The FTC’s COPPA Conundrum: Ambiguities in the Rule and a Death of Authoritative Guidance Leave the Agency Vulnerable to Legal Challenges

This article was originally published by the ABA’s ANTITRUST magazine in its Summer 2022 issue.

The Children’s Online Privacy Protection Act (COPPA) and the Federal Trade Commission’s COPPA-enforcing rule have increasing relevance for all businesses that interact directly with consumers online—including companies that do not regard themselves as marketing directly to children. Both the FTC and state Attorneys General are active in enforcing COPPA, and companies can often be caught off guard by government inquiries scrutinizing their compliance. (more…)

, , , ,
Sean Royall

Dallas, Washington, D.C.

sroyall@sidley.com

Meru Data Podcast Features Sidley Associate Lauren Kitces

Sidley associate Lauren Kitces was featured on Simplify For Success, a podcast series presented by Meru Data and hosted by Priya Keshav. Lauren discussed FTC’s proposed rulemaking regarding data privacy and data security, and shared her thoughts on how to prepare for the FTC enforcement.

, , ,

FTC Defends Expansive Privacy and Data Security ANPR at Public Forum

The FTC continues its defense of the wide-reaching Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security” that the Commission, by a 3-2 vote, issued in August. (See the supporting statements of Chair Lina Khan and Commissioners Rebecca Slaughter, and Alvaro Bedoya, and the dissenting statements of Commissioners Christine Wilson and Noah Phillips.)

On Thursday, September 8, the FTC hosted a public forum on the notice, featuring remarks by Chair Khan, Commissioner Bedoya, and panels featuring guests representing industry and consumer interests. (more…)

, , , , ,

FTC ANPR Explores Wide Ranging Topics for Privacy and Cybersecurity Rulemaking

On Thursday, August 11, the Federal Trade Commission (“FTC”) announced that it is exploring rules to crack down on harmful commercial surveillance and lax data security practices.  The FTC’s Advance Notice of Proposed Rulemaking (“ANPR”) solicits public comment on whether it should put into effect new rules and restrictions concerning standards and requirements for information security, the ways in which companies collect and process data in commercial contexts, and whether any practices related to the transfer, sharing, selling, or other monetization of personal information should be categorized as unfair or deceptive.  The FTC voted 3-2 to publish the notice, with Chair Khan and Commissioners Slaughter and Bedoya voting in favor and issuing separate statements.  Commissioners Phillips and Wilson voted against publication and also issued separate dissenting statements.  The following Monday, Commissioner Phillips announced he would be leaving the FTC this fall.

(more…)

, , , , , , ,

Suits Against Google Signal Increased ‘Dark Patterns’ Scrutiny

*This article first appeared on Law360 on June 16, 2022

Pending lawsuits against Google LLC illustrate how regulators and plaintiffs lawyers are increasingly wielding a dark patterns theory in challenging companies’ practices involving consumers.

The attorneys general of Washington, D.C., Washington state, Texas and Indiana all filed complaints against Google, alleging that the company tricks consumers into providing their location data, on Jan. 24. (more…)

, , , ,

Convergence in Antitrust and Privacy Law: An Interview With Colleen Brown and New Partner Sean Royall

Sean Royall, new Sidley partner and co-leader of the firm’s global Antitrust and Consumer Protection practice, sits down with Colleen Brown to discuss the convergence in antitrust and consumer protection law. They cover the U.S. Federal Trade Commission’s (FTC) promotion of a more inter-disciplinary approach of looking at data issues, the practical effects that the closer coordination of the FTC’s antitrust and consumer protection branches would have on clients, and what law firms can be doing in response to the increasingly interrelated areas of antitrust and privacy.

(more…)

, ,

Antitrust and Consumer Protection at Last Converge

Antitrust and consumer protection law—long separate provinces, even within a dual-mission government enforcement agency like the FTC that covers both fields—at last seem to be converging, as reflected in recent government enforcement activity, statements by the FTC’s leadership, and novel private litigation theories. Sean Royall, who co-leads Sidley’s Antitrust and Consumer Protection practice and is a former Deputy Director of the FTC’s Bureau of Competition, recently called attention to this trend in an article published in Corporate Counsel magazine. (more…)

, , ,
Sean Royall

Dallas, Washington, D.C.

sroyall@sidley.com

Third Time’s a Charm? Privacy Shield Agreement Reached In Principle

The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring personal data from the EU to the U.S. This is a welcome announcement for companies that have been dealing with the legal uncertainty of such data flows following the Schrems II decision in July 2020, which invalidated the EU-U.S. Privacy Shield 1.0 for international transfers of personal data.

(more…)

, , , , , , ,

Data Protection in Financial Services Week 2022

WEBINAR

From February 28-March 3, Sidley and OneTrust DataGuidance hosted their annual Data Protection in Financial Services (DPFS) Week, a series of webinars looking at the impacts of data privacy across the financial sector. Industry speakers covered a range of issues including:

  • How the latest privacy and cybersecurity developments in Europe and the U.S. have impacted financial services
  • How new and existing privacy and cyber requirements intersect with finance-specific regulation
  • What financial organizations can do to keep ahead of the curve in the ever-evolving data privacy and cyber landscape
  • How to deal with and manage the key issues for 2022, such as AI, data governance, and international transfers

(more…)

, , , , , , , , , ,

FTC Announces it May Pursue Rulemaking to Combat Discrimination in AI

On December 10, the Federal Trade Commission (FTC) announced it is considering a rulemaking on commercial Artificial Intelligence (AI). The purpose of the rulemaking, according to an advanced notice of proposed rulemaking (ANPRM) titled “Trade Regulation in Commercial Surveillance,” would be “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”

While not formally part of the rulemaking process mandated by the Administrative Procedure Act, advanced notices allow agencies to solicit public comment before drafting more specific proposals. The FTC has not yet issued privacy or artificial intelligence rules, though it has indicated that such rulemaking is on the horizon.  The December 10 ANPRM is another signal that the FTC is gearing up to develop substantive privacy guidelines. (more…)

, , ,