Archives: FTC Regulations

Subscribe to FTC Regulations RSS Feed

ALERT – FTC Issues Updated Guidance for Compliance with COPPA

On June 21, 2017, the Federal Trade Commission (FTC) updated its guidance for compliance with the Children’s Online Privacy Protection Act (COPPA).  COPPA regulates websites and other online services in connection with collection of information from children under 13.  The full version of the FTC’s updated guidance is available at The FTC guidance instructs … Continue Reading

FTC Report Highlights Privacy Concerns and Best Practices for Cross-Device Tracking

On January 23, 2017, the FTC released a Staff Report (the Report) on cross-device tracking, a commonly used practice that allows companies to associate multiple internet-based devices with the same consumer in order to track behavior across devices. The Report follows the FTC’s Workshop on cross-device tracking, and alerts companies engaged in cross-device tracking of certain best … Continue Reading

FTC Settles Ashley Madison Data Breach Complaint

The operators of Ashley Madison, the dating website for married people that became famous following its massive data breach in 2015, settled claims brought by the Federal Trade Commission (“FTC”) regarding that breach and their security practices and representations. Ruby Corp., Ruby Life Inc., and ADL Media Inc. (collectively, “Ruby”), named as defendants, were responsible … Continue Reading

OCR: Businesses Sharing Consumer Health Information Must Also Comply With FTC Act

In October 2016, the OCR issued a bulletin clarifying that businesses collecting and sharing consumer health information must comply with the FTC Act. The OCR specifically called out disclosure statements, declaring “You must also make sure your disclosure statements are not deceptive under the FTC Act.” Businesses dealing with health information are likely already familiar … Continue Reading

FTC Takes LabMD to Task for Inadequate Computer Security Practices in Violation of Section 5(n)

In a unanimous opinion, the Federal Trade Commission ruled that an Administrative Law Judge erred when he concluded that the FTC failed to prove that LabMD, a Georgia-based clinical testing laboratory, had engaged in an “unfair or deceptive trade practice” based on inadequate computer security for records containing protected health information (PHI) and sensitive personally … Continue Reading

FTC’s First PrivacyCon Event Reveals Cutting Edge Research in Key Data Privacy Issues and Hot Topics on the FTC’s Radar

The FTC held its first PrivacyCon event on January 14, 2016, bringing together scholars, researchers, and the FTC to discuss the latest privacy and data security research in 5 topic areas: 1) state of online privacy, 2) consumer’s privacy expectations, 3) big data in algorithms, 4) the economics of privacy and data security, and 5) … Continue Reading

No Harm, No Foul – FTC Claims Of Deficient Security Practices Dismissed Based on Insufficient Evidence of Actual Harm

Is it reckless for a bank to leave its vault unlocked? If you accept the reasoning of Federal Trade Commission (FTC) Chief Administrative Law Judge D. Michael Chappell – only if someone actually breaks in and steals something. On this premise, the FTC’s unfair data security practices case against LabMD, a Georgia-based clinical testing laboratory, … Continue Reading

Sponsored Social Media Posts Riskier than Ever

Five months after the Federal Trade Commission (FTC) issued updated guidance regarding paid endorsements, it is clearer than ever that it plans to take increasing action against retailers for soliciting reviews on social media. The FTC’s plans were reinforced on October 15, 2015, when FTC Commissioner Julie Brill, in a keynote address at the Better … Continue Reading

The Third Circuit Court of Appeals’ Wyndham Decision Gives a Green Light to the FTC to Sue Businesses for Lax Cybersecurity Practices Under the Unfairness Prong of Section 5 of the FTC Act

On August 24, 2015, the Third Circuit Court of Appeals affirmed denial of Wyndham Worldwide Corporation’s motion to dismiss the FTC’s lawsuit against it. This ruling is significant for several reasons. First, the ruling finds the FTC has the authority to regulate corporate data security practices under the unfairness prong of Section 5 of the … Continue Reading

New FCC Rules on CPNI Will Impact ISP’s and Businesses Who Rely on Internet Tracking Data

By now, most people know that in its recent Open Internet Order adopted on February 26, 2015, the FCC reclassified internet access services as common carrier “telecommunications services” subject to FCC jurisdiction under the Telecommunications Act of 1996.  The Order imposes a new regulatory framework on internet providers and, among many other things, augurs a … Continue Reading

