The Federal Trade Commission (FTC) has been actively flexing its authority as a privacy regulator in recent months. The agency has been especially focused on identifying data practices it views to be “unfair”, thereby...more
9/9/2024
/ Consent Order ,
Consumer Privacy Rights ,
Cookies ,
Data Collection ,
Data Privacy ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Marketing ,
Misrepresentation ,
Security and Privacy Controls ,
Third-Party Service Provider ,
Web Browsers ,
Web Tracking
On April 7, Representative Cathy McMorris Rodgers (R-Wash.), Chair of the U.S. House Committee on Energy and Commerce Chair, and Senator Maria Cantwell (D-Wash.), Chair of the Senate Committee on Commerce, Science and...more
On February 1, the Federal Trade Commission (FTC or “the Commission”) announced that it had reached a settlement with Blackbaud, a software company, resolving claims related to a 2020 data breach that resulted in the...more
2/23/2024
/ Consent Agreements ,
Cybersecurity ,
Data Breach ,
Data Retention ,
Data Security ,
Encryption ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Internal Data Controls ,
Misleading Statements ,
Personal Information ,
Popular ,
Securities and Exchange Commission (SEC) ,
Settlement ,
Third-Party Service Provider
On January 9, 2024, the Federal Trade Commission (FTC) issued its first ever prohibition on the use, sale and disclosure of sensitive location data against X- Mode Social and Outlogic (“X-Mode”), a location data broker. Only...more
2/12/2024
/ Data Brokers ,
Data Collection ,
Data Deletion ,
Data Processors ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Informed Consent ,
Location Data ,
Location Privacy ,
Sensitive Personal Information
On Thursday, January 25, the Federal Trade Commission’s (FTC) Office of Technology hosted the FTC Tech Summit to discuss key developments in artificial intelligence (AI). The FTC brought together thought leaders from across...more
The Federal Trade Commission (FTC) recently published a post on their Business Guidance Blog discussing lessons learned from three enforcement actions against sellers of genetic testing products. These guidelines address...more
1/25/2024
/ Advertising ,
Artificial Intelligence ,
Biometric Information ,
Civil Monetary Penalty ,
Compliance ,
Data Privacy ,
Data Security ,
Enforcement Actions ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Genetic Testing ,
HIPAA Breach Notification Rule ,
Rite Aid ,
Sensitive Personal Information
As we have detailed previously, 2023 was a landmark year for privacy law, featuring numerous developments at the federal, state and international levels, ranging from newly enacted statutes to massive regulatory enforcement...more
1/17/2024
/ Adtech ,
Artificial Intelligence ,
Audits ,
Biden Administration ,
Breach Notification Rule ,
California Consumer Privacy Act (CCPA) ,
California Privacy Rights Act (CPRA) ,
COPPA ,
Cybersecurity ,
Electronic Protected Health Information (ePHI) ,
Enforcement ,
Enforcement Actions ,
Executive Orders ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Popular ,
Privacy Laws ,
Proposed Legislation ,
Regulatory Requirements ,
Rulemaking Process ,
Sensitive Personal Information ,
State Privacy Laws
On December 19, 2023, the Federal Trade Commission (FTC) announced an enforcement action against the retail pharmacy Rite Aid for unfair practices associated with its use of a facial recognition technology (FRT) surveillance...more
1/15/2024
/ Artificial Intelligence ,
Biometric Information ,
Customer Privacy ,
Customers ,
Data Retention ,
Enforcement Actions ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
Pharmacies ,
Retailers ,
Risk Assessment ,
Rite Aid ,
Surveillance ,
Third-Party Service Provider ,
Unfair or Deceptive Trade Practices
On December 20, the Federal Trade Commission (FTC or “the Commission”) published a notice of proposed rulemaking (NPRM) proposing amendments to the Children’s Online Privacy Protection Rule (the “COPPA Rule” or the “Rule”)....more
1/15/2024
/ Biometric Information ,
COPPA ,
Data Security ,
Enforcement Actions ,
Exceptions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Notice Requirements ,
NPRM ,
Online Platforms ,
Parental Consent ,
Personal Information ,
Proposed Amendments ,
Public Schools ,
Safe Harbors ,
Websites
On November 16, the Federal Trade Commission (FTC) announced an enforcement action against Global Tel*Link Corporation and two of its subsidiaries (collectively, “GTL”), which provide communications and payment services to...more
12/8/2023
/ Breach Notification Rule ,
Corporate Counsel ,
Cyber Incident Reporting ,
Cybersecurity ,
Data Breach ,
Data Security ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Payment Systems ,
Popular ,
Prison ,
Proposed Standards ,
Section 5 ,
Telecommunications ,
Unfair or Deceptive Trade Practices
On November 1, 2023, New York Department of Financial Services (NYDFS or the “Department”) released the finalized revisions (the “Second Amendment”) to 23 NYCRR Part 500 (Part 500) – the most significant modifications to Part...more
11/29/2023
/ Amended Regulation ,
Compliance ,
Compliance Dates ,
Covered Entities ,
Cyber Threats ,
Cybersecurity ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Final Rules ,
Financial Institutions ,
Financial Services Industry ,
Gramm-Leach-Blilely Act ,
Incident Response Plans ,
Non-Bank Lenders ,
NYDFS ,
Policies and Procedures ,
Popular ,
Risk Management
On November 3, a federal court in the District of Idaho unsealed an amended complaint that the Federal Trade Commission (FTC) had filed in June 2023 against Kochava. The complaint alleges that Kochava engaged in unfair acts...more
