FTC
By Destiny Ginn
Under a proposed stipulated order dated September 11, 2023, background check providers, Instant Checkmate, TruthFinder, The Control Group media company, IntelicareDirect, and PubRec, will be required to pay $5.8 million for alleged violations of the Fair Credit Reporting Act (FCRA) for activities as consumer reporting agencies (CRA) and of the Federal Trade Commission Act (FTC Act) for deceptive activities.
Read MoreBy Sheila Sokolowski and Kate Black
In a joint letter sent to 130 hospital systems and telehealth providers, the Federal Trade Commission (FTC) and the U.S. Department of Health and Human Services (HHS) warned health care providers, both those covered by HIPAA and those not, about their potential to violate the HIPAA Rules, FTC Act and FTC Health Breach Notification Rule (HBNR) when they use technology that tracks users’ activities on their websites and apps.
Read MoreOn May 22nd, 2023, the Federal Trade Commission (FTC) issued a proposed order against Edmodo, LLC (“Edmodo”), a California-based education technology provider, for allegedly violating the FTC’s Children’s Online Privacy Protection Rule (“COPPA Rule") by illegally collecting the information of children and using that information for advertising, and for allegedly violating Section 5 of the FTC Act by unfairly burdening schools and teachers with COPPA-compliance responsibilities. In a first for an FTC order, Edmodo is prohibited from requiring students to hand over more personal data than is reasonably necessary to participate in online educational activities.
Read MoreBy Kate Black and Sam Castic
The Federal Trade Commission recently announced two enforcement actions under the FTC Act against digital health companies that focus on the use and disclosure of information for online advertising purposes. The agency's complaints against GoodRx and BetterHelp exhibit several shared themes and offer five lessons for companies that are looking to make sense of the enforcement actions. While these cases are both focused on companies in the health sector, these lessons relate to the FTC's current interpretation of unfair acts and deceptive practices that are unlawful for all types of companies under Section 5 of the FTC Act. For this reason, they should be considered by any company engaging in common online advertising practices.
Read MoreOn March 2, 2023, the Federal Trade Commission (FTC) issued a proposed consent order with BetterHelp, Inc. (BetterHelp), an online counseling service, for allegedly misrepresenting its privacy practices and sharing information about consumers’ interest in or use of mental health counseling services (which the FTC alleges to be sensitive health information), in violation of Section 5 of the FTC Act. The proposed order also requires BetterHelp to pay $7.8 million to the FTC for redress to consumers. This is to settle charges that it injured consumers when its unfair business practices led to consumers’ information being shared with third parties, such as Facebook and Snapchat, for advertising purposes after promising consumers it would keep such data private.
Read MoreBy Sheila Sokolowski, Kate Black, and Mason Fitch
On February 1st, 2023, the Federal Trade Commission (FTC) issued a proposed order against GoodRx Holdings, Inc. (GoodRx), a digital health platform, for allegedly violating Section 5 of the FTC Act by making deceptive statements about its sharing of health data. In addition, in its first enforcement action under a decade-old Health Breach Notification Rule, the FTC alleged that GoodRx failed to notify its users of the unauthorized disclosure of their health data to advertising platforms. The Department of Justice filed the order along with a complaint on behalf of the FTC in California federal court. GoodRx subsequently agreed to the FTC’s stipulated order.
Read MoreBy Sheila Sokolowski and Charlotte Lunday
Following up on its warning that it would be cracking down on Education Technology companies, the Federal Trade Commission (FTC) issued a proposed order against Chegg Inc., an online tutoring and homework aid service for high school college students, for lax security practices. According to its complaint, the FTC alleged that Chegg violated Section 5 of the FTC Act by failing to implement reasonable security measures to protect student and employee data and deceptively claiming in its privacy notice that it engaged in commercially reasonable security measures to protect users’ personal data.
Read MoreThe Federal Trade Commission hosted an event October 19, 2022, discussing digital advertising to kids. The event primarily focused on “blurred” or “stealth” advertising.
