A new paper published by the Future of Privacy Forum examines the appropriate privacy paradigm for the world of the Internet of Things. The paper was co-authored by Hogan Lovells Privacy and Information Management practice leader Christopher Wolf who also is the founder and co-chair of the Future of Privacy Forum (with co-author Jules Polonetsky). The […]
On November 19, 2013 the Federal Trade Commission will hold its first ever workshop on the Internet of Things. The Workshop does not aim to debate regulation or codes of conduct, but is rather a fact finding mission aimed at uncovering the privacy and security concerns inherent in the Internet of Things, where a range of devices collect and communicate personal information perpetually.
On October 22, the FTC announced a settlement with national “rent-to-own” retailer Aaron’s, Inc. on charges that it knowingly assisted its franchisees in tacitly collecting images and information about their customers. Specifically, the FTC alleges that Aaron’s “played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly monitored consumers including taking webcam pictures of them in their homes.”
On Monday, a European Parliament Inquiry established to investigate the recent U.S. National Security Agency surveillance revelations indicated that its final report would recommend suspension of the popular EU-U.S. Safe Harbor Framework.
At the 35th annual Conference of Data Protection Authorities and Privacy Commissioners in Warsaw, Poland today, Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and trade in light of the ongoing Transatlantic Trade and Investment Partnership negotiations between the EU and the U.S. This post contains prepared remarks to the commissioner’s on the need for interoperable cross-border privacy standards and the merits of the U.S. privacy regime.
On August 28, the Federal Trade Commission (FTC) filed an administrative complaint against medical testing laboratory LabMD based on allegations that the company engaged in “unfair acts or practices” by failing to employ “reasonable and appropriate measures to prevent unauthorized access to personal information.” The FTC’s action in this case stems from an incident in which a file containing personal information on approximately 9,300 individuals allegedly was shared on a peer-to-peer (P2P) network from a company computer with P2P file-sharing software installed. The complaint follows other recent FTC actions in which the agency has relied on its Section 5 authority under the FTC Act to claim that companies’ exposure of data to P2P networks constituted an unlawful, unfair data security practice. The FTC’s action against LabMD makes clear that institutions governed by the Health Insurance Portability and Accountability Act (HIPAA) must also be mindful of the FTC’s increasing enforcement activity related to security controls, including actions against healthcare providers.
The Federal Trade Commission (“FTC”) recently issued a revised guidance (“Guide”) on the Red Flags Rule (“Rule”) (see “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”). The Red Flags Rule requires certain businesses to develop, implement and administer an identity theft protection program. The purpose of this Guide is to […]
Less than two weeks after providing additional guidance on the recent changes to the Children’s Online Privacy Protection Act (“COPPA”) Rule, in the form of updated Frequently Asked Questions, the Federal Trade Commission (“FTC”) voted unanimously to retain the July 1, 2013 effective date for the changes to the COPPA Rule.
In Bloomberg BNA’s Privacy and Security Law Report, Hogan Lovells attorneys Des Hogan, Michelle Kisloff, and Chris Wolf have published an article addressing the increased litigation and regulatory risks that companies must address in the evolving privacy and data security landscape. After summarizing recent developments involving class actions and regulatory activities, the article offers guidance on how companies can reduce their financial and reputational exposure.
