Two app developers have settled complaints from the Federal Trade Commission (FTC) that they allowed third parties to collect information, including persistent identifiers, through their apps, and allowed third parties to serve advertising to children, in violation of the Children’s Online Privacy Protection Act (COPPA). The FTC’s announcement was released the same day it announced
Agreement Reached on Landmark EU Data Protection Reform
On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal. The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal
False Advertising Contempt Suit Costs LifeLock $100 Million
On December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and
Vermont Chemical Reporting Rule Moves Forward, but with Delay
The Vermont Department of Health won approval for its new, burdensome children’s product green chemistry reporting program from the state’s Legislative Committee on Administrative Rules on November 19, 2015. The final version of the Toxic Substances in Children’s Products Rule took effect on December 10, 2015, and follows from the state’s 2014 green chemistry bill,
Life After the U.S.–EU Safe Harbor
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015
Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review
The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for
EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact
A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the
Vermont Department Issues Final Proposal on Children’s Product Chemical Disclosure
The Vermont Department of Health has released the final proposed version of its Toxic Substances in Children’s Products Rule (although it is not yet available on the Department’s website) adopted under state’s 2014 green chemistry law, Act 188. The rule, largely unchanged from the proposal, is now scheduled to go before the state’s Legislative
In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here
Unlucky 13: FTC Settles Charges under International Safe Harbor Framework
Thirteen companies have agreed to settle with the Federal Trade Commission (FTC) charges relating to their participation in the U.S.–EU and U.S.–Swiss Safe Harbor Frameworks. Seven companies allegedly failed to renew their Safe Harbor self-certifications, including a sports marketing firm, two software developers, a research organization, a business information firm, a security consulting firm, and