The Federal Trade Commission (FTC) has been actively flexing its authority as a privacy regulator in recent months. The agency has been especially focused on identifying data practices it views to be “unfair”, thereby...more
9/9/2024
/ Consent Order ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Marketing ,
Misrepresentation ,
Security and Privacy Controls ,
Third-Party Service Provider ,
Web Browsers ,
Web Tracking
On June 18, the California Attorney General (“AG”) and Los Angeles City Attorney announced a settlement with Tilting Point Media, the maker of a mobile app game called “SpongeBob: Krusty Cook-Off,” resolving allegations that...more
6/28/2024
/ California Consumer Privacy Act (CCPA) ,
COPPA ,
Enforcement Actions ,
Online Safety for Children ,
Opt-In ,
Parental Consent ,
Popular ,
Privacy Policy ,
Settlement ,
State Attorneys General ,
Website Design
On April 2, the California Privacy Protection Agency (CPPA or “the Agency”) issued the Agency’s first-ever enforcement advisory. The advisory (“Applying Data Minimization to Consumer Requests”) reaffirms data minimization as...more
This post is part of a series of articles we are doing on 2023 data protection litigation trends.
While the California Consumer Privacy Act (CCPA) is most known for its onerous privacy compliance obligations, the law also...more
3/4/2024
/ California Consumer Privacy Act (CCPA) ,
Class Action ,
Consumer Privacy Rights ,
Corporate Counsel ,
Data Breach ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
Personal Information ,
Private Right of Action ,
Right To Cure ,
Security and Privacy Controls ,
State Attorneys General ,
Statutory Damages ,
U-Haul ,
Wells Fargo
On February 21, the California Attorney General (“AG”) announced a settlement with DoorDash, an online food delivery service, to resolve allegations that the company violated the California Consumer Privacy Act (CCPA) and...more
3/1/2024
/ Advertising ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Civil Monetary Penalty ,
Compliance ,
Consumer Privacy Rights ,
Data Selling ,
Data-Sharing ,
DoorDash ,
Enforcement Actions ,
Enforcement Priorities ,
Personal Information ,
Sephora ,
State Attorneys General ,
Statutory Violations ,
Stipulated Judgment ,
Third-Party
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
2/23/2024
/ Consent Agreements ,
Cybersecurity ,
Data Breach ,
Data Retention ,
Data Security ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internal Data Controls ,
Misleading Statements ,
Personal Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Third-Party Service Provider
On January 9, 2024, the Federal Trade Commission (FTC) issued its first ever prohibition on the use, sale and disclosure of sensitive location data against X- Mode Social and Outlogic (“X-Mode”), a location data broker. Only...more
2/12/2024
/ Data Brokers ,
Data Collection ,
Data Deletion ,
Data Processors ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Informed Consent ,
Location Data ,
Location Privacy ,
Sensitive Personal Information
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
1/25/2024
/ Advertising ,
Artificial Intelligence ,
Biometric Information ,
Civil Monetary Penalty ,
Compliance ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
HIPAA Breach Notification Rule ,
Rite Aid ,
Sensitive Personal Information
As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more
1/17/2024
/ Adtech ,
Artificial Intelligence ,
Audits ,
Biden Administration ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Rulemaking Process ,
Sensitive Personal Information ,
State Privacy Laws
On December 19, 2023, the Federal Trade Commission (FTC) announced an enforcement action against the retail pharmacy Rite Aid for unfair practices associated with its use of a facial recognition technology (FRT) surveillance...more
1/15/2024
/ Artificial Intelligence ,
Biometric Information ,
Customer Privacy ,
Customers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Pharmacies ,
Retailers ,
Risk Assessment ,
Rite Aid ,
Surveillance ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
On December 20, the Federal Trade Commission (FTC or “the Commission”) published a notice of proposed rulemaking (NPRM) proposing amendments to the Children’s Online Privacy Protection Rule (the “COPPA Rule” or the “Rule”)....more
1/15/2024
/ Biometric Information ,
COPPA ,
Data Security ,
Enforcement Actions ,
Exceptions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Notice Requirements ,
NPRM ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Proposed Amendments ,
Public Schools ,
Safe Harbors ,
Websites
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
On June 27, the Federal Trade Commission (FTC) announced an enforcement action against Publishers Clearing House (PCH) in connection with the company’s long-running sweepstakes promotions. Though the FTC’s complaint alleges a...more
7/18/2023
/ Advertising ,
CAN-SPAM Act ,
Consumer Privacy Rights ,
Contests & Promotions ,
Data Collection ,
Data-Sharing ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Personal Data ,
Privacy Policy ,
Sweepstakes ,
Targeted Digital Advertising
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
On March 9, 2023, the Securities and Exchange Commission (SEC) reached a settlement with Blackbaud – a client relationship management (CRM) service provider for nonprofits – over allegations that Blackbaud (i) made materially...more
On Thursday, March 2, the FTC announced an enforcement action against BetterHelp, Inc., an online mental health counseling service, relating to claims that the company’s collection and use of consumer health data were unfair...more
3/8/2023
/ Advertising ,
Data Breach ,
Data Privacy ,
Enforcement Actions ,
Enforcement Authority ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
FTC Act ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
LGBTQ ,
Mental Health ,
Pharmacies ,
Section 5 ,
Settlement ,
Telehealth ,
Unfair or Deceptive Trade Practices
On February 17, 2023, the state attorneys general of Pennsylvania and Ohio reached a settlement with Ohio-based DNA Diagnostics Center (“DDC”) for a 2021 data breach that affected 2.1 million individuals nationwide and...more
2/23/2023
/ Clinical Laboratories ,
Cybersecurity ,
Data Breach ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Laboratories ,
Material Misstatements ,
PHI ,
Settlement ,
State Attorneys General ,
Statutory Violations
On February 1, 2023, the Federal Trade Commission (FTC) reached a settlement with digital health platform GoodRx for sharing users’ personal health information with third parties without properly disclosing their data...more
On December 19, the Federal Trade Commission (FTC) reached two separate record-breaking settlements with Epic Games, Inc. (“Epic”) over allegations, among others, that the Fortnite video game maker knowingly violated the...more
On August 24, 2022, California Attorney General Rob Bonta (“CA AG”) announced a $1.2 million settlement with Sephora, Inc. (“Sephora”), marking the first announced enforcement action under the California Consumer Privacy Act...more
State Attorneys General settle with Wawa, Inc. for 2019 data breach that compromised approximately 34 million payment cards used by consumers.
On July 26, 2022, Acting New Jersey Attorney General Matthew J. Platkin...more
On May 16, 2022, the European Data Protection Board (EDPB), the independent body of data protection supervisors that promotes consistent data protection rules and application thereof throughout the European Union (EU),...more
5/31/2022
/ Artificial Intelligence ,
Biometric Information ,
Corporate Counsel ,
Corporate Fines ,
Data Protection Authority ,
Enforcement Actions ,
EU ,
European Data Protection Board (EDPB) ,
Facial Recognition Technology ,
General Data Protection Regulation (GDPR) ,
Law Enforcement ,
New Guidance ,
Personal Data ,
Right to Privacy