Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: Federal Trade Commission FTC

Posted in Consumer Privacy

FTC Denies Proposed Verifiable Consent Method Under COPPA

The FTC denied AgeCheq’s application for approval of a proposed verifiable parental consent (VPC) method under COPPA. Under COPPA, operators of online services that are directed to children are required, except for limited situations, to obtain VPC prior to collecting personal information from children. Specifically, COPPA requires operators to obtain verifiable parental consent, taking into consideration available technology and any method must be reasonable calculated in light of available technology, to ensure that the person providing consent is the child’s parent. COPPA further provides a non-exhaustive list of acceptable methods that include (i) obtaining a form signed by a parent; (ii) receiving a credit/debit card or certain other online payment mechanisms if associated with a monetary transaction; (iii) a parent calling a toll-free number; (iv) parental consent by videoconference; (v) verifying parental identity against a form of government-issued identification; and (vi) traditional “email plus” where children’s personal information will be used for internal purposes only.

Posted in Consumer Privacy

FTC Releases Data Broker Report

Today, the Federal Trade Commission released Data Brokers: A Call for Transparency and Accountability. The report is an in-depth look at issues posed by the collection and dissemination of consumer information by the data broker industry and its findings will likely be used by both sides in the debate over data broker legislation and guide future FTC regulatory and enforcement activities in this space.

Posted in Consumer Privacy

FTC Settlement with Flashlight App Developer Sheds Light on Expanded Notice Requirements and the Status of Geolocation Information

On December 5, 2013, the FTC agreed to settle a complaint lodged against Goldenshores Technologies, LLC (Goldenshores) alleging that the company deceived users by misrepresenting its practices when collecting and sharing the personal data of users through its popular Brightest Flashlight Free mobile application. The original complaint and proposed settlement, adopted 4-0 by FTC vote, each provide insight into the agency’s evolving expectations of how a company should provide notice to users about its data collection and use practices.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Brings First “Internet of Things” Enforcement for Security of Internet-Connected Security Camera

Last month, the FTC announced its settlement with technology company TRENDNet over charges that the company’s lax security practices led to the public exposure of private video feeds. TRENDNet manufactures a range of networking hardware, including Internet-accessible surveillance cameras. According to the FTC complaint, some of the feeds from these cameras were disclosed online without authorization. Under the terms of the settlement, TRENDNet is enjoined from misrepresenting the security and privacy features of its Internet-accessible products and their associated apps, and the company must establish a comprehensive security program subject to biennial third-party assessments. The FTC describes this settlement as the conclusion of the agency’s first enforcement action “against a marketer of an everyday product with interconnectivity to the Internet” – also known as the “Internet of Things.” Our post addresses what insights the settlement provides regarding the FTC’s current approach to enforcing security standards and indicates that the FTC may be broadening its characterization of sensitive data.