Consumer Protection Connection

Consumer Protection
Connection

Tag Archives: privacy

Website Hacks Result in FTC Actions for Lax Security

Posted in Privacy
After hacks of two websites, i-Dressup.com and ClixSense.com, resulted in the compromise of personal information for millions of users – including, in the case of i-Dressup, hundreds of thousands of children under 13 – the Federal Trade Commission (FTC) issued complaints against the websites and their operators for lax security and other privacy violations. Notably,… Continue Reading

Avoid Being Held Hostage: FTC Releases Ransomware Guidance

Posted in Cybersecurity
New research from security company Kaspersky Labs suggests that the use of ransomware is now so widespread that nearly every moment, a ransomware attack is being launched somewhere in the world on businesses and consumers. Ransomware, or malicious software that infiltrates computer systems and uses tools like encryption to deny access or hold data “hostage”… Continue Reading

Shielded: EU Approves Privacy Pact with the U.S., Fee Schedule Proposed

Posted in Cybersecurity, Privacy
The European Commission (EC) approved the EU–U.S. Privacy Shield on Tuesday, July 12, after European Union member states, through the Article 31 committee, approved the pact the previous week (more on the draft adequacy decision back in March here and the earlier agreement laying out the Privacy Shield here). The decision will allow U.S. companies that… Continue Reading

GDPR Publication Starts Countdown to May 2018 Compliance Date for New Privacy Rules

Posted in Legislation, Privacy, Regulations
The new General Data Protection Regulation (GDPR) (Regulation 2016/69, Apr. 27, 2016), approved by the European Parliament and the Council of the European Union, was formally published in the Official Journal of the European Union on May 4, 2016, and will replace the Data Protection Directive (Directive 95/46/EC) effective May 28, 2018. This new set… Continue Reading

FCC Adopts Broadband Privacy NPRM

Posted in Privacy, Regulations
At its Open Meeting yesterday, the Federal Communications Commission (FCC) adopted a Notice of Proposed Rulemaking (NPRM) that would apply the privacy protections in Section 222 of the Communications Act to broadband Internet Service Providers (ISPs). The text of the NPRM, which reportedly seeks public comment on more than 500 questions relating to privacy and… Continue Reading

The FCC Continues Privacy Push with Draft Proposal Regulating ISP Customers’ Data

Posted in Data Security, Privacy, Regulations
On the heels of the Open Internet Order adopted by the Federal Communications Commission (FCC) last year, FCC Chairman Tom Wheeler has circulated a Notice of Proposed Rulemaking (NPRM) to fellow Commissioners that would apply the privacy protections of the Communications Act to broadband Internet access services. Wheeler’s proposal will be voted on at the… Continue Reading

Obama Signs Judicial Redress Act—Will It Move EU–U.S. Privacy Shield Forward?

Posted in Legislation, Privacy
President Barack Obama signed the Judicial Redress Act on Wednesday, February 24, 2016, which will eventually enable European Union citizens to seek remedies for alleged privacy violations by the federal government in U.S. courts.  The Act gives the U.S. Department of Justice (DOJ) authority to designate countries or international organizations that (1) have appropriate privacy… Continue Reading

New Year, New Cyber Law

Posted in Cybersecurity
In the rush of holidays and storms around the country (and weirdly warm weather here in D.C.), it was easy to miss that Congress finally approved the Cybersecurity Information Sharing Act (CISA).  The bill was included in the middle of its omnibus spending package, the Consolidated Appropriations Act, 2016, Pub. L. 114–113 (Dec. 18, 2015),… Continue Reading

Two App Developers Agree on COPPA Settlement with FTC

Posted in Advertising, Privacy
Two app developers have settled complaints from the Federal Trade Commission (FTC) that they allowed third parties to collect information, including persistent identifiers, through their apps, and allowed third parties to serve advertising to children, in violation of the Children’s Online Privacy Protection Act (COPPA). The FTC’s announcement was released the same day it announced… Continue Reading

Agreement Reached on Landmark EU Data Protection Reform

Posted in Data Security, Privacy
On December 15, 2015, the European Commission announced that an agreement has been reached with the European Parliament and the Council (the “trilogue” meetings) regarding the Commission’s sweeping 2012 EU Data Protection Reform proposal.  The reform package, which consists of a General Data Protection Regulation and a Data Protection Directive for Police and Criminal Justice… Continue Reading

False Advertising Contempt Suit Costs LifeLock $100 Million

Posted in Data Security, Litigation, Privacy
On December 17, 2015, the Federal Trade Commission (FTC) announced that Lifelock, Inc. (LifeLock), agreed to pay a record-breaking $100 million to settle charges that it violated an earlier consent agreement related to flawed data security practices issued in March 2010. The LifeLock settlements implicate both the “fairness” of the company’s data security practices and… Continue Reading

Life After the U.S.–EU Safe Harbor

Posted in Data Security, Privacy
We’ve written about the ground-breaking and panic-inducing ruling of the European Court of Justice (ECJ) invalidating the U.S.–EU Safe Harbor framework as an adequate data transfer mechanism, and ruling that national authorities are not bound by Commission approvals. Click here for our September 23, 2015 blog post, and here for a related October 16, 2015… Continue Reading

