacy & Security Enforcement Agenda

On January 7, the Federal Trade Commission (“FTC”) reached a proposed settlement with Tapjoy, a California-based company that operates an advertising platform within mobile gaming applications.  According to its complaint, the FTC alleges that Tapjoy deceived consumers by failing to provide in-game rewards it promised for completing actions associated with third-party advertisements.
Continue Reading FTC Reaches Settlement with Tapjoy for Allegedly Deceiving Consumers About In-Game Rewards

On May 8, 2020, the Federal Trade Commission (“FTC”) issued a notice soliciting public comment regarding whether changes should be made to its Health Breach Notification Rule (the “Rule”).  The request for comment is part of a periodic review process “to ensure that [FTC rules] are keeping pace with changes in the economy, technology, and business models.”

The Rule, which first went into effect in 2009, applies only to vendors of personal health records (“PHRs”) and other related entities that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”).  A PHR is an electronic record of individually identifiable health information “that can be drawn from multiple sources and is managed, shared, and controlled by or primarily for the individual.”  See 16 C.F.R. § 318.2(d).  Under the Rule, PHR vendors and related entities must notify individuals, the FTC, and possibly the media within 60 days after discovering a breach of unsecured personally identifiable health information, or within 10 days if more than 500 individuals are affected by the breach.
Continue Reading FTC to Consider Changes to the Health Breach Notification Rule

On April 6, 2020, Tapplock, Inc., a Canadian maker of internet-connected smart locks, entered into a settlement with the Federal Trade Commission (“FTC”) to resolve allegations that the company deceived consumers by falsely claiming that it had implemented reasonable steps to secure user data and that its locks were “unbreakable.”  The FTC alleged that these representations amounted to deceptive conduct under Section 5 of the FTC Act.  In its press release accompanying the settlement, the FTC provided guidance for IoT companies regarding the design and implementation of privacy and security measures for “smart” devices, as discussed further below in this post.
Continue Reading IoT Update: FTC Settles with Smart Lock Manufacturer and Provides Guidance for IoT Companies

In response to the COVID-19 outbreak, several U.S. government entities have released warnings about a rise in scams and fraudulent activity connected to the outbreak.  In a recent bulletin, the FBI warned of a rise in phishing emails, counterfeit treatments or equipment for COVID-19 preparedness, and fake emails from the Centers for Disease Control and Prevention (CDC) purporting to provide information about the outbreak.  The FTC, meanwhile, has released not only a general overview of the steps that it is taking to combat scams related to COVID-19, but has also provided a specific list of seven types of COVID-19 scams that it has observed targeting businesses.  More information about these scams, and guidance from the FBI and FTC on how to protect against and respond to some of the most common risks, is below.
Continue Reading COVID-19 Cybersecurity Advice: FTC and FBI Provide Guidance on Cybersecurity Scam Trends and Preventive Measures