In 2014, with childhood obesity on the rise in the United States, tech company Kurbo, Ltd. (Kurbo) marketed a free app for kids that, according to the company, was “designed to help kids and teens ages 8-17 reach a healthier weight.” When WW International (WW) (formerly Weight Watchers) acquired Kurbo in 2018, the app was
Privacy
EDPB on Dark Patterns: Lessons for Marketing & Technical Teams

“Dark patterns” – social media platform interfaces that can lead users to make unintended and potentially harmful decisions regarding the processing of their personal data – are a subject of increasing scrutiny in the EU. New guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm the focus…
Legislators Ask COPPA Safe Harbor Organizations for Information


Children’s Online Privacy Protection Act (COPPA) enforcement actions closed out 2021 (see our blog post) and children’s online privacy remains a hot topic in Congress in 2022. After a series of articles by The Wall Street Journal last September uncovered Instagram’s own research on possible harms to teenagers from social media engagement, members of the…
The State of State Privacy Laws: A Comparison


In the absence of a comprehensive U.S. federal privacy law, three states – California, Virginia, and Colorado – have enacted comprehensive privacy laws as of this year. The California Consumer Privacy Act (CCPA) is in effect now, and the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and Colorado Privacy Act (CPA) …
California Privacy Protection Agency Seeks Comments on New CCPA Regulations


The newly established California Privacy Protection Agency (the Agency) is soliciting public comments on a number of issues, as required by the California Privacy Rights Act (CPRA) that was passed by ballot initiative in November 2020. CPRA expands the rights afforded to California residents and the obligations imposed on businesses under the California Consumer Privacy…
President Biden Nominates Alvaro Bedoya for FTC Commissioner


On September 13, 2021, President Biden nominated Alvaro Bedoya for Commissioner of the Federal Trade Commission (FTC) to replace outgoing FTC Commissioner Rohit Chopra. Earlier this year, President Biden nominated Chopra to head the Consumer Financial Protection Bureau (CFPB). If confirmed, Bedoya would round out the slate of FTC commissioners and solidify the agency’s Democratic…
FBI and CISA Warn Businesses to be Vigilant About Ransomware Attacks


As the Labor Day weekend approaches, the Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) are warning U.S. entities to remain alert and protect against the rising incidence of ransomware attacks over holidays and weekends. A joint cybersecurity advisory issued on August 31, 2021 reviews recent ransomware attacks that occurred over…
Could COPPA Safe Harbor Changes Be in Store?


The Federal Trade Commission (FTC) took the unprecedented step of removing one of the approved Safe Harbor organizations under the Children’s Online Privacy Protection Act (COPPA) for failing to provide effective monitoring and assessment of its member companies’ websites, as required under the COPPA Rule. Earlier this year, Commission staff warned Aristotle International, Inc., whose…
CARU Issues Updated Guidelines for Children’s Advertising

The Children’s Advertising Review Unit (CARU), a division of BBB National Programs, recently updated its Self-Regulatory Guidelines for Children’s Advertising. Important updates include:
- To align with the Children’s Online Privacy Protection Act (COPPA), the Guidelines now apply to national advertising primarily directed to children under the age of 13 instead of under 12, regardless
…
EU Adopts New Standard Contractual Clauses For Transfers of Personal Data


On June 4, 2021, the European Commission adopted a new set of standard contractual clauses (SCCs) governing exchanges of personal data between data controllers and data processors and transfers of personal data from the EU to the U.S. or other countries that are not deemed to ensure adequate protection for personal data. The revised SCCs…