In a ruling with implications for both net neutrality and privacy, the Ninth Circuit ruled en banc today that the common carrier exemption in Section 5 of the FTC Act is activity-based, reversing a 2016 panel ruling that the exemption was status-based. Today’s decision bolsters the FTC’s authority to bring consumer protection (including privacy) and … Continue Reading
Representative Marsha Blackburn (R-TN) has introduced a bill, the “Balancing the Rights of Web Surfers Equally and Responsibly Act of 2017” (“BROWSER Act,” H.R. 2520) that would create new online privacy requirements. The BROWSER Act would require both ISPs and edge providers (essentially any service provided over the Internet) to provide users with notice of … Continue Reading
The Ninth Circuit announced today that the full court will rehear the case in which the three-judge panel opinion had dismissed the FTC’s lawsuit against AT&T for allegedly violating Section 5 of the FTC Act due to past “throttling” practices around unlimited data plans. According to the panel opinion, the FTC lacked jurisdiction over AT&T’s … Continue Reading
The FTC announced today that it has reached a settlement with the operators of AshleyMadison.com (Ashley Madison) for alleged data security deficiencies and deceptive trade practices. According to the FTC, Ashley Madison, a dating website for married individuals, was hacked in July 2015, leading to the release of 36 million users’ account and profile information. … Continue Reading
Aura Labs, Inc. (Aura) has settled the FTC’s charges that it deceived consumers in relation to its mobile blood pressure app. The FTC’s complaint alleged that Aura deceptively claimed the app was as accurate as traditional blood pressure cuffs, and also that Aura’s owner posted a 5-star review of the app without disclosing his connection … Continue Reading
In an order released last week, the Eleventh Circuit temporarily delayed enforcement of the Federal Trade Commission’s (FTC) order in the LabMD case. As we reported earlier, the FTC ruled in July that LabMD’s data security practices violated the FTC Act, clarifying and expanding upon the FTC’s authority to regulate corporate data security practices. After … Continue Reading
By Catlin Meade and Jenny Martin On August 31, 2016 the FTC posted a blog addressing whether compliance with the NIST Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”) necessarily constitutes compliance with FTC cybersecurity practices. The FTC answers this question with a resounding “No” and specifically states: “there’s really no such thing as ‘complying … Continue Reading
In an opinion released today, the Ninth Circuit dismissed the Federal Trade Commission’s (“FTC”) lawsuit against AT&T for violating Section 5 of the FTC Act due to its throttling practices. AT&T’s practice of throttling the speed of customers with unlimited data plans once they reached a certain data usage threshold had been challenged by the … Continue Reading
The Federal Trade Commission (FTC) issued a unanimous opinion and order today, vacating the Administrative Law Judge’s (ALJ) initial decision and finding that LabMD’s data security practices were “unfair” under Section 5 of the FTC Act. In August 2013, the FTC issued a complaint against LabMD, alleging that its failure to implement adequate data security … Continue Reading
Earlier this week, the Ninth Circuit heard oral argument in AT&T’s appeal of a lower court decision to not dismiss the Federal Trade Commission’s (FTC’s) complaint alleging that AT&T misled consumers by limiting its “unlimited” data plan for mobile customers. As we previously reported, in October 2014 the FTC filed a complaint alleging that AT&T … Continue Reading
On Friday, March 27, 2015, the Federal Trade Commission and Wyndham Worldwide Corp. filed supplemental briefing in the Third Circuit regarding whether the FTC had made an adjudicative decision that the FTC Act prohibits unreasonable cybersecurity practices and, if not, whether a federal court could hear a case charging a violation of the FTC Act … Continue Reading
Last week AT&T filed a Reply in support of its Motion to Dismiss challenging the Federal Trade Commission’s (FTC’s) attempt to exercise jurisdiction over the company pursuant to Section 5 of the FTC Act. As we previously reported, the FTC filed a complaint against AT&T alleging that the company misled consumers by reducing the data … Continue Reading
Last week the Federal Trade Commission (FTC) opposed a Motion to Dismiss filed by AT&T that challenged the FTC’s attempt to exercise jurisdiction over the company in connection with certain of its mobile broadband service activities. As we previously reported, the FTC filed a complaint against AT&T in late 2014 alleging that AT&T engaged in … Continue Reading
Earlier this week, U.S. District Court Judge Esther Salas directed the Federal Trade Commission (“FTC”) and Wyndham Hotels and Resorts to seek mediation to resolve their landmark dispute over whether the FTC has the authority to regulate companies’ data-security practices. As we’ve previously reported, the FTC alleged that Wyndham violated Section 5 of the FTC … Continue Reading
Last week, a federal judge in the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss the FTC’s complaint alleging Wyndham violated the FTC Act by failing to provide reasonable security for its customers’ personal information. This Covington E-Alert provides a detailed look at the parties’ arguments and the court’s holdings in … Continue Reading
Earlier today, in a long-awaited decision, Judge Salas of the District of New Jersey denied Wyndham Hotels and Resorts’ motion to dismiss a Federal Trade Commission (“FTC”) lawsuit alleging Wyndham violated Section 5 of the FTC Act by failing to provide “reasonable” security for the personal information of its customers. The case has been closely watched … Continue Reading
Today, the Federal Trade Commission announced settlements with two mobile app makers that allegedly failed to provide reasonable security for the personal information collected in connection with their apps. In complaints against Credit Karma, Inc. and Fandango LLC, the FTC alleged that both companies’ apps failed to validate SSL certificates, a security shortcoming that could … Continue Reading
Today, the Federal Trade Commission is defending its authority to enforce Section 5 of the FTC Act against Wyndham Hotels in connection with alleged lax data security procedures. Following several publicized data security breaches, the FTC investigated Wyndham and concluded that the hotel company failed to employ “reasonable and appropriate” data security practices, citing, for … Continue Reading
Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent. The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) … Continue Reading
Earlier this week, Wyndham Hotels & Resorts LLC moved to dismiss the complaint filed against it by the Federal Trade Commission in connection with Wyndham’s data security practices, asserting that the FTC has neither the authority nor the expertise to regulate them. As we previously noted, the FTC filed a complaint against Wyndham in June … Continue Reading
By Ryan Mowery Last week, the FTC filed suit in federal court against global hospitality firm Wyndham Worldwide Corporation in connection with a series of data breaches affecting Wyndham and its subsidiaries between 2008 and 2010. The complaint alleges that Wyndham misrepresented the security measures it employed to protect consumers’ personal information and that consumers … Continue Reading
By Brian Ryoo The Federal Trade Commission (“FTC”) reached separate settlements with two companies it had accused of exposing sensitive personal information through peer-to-peer (“P2P”) file-sharing software installed on their corporate networks. The complaints filed against the companies alleged that the companies failed to have in place adequate information security policies and procedures, risk assessment … Continue Reading
In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC. Weitzner emphasized that … Continue Reading
Speaking at the American Bar Association’s annual meeting in Toronto, Commissioner Brill informed the audience that “We will soon be seeing some enforcement actions on [mobile] apps.” Commissioner Brill emphasized that Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices, applies to mobile applications and criticized many app developers for … Continue Reading