Article 29 WP Says Safe Harbor Transfers Illegal; Model Clauses and BCRs Under Review

Posted in Data Security, Litigation, Privacy
The Article 29 Working Party (WP) issued a press release on October 16, 2015 announcing the outcome of the meeting to discuss coordinated action after the Court of Justice of the European Union (ECJ) decision in the matter of Schrems v. Data Protection Commissioner (C-362-14), which invalidated the U.S.-EU Safe Harbor Agreement. While calling for… Continue Reading

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

Posted in Data Security, Privacy
A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is… Continue Reading

In Commission Win, Appeals Court Agrees that FTC Can Regulate Business Data Security Practices Under Unfairness Authority

Posted in Cybersecurity, Data Security, Privacy
In a closely watched case where the Federal Trade Commission (FTC) pursued Wyndham Worldwide Corporation for several data breaches that led to millions of dollars in fraudulent charges on customers’ payment cards, the U.S. Court of Appeals for the Third Circuit on Monday agreed with the Commission’s broad interpretation of its “unfairness” authority (opinion here).… Continue Reading

Unlucky 13: FTC Settles Charges under International Safe Harbor Framework

Posted in Privacy
Thirteen companies have agreed to settle with the Federal Trade Commission (FTC) charges relating to their participation in the U.S.–EU and U.S.–Swiss Safe Harbor Frameworks. Seven companies allegedly failed to renew their Safe Harbor self-certifications, including a sports marketing firm, two software developers, a research organization, a business information firm, a security consulting firm, and… Continue Reading

Is Your Device ID “Personal”? Federal Appeals Court to Decide Under VPPA

Posted in Litigation, Privacy
A federal appellate court will consider early next month whether the Video Privacy Protection Act (VPPA) makes an “Android ID” – a device identifier used in Google’s smartphones –personally identifiable information (PII). The Eleventh Circuit has scheduled oral argument in the case, Ellis v. Cartoon Network, Inc., for June 3, 2015. The plaintiff in the… Continue Reading

High Court to Decide If Congress Can Let Consumers Sue Over Publication of Inaccurate Personal Information Without Concrete Damages

Posted in Cybersecurity, Data Security, Litigation, Privacy
The Supreme Court of the United States granted certiorari late last month in a case with important implications for consumer privacy and for the ability of Congress generally to create wholly new protections for consumers. Plaintiffs must always show that they have standing – a legally-protected interest that allegedly has been violated – before a federal… Continue Reading

FTC Brings First Action Against Retail Tracking Company

Posted in Privacy, Regulations
On April 23, 2015, the Federal Trade Commission (FTC) announced that retail tracking company Nomi Technologies has agreed to settle FTC charges that it misled consumers. The FTC alleged that the company, which develops technology to allow retailers to track consumers’ movements through their stores, misled consumers by failing to uphold promises to provide a mechanism… Continue Reading

House Passes Cyber Information Sharing Bills

Posted in Cybersecurity, Data Security, Privacy
This week, the U.S. House of Representatives passed two cybersecurity information sharing bills that gained qualified support from the Obama Administration.  Together, the bills (the Protect Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act (NCPAA)) would authorize companies to share cyber threat information and defensive measures with each other and the government,… Continue Reading

Managing “Cyber” – A New Guide for Companies on Cybersecurity and Addressing Cyberthreats and Cybercrime

Posted in Cybersecurity, Data Security
The Paris-based International Chamber of Commerce (ICC) today released a new guide to help companies manage their cybersecurity, including how to address cyberthreats and how to prevent cybercrime. The ICC Cyber security guide for business, prepared by the ICC’s Commission on the Digital Economy, was written to help companies address the new types of risks… Continue Reading

Data Breaches: Not Just for States and the FTC Anymore

Posted in Cybersecurity, Data Security, Privacy
The Federal Communications Commission (FCC) announced today that AT&T Services, Inc., will pay $25 million to resolve an investigation into whether the company violated Sections 201(b) and 222 of the Communications Act relating to consumer privacy at AT&T call centers in Mexico, Colombia, and the Philippines. According to the FCC’s order and consent decree, call… Continue Reading

Privacy Class Action Claims on the Rise

Posted in Privacy
From the allegations of Edward Snowden about official snooping on U.S. citizens (and non-Americans worldwide) to any of the seemingly innumerable data breaches hitting retailers like Home Depot and Target or movie/television studio Sony or pick-your-favorite-example, it’s rare that a day passes without some breaking news about privacy (or its sibling, cybersecurity). Think of the… Continue Reading

COPPA Year In Review: Winners and Losers

Posted in Privacy
Since new requirements under the updated Children’s Online Privacy and Protection Act (COPPA) entered into force in July, 2013, the Federal Trade Commission (FTC) has moved into an active enforcement phase, while also fielding requests to recognize new parental consent methods and safe harbor programs.  Those interested in children’s online activities can draw some important… Continue Reading
.
Consumer Protection Connection

We and our analytics and advertising providers may use cookies and similar technologies to enhance the browsing experience, facilitate sharing of content, and generate statistics about use of the website. For more information or to change your preferences, click here.

I Agree