As it closed out 2020, the Federal Trade Commission (FTC) sent out requests to nine social media and video streaming companies asking them to provide more information about how they treat consumer information. The FTC indicated that it wanted to learn more about the companies’ activities in order to inform the FTC’s approach to privacy and data security. The FTC, in particular, is focused on how the privacy practices of these entities affect children and teenagers. The FTC exercised its authority under a provision of the law that allows it to gather information generally from a particular company or industry (without bringing a specific action against the company or industry). One FTC commissioner did dissent, arguing that the request the FTC made of these companies was too broad.
Continue Reading FTC Focuses on Privacy Practices of Social Media and Video Streaming Companies

Apple has launched, in connection with other privacy changes in iOS 14, a requirement for privacy “nutrition labels.” The labels are required for new and existing apps, and are in addition to the existing requirement of linking to the company’s long-form privacy policy. Apple will automatically generate the label based on the company’s answers to its online questionnaire. Apple is requiring companies to explain what information they -and third-party partners collect. Answers will be turned into visuals for the label (a circle “i” for example, for contact information). Companies can also include optional disclosures, like confirming that data is not being used for tracking or third-party advertising purposes (if that is accurate).
Continue Reading Apple Privacy Nutrition Labels Effective Starting Next Month

The California Attorney General recently released a third set of proposed modifications to the CCPA regulations. As we previously covered, the CCPA regulations were approved and went into effect on August 14, 2020. Many companies will likely be frustrated by the fact that new changes have been proposed again, just two months after the final version was approved. Companies have until October 28, 2020 to submit comments to the AG on the modifications.
Continue Reading Will CCPA Regulation Change Again?: Comment Deadline Looming

As we wrote previously, kids are spending more of their days online and are using online platforms for virtual learning and entertainment. Much of this environment is funded through online advertising. All companies thus need to think about the impact that children’s privacy laws, like COPPA, have on the online environment, as they will see the outcomes of this applicability in their contracts.
Continue Reading Back to School Special: But I’m Just an Ad Network! Am I Subject to Children’s Privacy Laws?

In our online world, one of the challenges (and opportunities) for companies is the increased use of their websites, apps, and connected devices. For platforms directed to both adults and children, or platforms previously directed to adults which would like to now also direct their services to children, the FTC’s recently streamlined FAQs, and ICPEN’s guide (both of which we introduced earlier this week) can help companies in this space. The information is particularly helpful for those that were aimed mostly toward adults, and are now shifting their business plans to direct products or services to children as well.
Continue Reading Back to School Special: Is My Multi-Age Platform Subject to Child Protection Requirements?

In this remote era, companies are increasingly being approached by their business teams with ideas about products and services that involve video or audio recordings of their consumers. It may also involve letting people manipulate photos of themselves. Sometimes, those recordings and pictures are of children. Content that contain images or audio of individuals are considered personal information under many laws, including the Children’s Online Privacy Protection Act (COPPA). What does this mean for companies? As we discussed in our previous blog post, COPPA requires obtaining parental consent if the personal information collected is being collected by the company online, and being collected from the child. The FTC’s recently streamlined FAQs help companies find and understand obligations if collecting photos or recordings from children. Namely, a reminder that this content is personal, and does require verifiable parental consent before being collected.
Continue Reading Back to School Special: Recordings, Photos, Kids, and Parental Consent

In the current pandemic era, kids are spending more time online, be it for school or entertainment. Companies are therefore gearing up for increased interaction with children online or through connected devices. As children around the globe return to school, whatever  that return looks like, the FTC and the International Consumer Protection Enforcement Network (ICPEN) remind us that certain rules apply when dealing with kids online.
Continue Reading Back to School Special: COPPA Consent in the COVID Era

Apple recently revised its review guidelines to allow push notifications that include “advertising, promotions, or direct marketing.”  This changes a prior -and longstanding- prohibition on push notices that contain such content. Customers must affirmatively opt in to get promotional push notices, though (“through consent language displayed in your app’s UI”). They must also be able to opt out through an in-app mechanism.  Although promotional push notices were previously prohibited, many apps sent them. These modifications may be a step by Apple to acknowledge this use and put requirements in place around it.
Continue Reading Apple Eases Push Notification and Other Privacy Restrictions

As many who have been tracking CCPA are aware, the law requires training employees who handle consumer inquiries, and ensuring that employees understand how to help consumers exercise their rights. Since most of those rights requests are arriving by web page, email, and phone, it is unlikely that rights requests will slow in the face of COVID-19. Indeed, it is possible that they may increase. Employees will thus still need training, something many companies had anticipated doing in-person.

Coronavirus


Continue Reading Turn On the Camera Part Three: Fulfilling CCPA Training Obligations in the Face of COVID-19

The FTC recently released its annual privacy and security report, providing a snapshot of the issues focused on in the previous year. These reports are often looked at as a signal for insights into the agency’s upcoming priorities. Generally, the report contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions from 2019, a year where we saw several record-setting fines. The report also discusses privacy/security workshops, consumer education, and international engagement. Some of the highlights from 2019 discussed in the report include:
Continue Reading FTC Releases 2019 Privacy and Security Year in Review

As we get settled into the reality of living with both CCPA and GDPR, companies are looking for new approaches for keeping their privacy houses in order. CCPA reminds us that there is no end to new legislation: proposals are already coming in from states as varied as Nebraska, New Hampshire and Virginia. Similar legislative trends exist around the globe. How can companies be prepared to address this ever shifting legislative landscape? There are a few essential steps privacy officers can take, including (1) aligning the privacy team’s efforts with the underlying corporate mission, (2) having a clear understanding of both the company’s data and its use practices, and (3) having infrastructure in place that will allow for updates to notices and rights.
Continue Reading Getting Prepared for a Decade of Privacy