Following, by a day, a privacy-related claim challenge brought against another advertiser, the National Advertising Division found that advertiser DuckDuckGo had sufficiently substantiated its privacy claims. These cases are significant reminders in two ways. First, that claims made about privacy and security can be viewed through an advertising lens and examined to see if they are properly substantiated. Second, that the NAD, the self-regulatory body that actively examines truth and accuracy of advertising, is looking at privacy claims. As those familiar with the NAD are aware, it refers those who do not cooperate to the FTC for priority action to examine if there have been violations of Section 5 of the FTC Act.

Continue Reading NAD Examines Privacy Statements Made By DuckDuckGo in Online Ads

The National Advertising Division, a self-regulatory body that examines the truth and accuracy of advertising claims, recently examined privacy claims made by Brave, Inc. Using the same analysis given to other advertising claims, the NAD analyzed Brave’s statements about consumer privacy. It assessed both the implied as well as the express claims made by the company as well as the extent to which the substantiation Brave had for the claims supported those claims.

Continue Reading NAD Brings False Advertising Claims Over Privacy Representations

With six months before the first of the new US state general privacy laws go into effect, there are several steps companies can take now to begin to prepare. Unfortunately there are some parts of compliance that will be impacted by regulations that have either not been drafted, or if drafted, remain unfinalized. What, then, can companies do now? Familiarizing themselves with the types of requirements and beginning to address and develop mechanics for those requirements is a good start. Fortunately for most, these will not be new, as they are conceptually covered by CCPA, GDPR, or both.

Continue Reading Preparing for US State Privacy Law Compliance: The Six Month Mark

As we pass the half-way mark of 2022, many are reflecting on their privacy compliance progress. One area that seems to be a constant battle is training. How much is needed? What kind of training? What are expectations from regulators around training?

Continue Reading Privacy and Cybersecurity Training: Addressing Regulatory Concerns

In this third post of our ongoing series, we examine key takeaways for companies in light of the recently released draft CPRA regulations. Today’s focus is on contractual requirements. (Visit here for information about collection and notice under the draft regulations, and here for information about choice.)

Continue Reading What Should We Do About the Draft CPRA Regulations?: Contracts

Connecticut just joined California, Colorado, Utah, and Virginia in passing a comprehensive privacy law. The Connecticut Data Privacy Act (CTDPA) goes into effect July 1, 2023, the same time as Colorado’s very similar law. Companies preparing for these new laws (Virginia goes into effect January 1, 2023 and Utah December 31, 2023) will want to keep in mind the following five things about this fifth general US state privacy law.
Continue Reading Connecticut Fifth State to Pass a Comprehensive Privacy Law