The Federal Trade Commission (FTC) took the unprecedented step of removing one of the approved Safe Harbor organizations under the Children’s Online Privacy Protection Act (COPPA) for failing to provide effective monitoring and assessment of its member companies’ websites, as required under the COPPA Rule. Earlier this year, Commission staff warned Aristotle International, Inc., whose
EU Adopts New Standard Contractual Clauses For Transfers of Personal Data
On June 4, 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) governing exchanges of personal data between data controllers and data processors and transfers of personal data from the EU to the U.S. or other countries that are not deemed to ensure adequate protection for personal data. The revised SCCs
Addressing Dark Patterns in Online Marketing
The Federal Trade Commission (FTC) has released the final agenda for its first workshop on the use of “dark patterns” online, Bringing Dark Patterns to Light: An FTC Workshop, which will be held virtually on April 29, 2021. The workshop will explore how to define “dark patterns,” their prevalence, possible harms (including to vulnerable
Here’s What’s in the Latest Round of CCPA Regulations
The long trudge towards final regulations implementing the California Consumer Privacy Act (CCPA) continues. In December of last year, the California Attorney General issued a fourth set of proposed regulations. These additions were approved by the California Office of Administrative Law (OAL) on March 15, 2021 and took effect immediately. Here are the key
Virginia Becomes Second State to Pass Comprehensive Privacy Law
As Congress remains locked in a stalemate over the terms of a comprehensive federal privacy law, states continue to forge ahead. Following California, Virginia is the second U.S. state to enact its own comprehensive privacy law governing the collection and use of personal data. Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA)
FTC Orders E-Cigarette Manufacturers to Provide Advertising and Sales Information
The Federal Trade Commission (FTC) has issued orders to five e-cigarette manufacturers (JUUL Labs, Inc., R.J. Reynolds Vapor Company, Fontem US, LLC, Logic Technology Development LLC, and NJOY, LLC) seeking information about the companies’ 2019 and 2020 sales, advertising, and promotions. The FTC sent similar orders to the same companies in October 2019 seeking information
FTC Announces Workshop to Explore Internet “Dark Patterns”
On April 29, 2021, the Federal Trade Commission (FTC) will host a virtual public workshop to examine the nature and effects of “dark patterns” on online user behavior. “Bringing Dark Patterns to Light: An FTC Workshop” is expected to explore ways in which user interfaces can have the effect, intentionally or unintentionally, of obscuring, subverting,
FTC Settles Facial Recognition Data Misuse Allegations with App Developer
The proliferation of mobile devices and digital media allows consumers to take, post, and store more photos and videos than ever before. Since 2015, app developer Everalbum has operated the mobile app, Ever, which offers a means for users to store photos and videos on the company’s cloud servers. Everalbum told users they could deactivate
Mobile Ad Company Settles FTC Charges Over Misleading In-Game Rewards
Tapjoy, Inc., the operator of a mobile advertising platform that appears in certain mobile gaming applications, has settled Federal Trade Commission (FTC) allegations that the company deceived consumers by failing to provide them with promised rewards. Tapjoy’s platform allows mobile app users to interact with third-party advertisers and gain rewards, such as virtual currency, for
Data Analytics Company Settles with FTC Over Alleged Data Security Violations
Third-party service providers are vital to many companies and they handle a wide range of business activities essential for companies to deliver their own offerings. But a company is not adequately protecting consumers if it fails to perform proper due diligence on service providers and contractually require them to employ appropriate security measures to protect