As we wrote previously, kids are spending more of their days online and are using online platforms for virtual learning and entertainment. Much of this environment is funded through online advertising. All companies thus need to think about the impact that children’s privacy laws, like COPPA, have on the online environment, as they will see the outcomes of this applicability in their contracts.
Continue Reading Back to School Special: But I’m Just an Ad Network! Am I Subject to Children’s Privacy Laws?

In our online world, one of the challenges (and opportunities) for companies is the increased use of their websites, apps, and connected devices. For platforms directed to both adults and children, or platforms previously directed to adults which would like to now also direct their services to children, the FTC’s recently streamlined FAQs, and ICPEN’s guide (both of which we introduced earlier this week) can help companies in this space. The information is particularly helpful for those that were aimed mostly toward adults, and are now shifting their business plans to direct products or services to children as well.
Continue Reading Back to School Special: Is My Multi-Age Platform Subject to Child Protection Requirements?

In this remote era, companies are increasingly being approached by their business teams with ideas about products and services that involve video or audio recordings of their consumers. It may also involve letting people manipulate photos of themselves. Sometimes, those recordings and pictures are of children. Content that contain images or audio of individuals are considered personal information under many laws, including the Children’s Online Privacy Protection Act (COPPA). What does this mean for companies? As we discussed in our previous blog post, COPPA requires obtaining parental consent if the personal information collected is being collected by the company online, and being collected from the child. The FTC’s recently streamlined FAQs help companies find and understand obligations if collecting photos or recordings from children. Namely, a reminder that this content is personal, and does require verifiable parental consent before being collected.
Continue Reading Back to School Special: Recordings, Photos, Kids, and Parental Consent

In the current pandemic era, kids are spending more time online, be it for school or entertainment. Companies are therefore gearing up for increased interaction with children online or through connected devices. As children around the globe return to school, whatever  that return looks like, the FTC and the International Consumer Protection Enforcement Network (ICPEN) remind us that certain rules apply when dealing with kids online.
Continue Reading Back to School Special: COPPA Consent in the COVID Era

Companies who transfer data from the EU to the U.S. are struggling to determine the appropriate basis under which they can make these transfers. Continuing our examination of the outcome of this decision, we think now about what companies can do for transfers of information from the EU to the U.S.
Continue Reading EU Reaction to the Fall of Privacy Shield: The Rise of SCCs?

U.S. companies are in a bind in the wake of the recent EU decision rejecting the validity of the Privacy Shield. While it is clear that the EU will not accept Privacy Shield participation as a basis for transferring data from the EU to the U.S., next steps for participants are unfortunately not clear cut. U.S. companies who participate in the Shield program face two decisions: (1) whether to continue participation in the Privacy Shield program and (2) what mechanism to rely on for data transfers from the EU to the U.S.
Continue Reading How to Rise from the Privacy Shield Ashes: A View from the U.S.

At the end of March, Washington, D.C. signed the Security Breach Protection Amendment Act of 2019, which adds some significant changes to D.C.’s existing data breach law, first enacted in 2007. The law is projected to take effect by June 13, 2020. Some of the major changes are summarized below.
Continue Reading D.C. Amends Data Breach Notification Law, Adds Security Requirements

The FTC recently issued comments on how companies can use artificial intelligence tools without engaging in deceptive or unfair trade practices or running afoul of the Fair Credit Reporting Act. The FTC pointed to enforcement it has brought in this area, and recommended that companies keep in mind four key principles when using AI tools. While much of their advice draws on requirements for those that are subject to the Fair Credit Reporting Act (FCRA), there are lessons that may be useful for many.
Continue Reading FTC Provides Direction on AI Technology

The FTC recently settled with smart lock maker Tapplock, Inc., a Canadian company, over allegations that it deceived consumers with false claims about its product’s security practices. These allegations arose based on vulnerabilities that a security researcher demonstrated – not in the aftermath of a data security breach where these complaints often originate.
Continue Reading FTC Settles with Company Over Alleged Deceptive Security Practices

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:
Continue Reading FTC Releases 2019 Privacy and Security Year in Review

The FTC recently summarized three major changes it made to its orders in data security cases. In a blog signaling these changes, the FTC Indicated that some of the things it has been requiring of companies in 2019 are here to stay.
Continue Reading New Trends Emerge in FTC Data Security Orders, Including Emphasis on C-Suite Involvement