On June 4, 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) governing exchanges of personal data between data controllers and data processors and transfers of personal data from the EU to the U.S. or other countries that are not deemed to ensure adequate protection for personal data. The revised SCCs
The Federal Trade Commission (FTC) has released the final agenda for its first workshop on the use of “dark patterns” online, Bringing Dark Patterns to Light: An FTC Workshop, which will be held virtually on April 29, 2021. The workshop will explore how to define “dark patterns,” their prevalence, possible harms (including to vulnerable
The long trudge towards final regulations implementing the California Consumer Privacy Act (CCPA) continues. In December of last year, the California Attorney General issued a fourth set of proposed regulations. These additions were approved by the California Office of Administrative Law (OAL) on March 15, 2021 and took effect immediately. Here are the key
As Congress remains locked in a stalemate over the terms of a comprehensive federal privacy law, states continue to forge ahead. Following California, Virginia is the second U.S. state to enact its own comprehensive privacy law governing the collection and use of personal data. Governor Ralph Northam signed the Virginia Consumer Data Protection Act (CDPA)
On April 29, 2021, the Federal Trade Commission (FTC) will host a virtual public workshop to examine the nature and effects of “dark patterns” on online user behavior. “Bringing Dark Patterns to Light: An FTC Workshop” is expected to explore ways in which user interfaces can have the effect, intentionally or unintentionally, of obscuring, subverting,
The proliferation of mobile devices and digital media allows consumers to take, post, and store more photos and videos than ever before. Since 2015, app developer Everalbum has operated the mobile app, Ever, which offers a means for users to store photos and videos on the company’s cloud servers. Everalbum told users they could deactivate
Third-party service providers are vital to many companies and they handle a wide range of business activities essential for companies to deliver their own offerings. But a company is not adequately protecting consumers if it fails to perform proper due diligence on service providers and contractually require them to employ appropriate security measures to protect
The EU-U.S. Privacy Shield Framework, which provided a mechanism to legally transfer personal information from the EU to the United States, was invalidated on July 16, 2020, but the Federal Trade Commission (FTC) has made it clear that companies that claimed to be participants must still make good on their word. A case in point
More than 160 million Americans play video games. Originally designed as single-use purchases for consoles or computers, video games are now downloadable, making them more accessible to consumers than ever. One important development for the video game industry has been the creation of “micro purchases” – in-game transactions such as “loot boxes” that players can
Marketing products as environmentally friendly can induce customers to pay higher prices than they would for other goods. But when promises of lower emissions or higher insultation ratings prove false, that hurts consumers, and the Federal Trade Commission (FTC) steps in. The FTC recently concluded its four-year long false advertising case against Volkswagen and Porsche