On Friday, July 12, 2019, the Wall Street Journal reported that Federal Trade Commission and Facebook reached a settlement to resolve Facebook’s privacy issues surrounding the Cambridge Analytica disclosure discovered last year. The settlement imposes a US$5 billion dollars on the tech giant, which represents roughly 9% of Facebook’s total yearly revenue and is the largest civil and privacy fine ever imposed by the FTC. The fine largely surpasses the FTC’s previous imposed fine in a privacy action, when the FTC fined Google US$22.5 million to settle claims it misrepresented privacy assurances to Safari users.… Continue Reading
On April 30, 2018, the U.S. Federal Trade Commission (FTC) released for public comment an administrative complaint and proposed consent agreement with mobile phone manufacturer BLU Products Inc. and its owner and president. Although the FTC has entered into many settlements relating to privacy and data security, this proposed settlement is particularly noteworthy for two reasons: (1) the FTC allegation that a company’s failure to implement appropriate security procedures to oversee a vendor’s security practices (including a lack of vendor due diligence) can violate Section 5 of the Federal Trade Commission Act; and (2) the proposed remedy includes a separate … Continue Reading
Illegal robocalls are a “scourge.” So says FCC Chairman Ajit Pai, and most consumers likely agree. Both the FCC and the FTC (each of which has jurisdiction over some aspects of telemarketing regulation) are actively pursuing ways to curb illegal and fraudulent robocalls. The FCC issued a report and order in November 2017 authorizing telecommunications providers to block certain types of calls considered “highly likely to be illegitimate.” In late January 2018, the FTC responded with a staff letter expressing support for the FCC’s efforts and offering suggestions for addressing erroneously blocked calls. … Continue Reading
The US Commission on Enhancing National Cybersecurity, a nonpartisan group established by President Obama in early 2016, released its final report on December 1, 2016. The report provides an in-depth view of cybersecurity challenges facing the digital economy, and provides a roadmap for addressing those challenges. For some issues, the Commission recommends that the next presidential administration take action within its first 100 days in office. Here are the six “imperatives” discussed in the Commission’s report.… Continue Reading
Data protection and privacy issues frequently intersect with other areas of the law. In addition to the Data Protection Report, Norton Rose Fulbright publishes other blogs covering important legal developments across the globe. These blogs sometimes touch on issues that may be of interest to our readers. As a service to our readers, we highlight some recent posts from our sister blogs:
- Better Business Bureau’s New “Native Advertising” Guidance (The Brand Protection Blog, November 3): The Better Business Bureau updated its Code of Advertising to address “native advertising” and ensure that, if it is not apparent that
Recent comments by FTC Chairwoman Edith Ramirez suggest that a company’s failure to take preventative measures to address ransomware could result in an enforcement action by the FTC, even if a company is never actually subject to a ransomware attack. The Chairwoman’s comments reflect a growing concern among US government agencies regarding ransomware and may foreshadow additional FTC action, building upon a developing trend of US regulators engaging in pre-breach enforcement action.… Continue Reading
FTC Commissioner Julie Brill sat down this morning with the Information Technology and Innovation Foundation to discuss the EU-US Privacy Shield, the new framework for transatlantic transfer of personal data announced earlier this week.
Commissioner Brill began by discussing the agreement generally, and provided valuable insight on the role of the Federal Trade Commission (FTC) and the implications of the EU-US Privacy Shield for commercial entities in the US. Read on for a discussion of key takeaways from the event.… Continue Reading
Late afternoon last Friday, the White House released its draft Consumer Privacy Bill of Rights Act (the “Act”). This follows on the heels on the President’s announcement of cybersecurity as a top priority of the administration, which foreshadowed the release of the Act and included other initiatives, including one for a single national breach notification standard. It also comes at a time when consumers may be feeling particularly interested in addressing cybersecurity threats, given healthcare insurer Anthem Inc.’s data breach and Sony Pictures Entertainment’s hack in November.
What Does the Act Govern?
In advance of what will likely be a flood of interconnected devices to soon hit the market, the Federal Trade Commission (“FTC”) today announced the release of a new report on the Internet of Things (the “Report”). Focusing on privacy and security, the FTC makes several suggestions to companies developing Internet of Things devices that are marketed to consumers.
Highlights of the Report include the following:
- risk assessment: prior to and during development of a connected device, the FTC believes that companies should assess the risk that the device and its data could be compromised. Security protocols can then
On January 30, 2015, Norton Rose Fulbright New York City office will host FTC Commissioner Julie Brill for a privacy roundtable.
As part of the IAPP KnowledgeNet lecture series, Commissioner Brill will address privacy topics that will be in focus for 2015: Big Data, its fair use and effects on consumers, the privacy issues raised by the latest technology, proposed EU privacy regulation, and the introduction of the term “cybersecurity” to the world of privacy. Commissioner Brill will be interviewed by Norton Rose Fulbright partner Boris Segalis, who co-chairs the firm’s Privacy, Data Protection and Access to Information practice in … Continue Reading
Leading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion and cost born by companies that must navigate the “patchwork” of differing state laws that currently governs the area of breach notification. In our view, the national breach law proposal may receive bipartisan support, but as always it is very difficult to handicap the … Continue Reading
The ISSA Journal recently included an article, Sharing Cyber Threat Information: A Legal Perspective, authored by Utsav Mathur and I (David Navetta) concerning potential legal risks associated with intra-industry sharing of cyber-threat information. The article summarizes recent efforts by the US government to encourage more information sharing concerning cyber threats and data-security incidents within industries. Recent Department of Justice and Federal Trade Commission policy statements provide guidance concerning the antitrust legal risks associated with such sharing and how companies may reduce that risk. In addition, a DOJ press release from October 2014 addressed similar issues and cleared … Continue Reading