On November 9, 2020 the FTC entered into a consent agreement with Zoom Video Communications, Inc. to address concerns over the videoconferencing platform’s security practices. With the onset of the COVID-19 pandemic, the need for a reliable, online videoconferencing and meeting platform skyrocketed. Zoom met that need. It advertised its platform as a secure space with various safety measures to protect user data, including “end-to-end” 256-bit encryption. In short order, individuals, businesses, and organizations quickly flocked to the user-friendly communications platform; and, by the end of April 2020 Zoom’s user base was booming.

Then came a backlash of sorts. The FTC began investigating Zoom’s security practices, and private plaintiffs brought class-action lawsuits alleging violations of the California Consumer Privacy Act and failure to adhere to Zoom’s terms of service. The FTC’s complaint alleged several concerns with Zoom’s advertising and security promises, concluding that Zoom made misleading claims about the strength of its encryption and security of its platform that gave customers a false sense of security. The five-count complaint alleged that Zoom:Continue Reading FTC “Zooms” Into Settlement Agreement with Communications Company Over Concerns with its Security Practices

Monetary penalties are the attention-grabbing headline when the FTC or any regulator brings an enforcement action against a company.  They are the looming threat to incentivize and influence compliance.  Over the summer, FTC Chairman Joseph J. Simons (“Chairman Simons”) issued a statement in connection with a settlement that Chairman Simons believes “the goal of a civil penalty should be to make compliance more attractive than violation.  Said another way, violation should not be more profitable than compliance.”
Continue Reading FTC Fines: FTC Chairman Reminds Companies That Fines Are the FTC’s Strategic Tool To Deter Noncompliance

On September 17, 2020, four Republican Senators (Roger Wicker – Mississippi, Chairman, John Thune – South Dakota, Deb Fischer – Nebraska, and Marsha Blackburn – Tennessee) introduced sweeping federal privacy legislation entitled: Setting an American Framework to Ensure Data Access, Transparency, and Accountability (“SAFE DATA”) Act. This proposed comprehensive national privacy law has three main components:

  1. Provides consumers with more choice and control over their data
  2. Directs business to be more transparent and accountable
  3. Strengthens the FTC’s enforcement power

Continue Reading Federal Data Privacy Legislation: Will it Help the US Remain Competitive in the Global Marketplace?

Across the country, school districts use technology to facilitate learning and assist in classroom management. From tracking grades and communicating with parents to monitoring bathroom breaks, technology is everywhere in our schools. But as technology becomes more prevalent in the classroom, what does that mean for student data privacy?

Federal Laws Governing Student Data Privacy

There are several federal laws that govern student data privacy. The Family Educational Rights and Privacy Act (FERPA) protects student educational records and requires the consent of parents or students age 18 or older to consent to the release of education records. The Protection of Pupil Rights Amendment (PPRA) requires parental consent for any federally funded student survey or evaluation that requires the student to provide sensitive information. Lastly, the Children’s Online Privacy Protection Act (COPPA) regulates companies collecting data about kids under the age of thirteen. Under the law, educational products may not require parental consent, and instead, schools can consent on behalf of parents. Importantly, the Federal Trade Commission (FTC) is considering updating COPPA’s regulations. The FTC requested comments on the rule in July and held a workshop in October.Continue Reading Trends in Student Data Privacy

On October 31, a bipartisan group of senators introduced the Filter Bubble Transparency Act (FBTA), an act which would require large online platforms to be more transparent in their use of algorithms driven by user-specific data.

“This legislation is about transparency and consumer control,” said Senator John Thune (R-S.D.).

“For free markets to work as effectively and as efficiently as possible, consumers need as much information as possible, including a better understanding of how internet platforms use artificial intelligence and opaque algorithms to make inferences.”

The bill is named after Eli Pariser’s book The Filter Bubble, which argues that the personalized search results generated by user-specific data can trap users in an ideological bubble by filtering out content contrary to their ideological viewpoints.Continue Reading Bipartisan Bill Seeks to Increase Internet Transparency and Consumer Control Over Content

In August, the Federal Trade Commission (FTC) approved changes to a video game industry program in an effort to ensure compliance with the Children’s Online Privacy Protection Act (COPPA). This comes after a 2017 study finding that YouTube, the video platform owned by Google, is the most popular online media platform among children, with as many as 80% of children ages 6-12 using it daily. Yet YouTube claims in its Terms of Service that the platform is not intended for anyone under the age of 13, and by agreeing to the terms, consumers affirm that they are indeed at least 13 years old. Users also agree to Google’s privacy policy, which details how Google collects data such as a viewer’s device, location, or phone number, and tailors advertisements and services based on that data.Continue Reading FTC Under Pressure from Congress to Investigate Violations of Child Privacy Laws

Beginning in 2020, California residents will have the right to opt out of the sale of their personal information under the California Consumer Privacy Act of 2018 (CaCPA or also called CCPA). It is time to revisit your third-party service provider agreements.  Companies now have two reasons to ensure that service provider agreements restrict the use or sale of personal information: to comply with CaCPA and to reduce risk of an FTC enforcement action.
Continue Reading Preparing for 2020: Check In On Your Vendors

In the matter of LabMD Inc. v. Federal Trade Commission, case number 16-16270, the U.S. Court of Appeals for the Eleventh Circuit ruled against the FTC, finding that the order against LabMD for lax data security measures was not enforceable.

The FTC’s original order against LabMD was due to a 2008 security incident where a LabMD employee downloaded a program which exposed customer information over the internet. Although customer harm was never shown by FTC, in 2016 the agency issued a Final Order against LabMD for unreasonable data security practices. The case was eventually brought before the Eleventh Circuit by LabMD to determine if the alleged failure to implement reasonable data security measures in 2008 was an unfair practice under Section 5(a) of the FTC Act.Continue Reading FTC’s Loss in the Eleventh Circuit Will Not Impede Data Security Enforcement

U.S. Senate leaders may be close to reaching an agreement on a legislative proposal that would establish a national data breach notification and security standard (the Data Acquisition and Technology Accountability and Security Act) which would streamline nationwide reporting requirements for businesses.  However, there are a plethora of reasons it may not make

On January 8, 2018, the FTC announced that VTech, maker of electronic toys for children, agreed to settle charges that it violated the law by collecting personal information without parental consent.

When Congress enacted the Children’s Online Privacy Protection Act (COPPA) in 1998, it directed the FTC to create a rule implementing the goal of