Section 5

Path, a social networking mobile app, has agreed to enter into a settlement with the Federal Trade Commission (“FTC”) regarding charges that the company deceived consumers by collecting contact information from users’ mobile address books without notice and consent.  The agreement also resolves charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) by collecting personal information from children under  13 years old without parental notice and consent.  Path did not admit any liability by entering into the consent decree, which is for settlement purposes only.

The FTC alleged that the Path application included an “Add Friends” feature that allowed users to make new connections within the app.  Users were given three options when using the “Add Friends” functionality:  “Find friends from your contacts,” “Find Friends from Facebook,” or “Invite friends to join Path by email or SMS.”  Regardless of which option was chosen, Path automatically collected and stored contact information from the address book on the user’s mobile phone.  The FTC argued that this practice was contrary to representations made in the company’s privacy policy that only certain technical information, such as IP address, browser type, and site activity information, was automatically collected from the user.  Under the settlement, Path agreed to implement a comprehensive privacy program and obtain biennial, independent privacy assessments for the next twenty years. Continue Reading FTC Settles Deception, COPPA Charges Against Social Networking App Path

Earlier this week, Wyndham Hotels & Resorts LLC moved to dismiss the complaint filed against it by the Federal Trade Commission in connection with Wyndham’s data security practices, asserting that the FTC has neither the authority nor the expertise to regulate them.

As we previously noted, the FTC filed a complaint against Wyndham in June — the first data security enforcement action to be litigated instead of being resolved by settlement.  Wyndham has now moved to dismiss the complaint, calling the FTC’s case “a classic example of agency overreaching.”

As we previously noted, the FTC filed a complaint against Wyndham in June — the first data security enforcement action to be litigated instead of being resolved by settlement.  Earlier this week, Wyndham has now moved to dismiss the complaint, calling the FTC’s case “a classic example of agency overreaching.”  

Continue Reading Wyndham: FTC Lacks Authority to Regulate Data Security

By Ryan Mowery

Last week, the FTC filed suit in federal court against global hospitality firm Wyndham Worldwide Corporation in connection with a series of data breaches affecting Wyndham and its subsidiaries between 2008 and 2010.  The complaint alleges that Wyndham misrepresented the security measures it employed to protect consumers’ personal information and that consumers were harmed by Wyndham’s failures to provide reasonable security for that information.  The FTC asserts that the alleged misrepresentations amounted to “deception” in violation of Section 5 of the FTC Act, while the failure to employ reasonable security measures violated the FTC Act’s prohibition against “unfair” acts. Continue Reading The FTC’s Lawsuit Against Wyndham

By Brian Ryoo

The Federal Trade Commission (“FTC”) reached separate settlements with two companies it had accused of exposing sensitive personal information through peer-to-peer (“P2P”) file-sharing software installed on their corporate networks.  The complaints filed against the companies alleged that the companies failed to have in place adequate information security policies and procedures, risk assessment protocols, employee training, or other internal compliance measures.Continue Reading FTC Settles P2P-Related Data Breach Charges Alleging Failure to Provide Appropriate Security

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC.  Weitzner emphasized

Speaking at the American Bar Association’s annual meeting in Toronto, Commissioner Brill informed the audience that “We will soon be seeing some enforcement actions on [mobile] apps.”  Commissioner Brill emphasized that Section 5 of the FTC Act, which prohibits unfair or deceptive acts or practices, applies to mobile applications and criticized many app developers for