As reported on the Hunton Retail Law Resource blog, the Federal Trade Commission settled charges with mobile advertising company Tapjoy, Inc., on allegations that the company failed to provide promised rewards in exchange for completed activities such as the payment of money, disclosure of sometimes-sensitive personal information or registration for “free trial” marketing offers.
Continue Reading FTC Pursues Advertising Network that Failed to Deliver In-Game Rewards in Exchange for Payment or Personal Information

On December 15, 2020, the Federal Trade Commission announced a proposed settlement with Ascension Data & Analytics, LLC, a Texas-based mortgage industry data analytics company, to resolve allegations that the company failed to ensure one of its vendors was adequately securing personal information of mortgage holders.
Continue Reading FTC Announces Enforcement for Inadequate Third Party Risk Management Practices Under the GLBA’s Safeguards Rule

On December 14, 2020, the Federal Trade Commission announced that it had issued orders to nine social media and video streaming companies, requesting information on how the companies collect, use and present personal information, their advertising and user engagement practices and how their practices affect children and teens.
Continue Reading FTC Issues Orders to Nine Social Media and Video Streaming Service Companies Regarding Privacy Practices

On December 15, 2020, the Irish Data Protection Commission announced its fine of 450,000 Euros against Twitter International Company, following its investigation into a breach resulting from a bug in Twitter’s design. The fine is the largest issued by the Irish DPC under the GDPR to date and is also its first against a U.S.-based organization.
Continue Reading Irish DPA Issues €450,000 Fine Against Twitter for Data Breach Following EDPB Decision under the GDPR Consistency Mechanism

On December 10, 2020, the French Data Protection Authority announced that it has levied fines on Google LLC, Google Ireland Limited and Amazon Europe Core for alleged violations of the French cookie rules. This post examines the French cookie rules, CNIL’s territorial jurisdiction, the investigations and the sanctions levied against each company.
Continue Reading CNIL Fines Google and Amazon 135 Million Euros for Alleged Cookie Violations

On November 26, 2020, the French Data Protection Authority announced that it imposed a fine of €2.25 million on Carrefour France and a fine of €800,000 on Carrefour Banque for various violations of the EU General Data Protection Regulation and Article 82 of the French Data Protection Act governing the use of cookies.
Continue Reading CNIL Fines Two Companies of the Carrefour Group €3.05 Million for GDPR and Cookie Violations

On November 9, 2020, the Federal Trade Commission announced it had entered into an consent agreement with Zoom Video Communications, Inc. to settle allegations that the video conferencing provider engaged in a series of unfair and deceptive practices that undermined the security of its user base, which, according to the FTC, has grown from 10 million users in December 2019 to 300 million in April 2020 during the COVID-19 pandemic.
Continue Reading Zoom Settles with FTC Over Deceptive Security Claims

On October 1, 2020, the UK Information Commissioner’s Office launched a public consultation on its draft Statutory Guidance, which provides an overview of the ICO’s powers and how it intends to regulate and enforce data protection legislation in the UK, including its approach to calculating fines.
Continue Reading ICO Launches Consultation on Its Draft Statutory Guidance