Recognizing the changes enabled by mobile devices and social technologies, the Federal Trade Commission has published the first update in over twelve years of its guidelines for online advertising. The new guide, .com Disclosures: How to Make Effective Disclosures in Digital Advertising, parallels the 2000 original, Dot Com Disclosures: Information About Online Advertising, and uses much […]
There has been an explosion in the number and variety of mobile payment services available to consumers in the last couple of years, with new innovations and players growing exponentially. The release of the Federal Trade Commission’s (FTC) March 8, 2013 staff report, “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments,” indicates the potential […]
On March 7, the FTC announced a major new initiative cracking down on text message spammers and drove home the point by commencing eight new lawsuits against alleged spammers. In eight complaints filed in four different federal courts across the country, the FTC has charged a total of twenty-nine defendants, alleging that they collectively sent […]
Today the FTC released Mobile Privacy Disclosures: Building Trust Through Transparency, a report containing recommendations for the mobile industry. The report encourages mobile app platforms to play a significant role in providing consumers with privacy-related information, devoting more pages to recommendations for platforms than it does for developers, ad networks, third-party service providers, and trade […]
Yesterday saw dozens of instant summaries of the Federal Trade Commission’s long- awaited revision to the Children’s Online Privacy Protection Act (COPPA) Rule, which becomes effective on July 1, 2013. We took a night “to sleep on it,” in order provide not just a summary, but some focused comments about the impact of yesterday’s rule […]
The FTC has issued an interim final rule to amend the Identity Theft “Red Flags Rule,” which requires certain “financial institutions” and “creditors” to develop and implement a written identity theft prevention program to identity, detect, and respond to possible incidents of identity theft. The interim rule amendment conforms the Red Flag’s Rule’s definition of […]
On October 11, 2012, the U.S. Government Accountability Office (GAO) issued a report titled “Mobile Device Location Data: Additional Federal Actions Could Help Protect Consumer Privacy.” Requested by Sen. Al Franken (D-MN), the Report recognizes the efforts of Federal agencies to protect consumer privacy when using mobile devices but calls for additional action
Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.
Eric Bukstein, who is in the Privacy and Information Management Practice at Hogan Lovells recenly gave a video interview to Colin O’Keefe of LXBN (Lexblog Network) TV to discuss the FTC’s supplemental proposed changes to the COPPA Rule. The video can be viewed in this blog entry.
On August 3, at the ABA Annual Meeting, the ABA Section of Administrative Law and Regulatory Practice held a panel moderated by Hogan Lovells privacy leader Chris Wolf entitled “Privacy Law in 2012: Where We Are and Where We Are Going.” The article below, reprinted with permission from ABA Now, describes thoughts of the panelists on the future of privacy in the US and in Europe.
On August 1, the Federal Trade Commission (“FTC”) issued a supplemental notice of proposed rulemaking which proposes several changes to its previously released proposed Children’s Online Privacy Protection Act (“COPPA”) rulemaking. COPPA and the FTC’s COPPA Rule regulate the collection of personal information online from children under the age of thirteen. On September 15, 2012, the FTC released proposed revisions to the COPPA Rule, which contemplated several major changes to the existing COPPA regime.
In its first enforcement action under the Fair Credit Reporting Act (“FCRA”) about the sale of data compiled from publicly available online sources in the context of employment screening, the Federal Trade Commission (“FTC”) announced yesterday that it had entered into a $800,000 settlement with an online data broker, Spokeo, for allegedly marketing consumer profiles to employers and recruiters without complying with the requirements of FCRA. In addition, the FTC settled charges that Spokeo violated Section 5 of the FTC Act by posting surreptitious endorsements of its services under the names of others.
The Federal Trade Commission yesterday announced settlements with two companies over security breaches caused by peer-to-peer (P2P) file sharing software. The settlements require the companies to establish and maintain comprehensive information security programs and to undergo data security audits by independent auditors every other year for 20 years.
This blog entry links to a piece written for Forbes by Hogan Lovells privacy practice leader Chris Wolf in which he contrasts the relatively light penalty imposed upon Dharun Ravi, the Rutgers student convicted of invasion of privacy and bias intimidation, with the remedies imposed by the Federal Trade Commission for violations of Section 5 of the FTC Act.
On May 14, Hogan Lovells’ partner Chris Wolf moderated a panel discussion presented by the Congressional Internet Caucus Advisory Committee entitled, “New Internet Privacy Legislation: What the White House, Federal Trade Commission and the European Commission Are Recommending.” The FTC’s Maneehsa Mithal began the event with a brief overview of the FTC’s Commission Report on protecting consumer privacy, and the panelists, led by Mr. Wolf, engaged in a discussion about the FTC Report, the White House’s privacy white paper, and the proposed EU Data Protection Regulation.