In a recent enforcement action against online alcohol delivery service Drizly and its CEO, James Rellas, the Federal Trade Commission (FTC) made clear its focus on data minimization and limitations on the secondary uses of data. Although the action arose out of a common security failure—the sort that has been the subject of numerous prior
FTC Takes Aim at “Commercial Surveillance”
In an active week for federal regulators, the Federal Trade Commission (FTC) joined the CFPB in announcing important initiatives that may change privacy and data security practices in major ways.
On August 11, the FTC released its Advanced Notice of Proposed Rulemaking, seeking public input on a host of questions relating to what it
Financial Institutions Face Increasingly Stringent Federal Breach Reporting Requirements
The last few months have seen a flurry of new federal cybersecurity incident reporting requirements and proposals impacting private entities in the financial sector. As the number and frequency of cyber attacks continue to grow, regulators have attempted to enhance cybersecurity protections via increased and more rigid incident reporting obligations, leading to a constantly shifting
FTC Chair Announces New Privacy Approach
In a series of recent statements and releases, Lina Khan, the Chair of the FTC, made clear the Commission’s intention to revamp its oversight of consumer data privacy and establish more substantive limits on commercial data collection and processing activities. This plan is motivated in part by the increased adoption of workplace surveillance technologies as well as the “growing recognition that the ‘notice-and-consent’ framework” traditionally used by U.S. businesses may not be sufficient to protect consumer and employee rights. Chairperson Khan hopes to obtain additional funding to help recruit the talent required to develop this new framework, which is designed to bring the FTC “in line with similar agencies internationally.” However, the FTC plans to update its approach to “keep pace with new learning and technological shifts” regardless of whether funding is ultimately obtained.
Continue Reading FTC Chair Announces New Privacy Approach
FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
On September 15, 2021, the Federal Trade Commission (“FTC”) issued a policy statement affirming the applicability of its Health Breach Notification Rule (the “Rule”), 16 CFR Part 318, to health apps and connected devices that are not subject to the Health Insurance Portability and Accountability Act (“HIPAA”) but are capable of drawing information from multiple sources.
Continue Reading FTC Guidance Affirms Breach Notification Obligations for Health Apps and Connected Devices
President Biden nominates Alvaro Bedoya to serve as FTC Commissioner
On Monday, the White House announced the nomination of Alvaro Bedoya to serve as FTC Commissioner. Mr. Bedoya is slated to fill the seat on the Commission currently held by Rohit Chopra, which Mr. Chopra will vacate upon his confirmation as CFPB Director. Mr. Chopra is expected to be confirmed as CFPB Director before the
FTC Workshop Signals Increased Regulatory Focus on Dark Patterns
On April 29, 2021, the Federal Trade Commission (FTC) hosted a virtual workshop, entitled “Bringing Dark Patterns to Light,” to examine “dark patterns.” In her opening remarks, Acting FTC Chairwoman Rebecca Kelly Slaughter broadly described “dark patterns” as “user interface designs that manipulate consumers into taking unintended actions that may not be in their interest.” Chairwoman Slaughter highlighted several examples of dark patterns, including confusing cancellation procedures that force users to navigate multiple screens, online applications that hide the material terms of a product or service through the use of inconspicuous drop down links and auto-scroll features, and the addition of products to users’ shopping carts without their knowledge or consent.
Continue Reading FTC Workshop Signals Increased Regulatory Focus on Dark Patterns
FTC Holds Workshop on Data Portability
On September 22nd, the Federal Trade Commission (FTC) hosted an event, “Data To Go: An FTC Workshop on Data Portability,” to examine the potential benefits and challenges to consumers and competition raised by data portability. Data portability means giving consumers the ability to receive a copy of their data for their own use
Subscription Service Agrees to Pay $10 Million for Automatic Renewal Law Violations
Earlier this month, the Federal Trade Commission (FTC) announced a $10 million settlement with the online learning company ABCmouse for allegedly violating the FTC Act as well as the Restore Online Shoppers’ Confidence Act (ROSCA). The FTC Act prohibits unfair or deceptive acts or practices in or affective commerce. ROSCA makes it illegal to automatically
FTC Holds Workshop on GLBA Safeguards Rule
On July 13, 2020, the Federal Trade Commission (FTC) held a workshop titled “Information Security and Financial Institutions: FTC Workshop to Examine Safeguards Rule.” This workshop discussed the proposed amendments to the Gramm-Leach-Bliley Act’s (GLBA) Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. The GLBA Safeguards Rule