On October 27, 2023, the Federal Trade FTC (FTC) approved amendments to its version of the Standards for Safeguarding Customer Information Rule (the Safeguards Rule) to require non-banking financial institutions regulated by...more
Artificial intelligence that can create new texts, images, and other content (or“generative AI”) is revolutionizing every industry, and healthcare is no exception. Doctors are experimenting with using generative AI to improve...more
10/27/2023
/ Artificial Intelligence ,
Electronic Medical Records ,
Electronic Protected Health Information (ePHI) ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare Facilities ,
Patient Privacy Rights ,
Privacy Concerns ,
State Privacy Laws
Over the past year, the Federal Trade Commission (FTC) has emerged as a leading actor in the health privacy enforcement space, spearheading enforcement actions, policy statements, and regulatory changes all aimed at...more
8/7/2023
/ Consumer Privacy Rights ,
Consumer Protection Laws ,
Data Privacy ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Authority ,
Federal Trade Commission (FTC) ,
Health Insurance Portability and Accountability Act (HIPAA) ,
OCR ,
Personal Information ,
PHI ,
Privacy Laws
On July 10, 2023, the European Commission adopted an adequacy decision for the new EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the successor to the EU-U.S. Privacy Shield, which the Court of Justice of the European Union...more
7/19/2023
/ Certification Requirements ,
Compliance ,
Compliance Monitoring ,
Department of Transportation (DOT) ,
EU ,
European Commission ,
Federal Trade Commission (FTC) ,
Framework Agreement ,
International Data Transfers ,
Privacy Framework ,
UK
On June 27, the Federal Trade Commission (FTC) announced an enforcement action against Publishers Clearing House (PCH) in connection with the company’s long-running sweepstakes promotions. Though the FTC’s complaint alleges a...more
7/18/2023
/ Advertising ,
CAN-SPAM Act ,
Consumer Privacy Rights ,
Contests & Promotions ,
Data Collection ,
Data-Sharing ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Misrepresentation ,
Personal Data ,
Privacy Policy ,
Sweepstakes ,
Targeted Digital Advertising
On July 10, 2023, the European Commission adopted its long-awaited adequacy decision for the EU-U.S. Data Privacy Framework (“Adequacy Decision”). This ends a three-year journey to set up a successor to the EU-U.S. Privacy...more
7/12/2023
/ Adequacy Requirement ,
Court of Justice of the European Union (CJEU) ,
Department of Justice (DOJ) ,
EU ,
EU-US Privacy Shield ,
European Commission ,
Executive Orders ,
Federal Trade Commission (FTC) ,
General Data Protection Regulation (GDPR) ,
Iceland ,
International Data Transfers ,
Liechtenstein ,
Member State ,
Norway ,
Personal Data ,
U.S. Commerce Department
On June 16, the Federal Trade Commission (FTC) announced an enforcement action against 1Health.io Inc. (“1Health,” also known as Vitagene, Inc.), a genetic testing company that analyzes consumer-provided DNA samples and uses...more
6/30/2023
/ Consent Order ,
Data Protection ,
Data Security ,
DNA ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
FTC Act ,
Genetic Materials ,
Genetic Testing ,
Privacy Policy ,
Section 5 ,
Sensitive Personal Information ,
Unfair or Deceptive Trade Practices
On June 5th, the Federal Trade Commission (FTC) announced a settlement with Microsoft over alleged violations of the Children’s Online Privacy Protection Act (COPPA) for its data practices involving its Xbox live product. ...more
6/21/2023
/ Amazon ,
Compliance ,
COPPA ,
Data Collection ,
Data Retention ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Microsoft ,
Minors ,
Parental Consent ,
Personal Information ,
Popular ,
Xbox
On May 18, the Federal Trade Commission (FTC) proposed changes to the Health Breach Notification Rule (the HBNR or the Rule), including clarifying the rule’s applicability to health apps and other similar technologies. These...more
On May 31, the Federal Trade Commission (FTC or Commission) announced two separate enforcement actions against Amazon—one involving its cloud-based voice service, Alexa, and the other involving Ring, its smart doorbell...more
6/7/2023
/ ALEXA ,
Amazon ,
Artificial Intelligence ,
Biometric Information ,
Consumer Privacy Rights ,
COPPA ,
Corporate Counsel ,
Cybersecurity ,
Data Deletion ,
Data Privacy ,
Deceptive Intent ,
Enforcement Priorities ,
Federal Trade Commission (FTC) ,
Personal Data ,
Popular ,
Settlement ,
Unfair or Deceptive Trade Practices
On May 17, 2023, the Federal Trade Commission (the “FTC”) reached a settlement with Easy Healthcare Corporation (“Easy Healthcare”), for its fertility-tracking app, Premom. The agency alleged that Easy Healthcare failed to...more
5/25/2023
/ Corporate Counsel ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Breach Notification Rule ,
Mobile Apps ,
Mobile Health Apps ,
PHI ,
Policy Statement ,
Risk Mitigation
On May 18, the Federal Trade Commission (FTC) issued a policy statement warning about the increased use of consumers’ biometric information and related marketing of technologies that use biometric information. The agency...more
5/23/2023
/ Biometric Information ,
Biometric Information Privacy Act ,
California Consumer Privacy Act (CCPA) ,
Data Collection ,
Data Privacy ,
Data Protection ,
Facial Recognition Technology ,
Federal Trade Commission (FTC) ,
FTC Act ,
Policy Statement ,
Protected Class ,
Section 5 ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
On May 1, the Federal Trade Commission (FTC) released a blog post cautioning companies about the use of generative AI tools to change consumer behavior. Generative AI is a subset of AI that can generate new text, images, and...more