On October 28, 2021, the Federal Trade Commission announced the issuance of a new enforcement policy statement warning companies against using dark patterns that trick consumers into subscribing for services. The policy statement comes in response to rising complaints about deceptive sign-up tactics like unauthorized charges or impossible-to-cancel billing.
Continue Reading New FTC Policy Statement Targets Dark Patterns

On October 6, 2021, the Centre for Information Policy Leadership at Hunton Andrews Kurth published a white paper on “Organizational Accountability in Data Protection Enforcement – How Regulators Consider Accountability in their Enforcement Decisions.”
Continue Reading CIPL Publishes White Paper on Organizational Accountability in Privacy Enforcement

On September 14, 2021, the Securities and Exchange Commission announced that analytics firm, App Annie Inc., and its co-founder and former CEO, agreed to pay approximately $10 million to settle securities fraud charges for engaging in deceptive practices and making material misrepresentations about “alternative data” sold by the company. Notably, this is the SEC’s first enforcement action charging an alternative data provider with securities fraud.
Continue Reading SEC Settles with Alternative Data Provider for $10 Million

On September 14, 2021, the Federal Trade Commission authorized new compulsory process resolutions in the eight key enforcement areas: (1) Acts or Practices Affecting United States Armed Forces Members and Veterans; (2) Acts of Practices Affecting Children; (3) Bias in Algorithms and Biometrics; (4) Deceptive and Manipulative Conduct on the Internet; (5) Repair Restrictions; (6) Abuse of Intellectual Property; (7) Common Directors and Officers and Common Ownership and (8) Monopolization Offenses.
Continue Reading FTC Authorizes New Compulsory Process Resolutions in Eight Key Enforcement Areas

On September 1, 2021, the FTC banned the operator of a stalkerware app company and its CEO from offering, promoting, selling or advertising any surveillance app, service or business, alleging that the app allowed purchasers to illegally surveil other individuals by monitoring their device activity without their knowledge.
Continue Reading FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

On August 30, 2021, the U.S. Securities and Exchange Commission announced it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures.
Continue Reading SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

The U.S. Securities and Exchange Commission recently announced that Pearson plc agreed to pay a $1 million civil penalty in a settlement related to charges that Pearson misled investors about a 2018 data breach resulting in the theft of millions of student records, including birth dates and email addresses.
Continue Reading SEC Sanctions Public Company for Misleading Disclosures About Data Breach