The FTC updated its Negative Option Rule last month and gave it a new name to emphasize the expanded scope of programs to which it applies. It will now be the “Rule Concerning Recurring Subscriptions and Other Negative Option Programs.” The updated rule, as the FTC outlines, will now be applicable to nearly all forms of negative option marketing.Continue Reading Click! FTC Updates Its Negative Option Rule
Kathryn Smith
Kathryn (“Katie”) Smith is an associate in the Intellectual Property Practice Group in the firm's Chicago office and a member of the Privacy and Cybersecurity Team. She is certified by the International Association of Privacy Professionals (IAPP) for CIPP/US.
New York AG Settles EnforcemENT Action with ENT
The New York Attorney General’s Office recently settled with Albany ENT & Allergy Services over claims that the healthcare provider failed to protect over 200,000 consumers’ private health information. The claims stem from two ransomware attacks in 2023. The AG argued that the company had violated New York’s data security law, resulting in the incident. As part of the settlement, Albany ENT agreed to pay $2.75 million in civil penalties and to implement additional security measures.Continue Reading New York AG Settles EnforcemENT Action with ENT
UK and US Issue Joint Statement on Children’s Privacy
The United Kingdom and the United States released a joint statement last month outlining plans focused on children’s online privacy. As indicated in the statement, they intend to engage national institutions and other organizations to support this work. They will also be forming a joint online safety working group.Continue Reading UK and US Issue Joint Statement on Children’s Privacy
How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts
The European Data Protection Board issued draft guidelines last month that outline when processing can be considered done for “legitimate interest.” The public has until November 20 to provide comments to the draft.Continue Reading How Legitimate Is Your Business Interest? The EDPB Has Some Thoughts
#StatusUpdate on Social Media, Apps, and Children’s Privacy
Regulations impacting children’s use of social media continues to be a space in motion the past few months. There have been developments at both the state level, as well as with the FTC. And there is no sign of slowing down. In this article we give a roundup of some recent developments worth keeping in mind.Continue Reading #StatusUpdate on Social Media, Apps, and Children’s Privacy
The Privacy and Data Security Impact of California’s Recent AI Bills
The dust is beginning to settle from the raft of AI-related bills Governor Newsom signed last month in California. (See for example, our post about neural data.) Most of the provisions will not go into effect for another few months. Before they do, it is worth examining the impact they will have on companies’ privacy and data security practices. Most, as we outline below, may not change fundamental practice, but instead serve as a reminder to take into account privacy and data security considerations when assessing and implementing AI tools:Continue Reading The Privacy and Data Security Impact of California’s Recent AI Bills
FTC Social Media Staff Report Suggests Enforcement Direction and Expectations
The FTC’s staff report summarizes how it views the operations of social media and video streaming companies. Of particular interest is the insight it gives into potential enforcement focus in the coming months, and into 2025. Of particular concern for the FTC in the report, issued last month, were the following:Continue Reading FTC Social Media Staff Report Suggests Enforcement Direction and Expectations
Promising Decision in Wiretapping Case, Win for Businesses
Those tracking CIPA litigation are familiar with the recent decision holding in favor of a company whose site had an online chat operated by a vendor. The court in that case held (1) that the company had not violated the California Invasion of Privacy Act (CIPA), and (2) that its chat was not unauthorized “wiretapping.” This ruling came as welcome news to companies who offer online chat features, especially those who face—or fear—similar lawsuits.Continue Reading Promising Decision in Wiretapping Case, Win for Businesses
California: Age-Appropriate Design Code Act Partially Blocked, New Social Media Law Signed
California has been active in the kids space. First, the Ninth Circuit’s recently ruled on the California’s Age-Appropriate Design Code Act. Second, the governor has just signed a new law aimed at social media sites.Continue Reading California: Age-Appropriate Design Code Act Partially Blocked, New Social Media Law Signed
October 1st Reminder – Big Sky Privacy Law Goes into Effect
2024 seems like it is flying by. For those keeping track of US state “comprehensive” privacy laws you know that October 1 – a week away – brings the effective date of the Montana privacy law. The “big sky” state will join Texas, Oregon and Florida as the fourth effective privacy law of 2024. This brings to total to nine state privacy laws in effect (with California, Colorado, Connecticut, Utah, and Virginia). Check out our tracker for the status of the remaining -signed- state laws, along with a comparison between their key provisions.Continue Reading October 1st Reminder – Big Sky Privacy Law Goes into Effect
New Data Breach Notification Obligations for PA – and a New Reporting Portal
Pennsylvania AG Michelle Henry announced yesterday the launch of an online portal for businesses to report data breaches to the AG’s office. The portal launch comes before Pennsylvania’s new breach amendments take effect on September 26, 2024. One of the amendments will require businesses to report to the AG Office any breach that impacts more than 500 Pennsylvania residents. Businesses can provide notice to the AG using the new online portal. The law also includes specific reporting content; this content is built into the online portal. The AG’s website provides step-by-step instructions for submission.Continue Reading New Data Breach Notification Obligations for PA – and a New Reporting Portal