Online shopping has taken on greater importance for many people homebound since the coronavirus lockdowns began. And, while many are lounging at home in pajamas and yoga pants, there are still a lot of fashion-conscious shoppers out there anxious to take advantage of bargain prices and speedy deliveries. But how is a stay-at-home fashionista supposed
Privacy
Smart Lock Manufacturer Settles Alleged False Security Claims with FTC


Canadian company Tapplock, Inc. sells smart locks to the U.S. market that the company advertised as “sturdy,” “secure,” and even “unbreakable.” Tapplock’s assurances that the locks were strengthened with “double-layered lock design” and made with “anti-shim and anti-pry technologies” could be quite an enticement for consumers looking for top-of-the-line connected home security. There was a…
UK ICO Finalizes Rules for Children’s Content


The UK Information Commissioner’s Office (ICO) recently finalized its Age-appropriate design: a code of practice for online services (the code). The code applies to any “relevant information society services which are likely to be accessed by children” (by which the ICO means minors under age 18), whether designed for kids or general audiences. The new…
NIST Solicits Comments on Revised Draft IoT Cybersecurity Device Guidance


On January 7, 2020, the National Institute of Standards and Technology (NIST) released a draft of revised cybersecurity recommendations for IoT devices at both the pre-market and post-market stages. NISTIR 8259, Recommendations for IoT Device Manufacturers: Foundational Activities and Core Device Cybersecurity Capability Baseline, identifies six voluntary steps manufacturers should take to account…
The EU Advocate General Opinion is Out: Standard Contractual Clauses are Valid


Businesses that rely on standard contractual clauses (SSCs) to transfer personal data outside the European Economic Area (EEA) just got good news. The long-awaited decision from the EU Advocate General (AG) is here: SCCs are valid. The AG’s opinion, although non-binding, is significant for the case brought by Austrian privacy activist Max Schrems against Facebook,…
FTC Says “Stalking” Apps Violate COPPA and the FTC Act


You know that movie where a person thinks they’ve barricaded themselves in their house against a stalker, only to grasp the awful realization that the threat is “coming from inside the house”? Unbeknownst to you, that threat may, in fact, be coming from your smartphone, according to a complaint by the Federal Trade Commission (FTC).…
Reevaluating the COPPA Rule

In the two decades following the enactment of the Children’s Online Privacy Protection (COPPA) Rule, technological developments have changed the online landscape considerably. Recognizing this, the Federal Trade Commission (FTC) held a public workshop on October 7, 2019, to discuss whether, given the proliferation of smart devices, video games, online channels, and EdTech, the Rule,…
Equifax to Pay Largest-Ever Data Breach Settlement


The Equifax data breach was one of the most massive data breaches of all time, and it has resulted in the biggest settlement for a data breach to date. After two years of investigations at the state and federal levels, credit reporting agency Equifax has agreed to a $675 million – up to possibly $700…
FTC Continues Enforcement of False Privacy Shield Claims


Nearly three years after the EU-U.S. Privacy Shield framework replaced the U.S.-EU Safe Harbor as a mechanism to transfer personal data from the European Union to the United States, the Federal Trade Commission (FTC) continues to monitor companies’ claims regarding participation. As we previously reported, the FTC has taken actions against several companies over…
FTC Settles Lax Data Security Charges with Software Seller


The Federal Trade Commission (FTC) entered into a proposed settlement with LightYear Dealer Technologies, LLC (aka DealerBuilt) on June 12, 2019, over allegations of lax consumer privacy protections. While no fines were levied, the order is remarkable for its detailed and extensive requirements governing the company’s future data privacy practices and the FTC’s role in…