The FTC recently took action against the online alcohol marketplace company Drizly and its CEO for alleged security failures. The case arose from a 2018 data breach which was caused – according to the FTC – by poor security measures stemming from the company’s alleged failure to devote sufficient resources or attention to data security.

Continue Reading FTC Action Against Drizly and CEO Provides Insight Into Its Security Expectations

Companies who participate in the AdTech and digital advertising eco-system are very familiar with the Interactive Advertising Bureau and its form advertiser agreements. Those agreements can help streamline negotiations, presenting the parties with, essentially, a pre-negotiated approach to common issues. When CCPA was passed, IAB updated its form to address that law and address consumer notice and consent. With the upcoming laws in California, Colorado, Connecticut, Utah and Vermont, the document is now outdated.

Continue Reading IAB Steps In State Signal Morass

The talk of “opt-out preference signals” or global privacy controls (GPC) has been increasing as companies dig into the forthcoming requirements under US “comprehensive” privacy laws. What is an opt-out preference signal? An “opt-out preference signal” also known colloquially as ”GPC,” is a signal sent by a platform or technology on behalf of a consumer that communicates the consumer’s choice to opt out of sale or sharing. Below, we summarize how each of the states treats this requirement.

Continue Reading Comparing and Contrasting the Opt Out Preference Signal Across States

With 2023 quickly approaching, many are spending this final quarter preparing for the five US state “comprehensive” privacy laws. Some of these contemplate clarifying regulations with technical and operational requirements. Requirements that will impact preparation activities.

Continue Reading State Comprehensive Privacy Laws: Status of the Regulations

President Biden signed a new executive order on Friday, with a framework that seeks to replace the existing Privacy Shield program. That program was found to be an invalid mechanism for transferring personal data between the EU and the US in 2020 (the Schrems II decision). Since then, companies have struggled to establish an appropriate mechanism for transfer of information from the EU to the US.

Continue Reading EU To Review New EU-US Data Transfers Framework

This summer the US Department of Justice settled with three poultry processors, Cargill Meat Solutions Corp., Sanderson Farms, Inc., and Wayne Farms, LLC. (U.S. v. Cargill Meat Solutions Corp. et al, 1:22-cv-01821 (D. Md. 2022)). The antitrust case focused on “long-running conspiracy to exchange information about wages and benefits for poultry processing plant workers and collaborate with their competitors on compensation decisions.”

Continue Reading Poultry Processors Settle with Department of Justice Over Wage Information Exchanges

The California governor recently signed into law the California Age-Appropriate Design Code Act, which will go into effect July 1, 2024. The law applies to “businesses” (as defined by CCPA) that provide online services or features “likely to be accessed by children.” To understand if the product or service is likely to be accessed by children, companies should look at factors like audience composition, if there are child-directed ads, or elements known to be of interest to children. Children are those who are under 18 (as opposed to the federal Children’s Online Privacy Protection Act, applicable to collection of personal information of those under 13).

Continue Reading Impact on Companies of California’s Children’s Privacy Law – Effective 2024

The Children’s Advertising Review Unit recently found that Tilting Point Media violated COPPA and CARU’s Self-Regulatory Guidelines for Advertising and for Children’s Online Privacy. Tilting Point is the operator of the SpongeBob: Krusty Cook-Off app. The case arose as part of CARU’s routine monitoring of child directed content.

Continue Reading CARU Strikes Again: Another Mixed-audience App Settles Over COPPA Allegations

Firefly Games agreed to take corrective action in response to the Children’s Advertising Review Unit’s allegations that the company had violated COPPA by inaccurately (and confusingly) explaining its privacy practices. The app in question, LOL Surprise! Room Makeover, featured dolls and characters intended for children and animated characters. It also included content directed to adult users. CARU concluded as part of its routine reviews that, inter alia, the app was “mixed audience.” As such, the app needed to comply with not only CARU’s guidelines, but the Children’s Online Privacy Protection Act as well.

Continue Reading Children’s App Settles with CARU Over COPPA and Guideline Violation Allegations

The FTC recently announced an ambitious Advance Notice of Proposed Rulemaking (ANPR) broadly aimed at a host of privacy and data security issues. This is the first step by the agency to explore using its Section 18 rulemaking authority under the FTC Act to issue a broad consumer privacy-focused trade regulation rule. The ANPR poses 95 questions and various topics, ranging from collection of information from children, to consent, data security, biometrics, artificial intelligence, and automated decision-making. The ANPR is focused on the impact to consumers and as workers or employees in a business capacity.

Continue Reading FTC Announces Proposed Rulemaking On Privacy and Data Security