In its ongoing concern with “dark patterns,” the FTC recently announced results of two reviews of sites and apps purportedly engaging in the practice. As a reminder, the FTC views as “dark patterns” practices or web designs that “get consumers to part with their money or data” using deceptive or manipulative means. Both of the recent reports were completed by global consortiums of regulators of which the FTC is a member.Continue Reading We Don’t Use Dark Patterns!? FTC and Consumer Protection Networks Review Suggests You Might

Much of the focus on US privacy has been US state laws, and the potential of a federal privacy law. This focus can lead one to forget, however, that US privacy and data security law follows a patchwork approach both at a state level and a federal level. “Comprehensive” privacy laws are thus only one piece of the puzzle. There are federal and state privacy and security laws that apply based on a company’s (1) industry (financial services, health care, telecommunications, gaming, etc.), (2) activity (making calls, sending emails, collecting information at point of purchase, etc.), and (3) the type of individual from whom information is being collected (children, students, employees, etc.). There have been developments this year in each of these areas.Continue Reading Mid-Year Recap: Think Beyond US State Laws!

The FTC recently announced that it had finalized the changes to the Health Breach Notification Rule (HBNR). This is roughly one year later from when the proposed changes were first released and three years later from the Agency’s initial “position statement” on the rule sparking controversy. The final changes clarify the scope of the rule to health apps and expands what must be told to consumers when notifying them of a breach. The updated rule goes into effect June 25, 2024.Continue Reading FTC Finalizes Breach Notification Rule Amendments Directed at Digital Health

Earlier this month, accompanying an update to a rule prohibiting the impersonation of businesses and governments, the FTC sought comments on extending the rule to prohibit impersonation of individuals. The agency indicated that it is considering expanding the rule as the result of rising complaints around “impersonation fraud,” especially those generated by AI. Comments are due by April 30, 2024.Continue Reading FTC Seeks Comments on AI Impersonation Rules

The FTC is beginning 2024 with a bang. Just a few short days after announcing a settlement with lead-generation company Response Tree, the FTC has announced another decision. In this latest announcement, the FTC has described this as its first settlement with data broker over the sale of sensitive information. According to the FTC, X-Mode Social, and its successor company Outlogic, LLC, tracked and sold to third parties precise location information, which information could identify if people visited “sensitive” locations like medical or reproductive clinics or domestic abuse shelters. This allegation is similar to that the agency made last year against Kochava, in a case that is still pending.Continue Reading FTC Continues Focus on Data Brokers and Sensitive Information

Continuing its focus on potential dark patterns, the FTC has reached a settlement with the lead generation company Response Tree LLC and its president over allegations that the company ran sites that tricked people into opting into receiving marketing calls. The FTC brought the case arguing that the company had violated both Section V of the FTC Act as well as the Telemarketing Sales Rule (or TSR, which implements TCFAPA).Continue Reading FTC Reaches $7 Million Settlement Over Response Tree’s “Consent Farm” Sites

The FTC recently announced a settlement with Global Tel*Link, a telecommunications company that contracts with prisons and jails to provide communication services to incarcerated individuals and their families. Those who use their services create accounts with the company and are required to provide not only usernames and passwords but also Social Security numbers and government ID numbers. The company also collects financial account information as well as names and addresses. The company included in its marketing materials promises about security, including that it was the “cornerstone of what we do.” The company also made promises about its security in RFPs to prisons and jails.Continue Reading FTC Decision with Global Tel*Link Signals Expectations for Use of Testing Environments

The FTC’s second attempt to pursue the data broker, Kochava, continues to move forward. The amended complaint, which was just unsealed and thus available for the public to review, gives insight into the agency’s perspective on the harm that results when companies create profiles with sensitive information, and use that information to target ads to individuals. The amended complaint provides more detail about Kochava’s alleged practices; allegations the company strongly disagreed with. (Thus, why it sought -unsuccessfully- to have it sealed.)Continue Reading Amended Kochava Complaint Gives Insight into FTC’s View of Harm from Data Profiles

The FTC recently amended the Safeguards Rule to make non-banking institutions such as mortgage brokers, motor vehicle dealers, and payday lenders notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. The FTC plans to provide an online form that will be used to report certain information, including the type of information involved in the security event and the number of consumers affected or potentially affected. The FTC’s Safeguards Rule also requires non-banks to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.Continue Reading Impact of FTC Safeguard Rules Amendment on Breach Notification Timing

The FTC continues its focus and concern on use of technologies that integrate artificial intelligence, this time turning to potential consumer harm with voice cloning technology. Today the commission announced a challenge looking for solutions to help monitor and prevent malicious voice cloning. In the announcement, the FTC pointed to current scams where threat actors use cloned voices -created using AI tools- to conduct scams. For example, money requests from a person’s “relative.” The winner will receive a $25,000 prize, and entries will be accepted in the first weeks of January.Continue Reading FTC Vocalizes AI Voice Cloning Challenge