Read MoreBy Susan Hintze and Sam Castic
On August 11, 2022, the Federal Trade Commission (“FTC”) published an advance notice of proposed rulemaking (“ANPR”) in a 3-2 vote on party lines requesting public comment on questions covering a wide range of “commercial surveillance” and data security practices. The FTC defines “commercial surveillance” to include a wide array of practices most businesses commonly engage in with their customers and employees. The FTC’s scope of data security practices includes expected areas such as data breach response but also includes data management, retention, and data minimization areas it has not dedicated significant attention to in the past. The FTC provided additional summaries of these practices in a “fact sheet” it released with the ANPR.
Read MoreOn May 19, 2022, the FTC issued a stern warning to ed-tech providers regarding compliance with COPPA suggesting enhanced enforcement in this area. Citing “the steady proliferation of technologies that allow, and business models that depend on, the online collection and monetization of consumers’ personal information” and “the development of ever more sophisticated targeting practices,” the Federal Trade Commission (FTC) voted unanimously to issue a policy statement regarding collection of children’s information by ed tech providers. The Policy Statement of the Federal Trade Commission on Education Technology and the Children's Online Privacy Protection Act states that the FTC “intends to scrutinize compliance with the full breadth of the substantive provisions of the COPPA Rule and statutory language.” The FTC’s statement highlights COPPA’s limitations on collection, use and retention of children’s personal information and security requirements, all of which apply to COPPA-covered ed-tech companies.
Read MoreOn November 9, 2020, the Federal Trade Commission (FTC) announced a proposed settlement with Zoom Video Communications, Inc. (Zoom). The FTC alleged in its complaint that Zoom engaged in both deceptive and unfair trade practices under the Federal Trade Commission Act relating to the security of its services and claims it made about that security.
Read MoreBy Smriti Chandrashekar
On October 23, 2017, the U.S. Federal Trade Commission (“FTC”) issued guidance on the online collection of certain audio voice recordings from children under the age of 13. The guidance, in the form of an “enforcement policy statement” discusses the application of the Children’s Online Privacy Protection Act (“COPPA”) to such recordings.
Read MoreBy Carolyn Krol
On June 21, 2017, the U.S. Federal Trade Commission (“FTC”) published an update to the Children’s Online Privacy Protection Rule (“COPPA”) compliance plan for businesses. The FTC Business Blog describes the update as a reflection of the developments in the marketplace, such as internet-connected toys. The compliance plan provides businesses with a step-by-step guide to determine if a business activity is covered by COPPA, and if so, how to comply with COPPA.
Read MoreBy Mike Hintze
On Wednesday, December 7, 2016, the Federal Trade Commission held a Smart TV workshop, as part of its Fall Technology Series.
Read MoreBy Carolyn Krol
On Thursday, October 13, 2016, the Federal Trade Commission (“FTC”) held an afternoon workshop exploring drones as part of its series of fall technology events.
Read MoreOn February 29, 2016, the European Commission issued a draft “adequacy decision” introducing the EU-U.S. Privacy Shield (“Privacy Shield”). The Privacy Shield replaces the U.S.-EU Safe Harbor Framework (“Safe Harbor”) as the new data transfer agreement legitimizing transfer of EU personal data to the U.S. by certifying participants. As described and linked to in the Commission’s press release, several U.S. government agencies have provided written commitments to enforce the Privacy Shield. These commitments will be published in the U.S. Federal Register.
Read MoreBy Jeanie Gong and Susan Lyon-Hintze
On January 27, 2015, the Federal Trade Commission (“FTC”) released its new report on data protection for users of the Internet of Things (“IoT”) which includes connected products such as health and fitness monitors, home security devices, connected cars and household appliances. The report focuses on the following areas: security, data minimization, and notice and choice.
Read MoreThe FTC has updated its Children's Online Privacy Protection Act (COPPA) FAQs providing new guidance regarding verifiable parental consent, including an alternative method of verification, clarifying ability of operators to use third parties to obtain consent; and the potential liability of those third parties consent providers.
Read More