On December 14, 2016, the FTC announced that the operating companies of the AshleyMadison.com website (collectively, the “Operators”) have settled with the FTC and a coalition of state regulators over charges that the Operators deceived consumers and failed to protect users’ personal information. The FTC worked with a coalition of 13 states, the Office of the Privacy Commissioner of Canada and the Office of the Australian Information Commissioner to resolve this matter, which was initiated in the wake of the website’s July 2015 data breach. Continue Reading FTC Settles with Operators of AshleyMadison.com Over Security and Privacy Practices
On November 30, 2016, the FTC released a staff summary (the “Summary”) of a public workshop called Putting Disclosures to the Test. The workshop, which was held on September 15, 2016, examined ways of testing and evaluating company disclosures regarding advertising claims and privacy practices. The Summary reviews the workshop and its key takeaways. Continue Reading FTC Releases Summary of Workshop on Privacy Disclosures
On February 29, 2016, the European Commission issued the legal texts that will implement the EU-U.S. Privacy Shield. These texts include a draft adequacy decision from the European Commission, Frequently Asked Questions and a Communication summarizing the steps that have been taken in the last few years to restore trust in transatlantic data flows.
The agreement in support of the new EU-U.S. transatlantic data transfer framework, known as the EU-U.S. Privacy Shield, was reached on February 2, 2016, between the U.S. Department of Commerce and the European Commission. Once adopted, the adequacy decision will establish that the safeguards provided when transferring personal data pursuant to the new EU-U.S. Privacy Shield are equivalent to the EU data protection standards. In addition, the European Commission has stated that the new framework reflects the requirements that were set forth by the Court of Justice of the European Union (the “CJEU”) in the recent Schrems decision. Continue Reading European Commission Presents EU-U.S. Privacy Shield
On October 26, 2015, the Federal Trade Commission (“FTC”) issued a press release on the Global Privacy Enforcement Network (“GPEN”) Alert, a new multilateral information sharing system that would allow participating agencies to share information relating to an investigation in order to facilitate better cross-border coordination. The FTC, along with agencies from seven other nations, signed a Memorandum of Understanding at the 37th International Conference of Data Protection and Privacy Commissioners in Amsterdam. FTC Chairwoman Edith Ramirez stated that the “GPEN Alert is an important, practical cooperation tool that will help GPEN authorities protect consumer privacy across the globe.” Australia, Canada, Ireland, The Netherlands, New Zealand, Norway and the United Kingdom join the U.S. in their efforts to coordinate global consumer privacy protection.
On April 7, 2015, the FTC announced proposed settlements with TES Franchising, LLC, an organization specializing in business coaching, and American International Mailing, Inc., an alternative mail transporting company, related to charges that the companies falsely claimed they were compliant with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.
On January 27, 2015, the Federal Trade Commission announced the release of a report on the Internet of Things: Privacy and Security in a Connected World (the “Report”). The Report describes the current state of the Internet of Things, analyzes the benefits and risks of its development, applies privacy principles to the Internet of Things and discusses whether legislation is needed to address this burgeoning area. The Report follows a workshop by the FTC on this topic in November 2013.
On January 6, 2015, Federal Trade Commission Chairwoman Edith Ramirez gave the opening remarks on “Privacy and the IoT: Navigating Policy Issues” at the 2015 International Consumer Electronics Show (“International CES”) in Las Vegas, Nevada. She addressed the key challenges the Internet of Things (“IoT”) poses to consumer privacy and how companies can find appropriate solutions that build consumer trust.
Continue Reading FTC Chair Calls for Security by Design, Data Minimization and Notice and Choice for Unexpected Uses in Remarks on the Internet of Things at the 2015 International Consumer Electronics Show
On July 10, 2014, the Federal Trade Commission announced that it filed a complaint against Amazon.com, Inc. (“Amazon”) for failing to obtain the consent of parents or other account holders prior to billing them for in-app charges incurred by children. According to the complaint, Amazon, which offers children’s apps through its Appstore, bills Amazon account holders in real money for virtual items that children obtain within an app (i.e., “in-app” charges).
On November 19, 2013, the Federal Trade Commission held a workshop in Washington, D.C. to discuss The Internet of Things: Privacy & Security in a Connected World. FTC Chair Edith Ramirez and FTC Senior Attorney Karen Jagielski provided the opening remarks. Chairwoman Ramirez raised three key issues for workshop participants to consider: Continue Reading FTC Workshop on The Internet of Things