SMS to Customers Seeking “Opt-In” for Advertisements May Violate TCPA

Customers who walked into a Bebe clothing store, purchased clothing, provided their phone numbers during the sale, and later received a text inviting them to “opt-in” to a list for additional discounts have a claim against Bebe under the Telephone Consumer Protection Act, 47 U.S.C. § 227 ( “TCPA”).  The offending message at issue read: … Continue Reading

FTC Jurisdiction Now Includes Whether Your Data Security Protocols Are Reasonable

When it rains, it pours.  This morning I posted a piece on the Fourth Circuit’s recent decision in FTC v. Ross, WL 703739, No. 12-2340 (4th Cir. Feb. 25, 2014) as a precursor to a case before a district court in New Jersey (FTC v. Wyndham Worldwide Corporation, et. al.) on the scope of the … Continue Reading

FTC v. Ross – Nudging Closer to FTC Jurisdiction Over Internet Data Storage

Data privacy practitioners continue to wait in suspense on the decision of the District Court of New Jersey in FTC v. Wyndham regarding whether the FTC has jurisdiction to regulate the storage and security of consumer information in the Internet space, with defendants there arguing that the FTC lacks explicit jurisdiction over cyberspace matters.  Oral … Continue Reading

State Attorneys General Emerge as Enforcers for Consumer Data Privacy

A recent lawsuit brought by the California state attorneys general accusing Kaiser Permanente of unreasonable delay in revealing a 2011 data breach to affected individuals, continues a rising trend of enforcement of consumer data privacy protections laws by state attorneys general. Traditionally, consumer online and data privacy protection enforcement has been dominated by the Federal … Continue Reading

Industry Steps Up to Establish Guidelines for Mobile Web Environment

Industry members and privacy groups have been on the clock to work out a voluntary standard for notifying users on how their data is collected and used on mobile devices, following prodding by the White House and the Federal Trade Commission. Recently, the Digital Advertising Alliance (“DAA”) followed the Network Advertizing Initiative (“NAI”) in unveiling … Continue Reading

Even More Doing in the World of Robocalls

I wanted to draw folks attention to a recent decision from a federal district court in West Virginia.  The case, Mey v. Pinnacle Security, LLC, 2012 WL 4009718, is significant because it grants summary judgment in favor of a defendant in a TCPA robocall class action.  The reasoning is very interesting; basically, the Court says that … Continue Reading

FTC Disclosures Must Accompany Consumer Testimonials on Pinterest

Businesses are flocking to the social media website Pinterest, a virtual bulletin board that allows businesses and consumers to “pin” online content (images of products and consumer comments) to a board (webpage) which links to the source of the image (company website) and ultimately drives traffic to the company’s website. Pinterest has obvious appeal to … Continue Reading

MySpace Settles FTC Privacy Charges Re Data Sharing

MySpace and the FTC recently announced that they had reached a settlement over charges that the social media platform had misled (its currently 25 Million) users about the extent to which it shared certain personally identifiable information with third-party advertisers.  The FTC asserted that MySpace’s use and sharing of PII beyond the disclosures made in … Continue Reading

Consent Under the TCPA: Does Consent Attach to the Mobile Subscriber or the Number?

Consent – in various iterations – continues to be a crucial issue with most TCPA claims.  The FCC recently issued pronouncements that express consent – in writing – had to be obtained before marketing to mobile phones.  Now comes as an interesting federal appellate decision from the 7th Circuit regarding whether consent is transferable.  In … Continue Reading

FTC Announces Preliminary Agenda for Workshop about Advertising Disclosures in Online and Mobile Media

On May 30th, the FTC will host a one day public workshop to consider the need for new guidance for for online advertisers about making disclosures.  As loyal readers of this blog know, the disclosure obligations created by the FTC’s Revised Guides (and from other sources) are complicated by the size of the “third screen” … Continue Reading

Lots of Unsolicited Texting, Twitter Spam in the News Lately

Couple of interesting articles and news stories of late about the proliferation of unsolicited text messaging and Twitter’s efforts to curb spam.  Regarding the former, expect the recent media attention to result in an uptick in the number of Telephone Consumer Protection Act (TCPA) class actions filed.  An interesting aspect of the NY Times story … Continue Reading

Attention Affiliate Marketers: Revised Business Opportunity Rule Goes Into Effect Tomorrow (March 1)

The Federal Trade Commission’s recently-amended Business Opportunity Rule goes into effect tomorrow, March 1, 2012.  The changes to the BOR were made with an eye towards providing consumers sufficient (and understandable) information when they are considering participation in work-at-home programs or other business opportunities (so-called “bizopps”).  Further to the revised rule, those that are offering bizopps … Continue Reading