FTC Defends Expansive Privacy and Data Security ANPR at Public Forum
The FTC continues its defense of the wide-reaching Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security” that the Commission, by a 3-2 vote, issued in August. (See the supporting statements of Chair Lina Khan and Commissioners Rebecca Slaughter, and Alvaro Bedoya, and the dissenting statements of Commissioners Christine Wilson and Noah Phillips.)
On Thursday, September 8, the FTC hosted a public forum on the notice, featuring remarks by Chair Khan, Commissioner Bedoya, and panels featuring guests representing industry and consumer interests. (more…)
FTC ANPR Explores Wide Ranging Topics for Privacy and Cybersecurity Rulemaking
On Thursday, August 11, the Federal Trade Commission (“FTC”) announced that it is exploring rules to crack down on harmful commercial surveillance and lax data security practices. The FTC’s Advance Notice of Proposed Rulemaking (“ANPR”) solicits public comment on whether it should put into effect new rules and restrictions concerning standards and requirements for information security, the ways in which companies collect and process data in commercial contexts, and whether any practices related to the transfer, sharing, selling, or other monetization of personal information should be categorized as unfair or deceptive. The FTC voted 3-2 to publish the notice, with Chair Khan and Commissioners Slaughter and Bedoya voting in favor and issuing separate statements. Commissioners Phillips and Wilson voted against publication and also issued separate dissenting statements. The following Monday, Commissioner Phillips announced he would be leaving the FTC this fall.
Suits Against Google Signal Increased ‘Dark Patterns’ Scrutiny
*This article first appeared on Law360 on June 16, 2022
Pending lawsuits against Google LLC illustrate how regulators and plaintiffs lawyers are increasingly wielding a dark patterns theory in challenging companies’ practices involving consumers.
The attorneys general of Washington, D.C., Washington state, Texas and Indiana all filed complaints against Google, alleging that the company tricks consumers into providing their location data, on Jan. 24. (more…)
Third Time’s a Charm? Privacy Shield Agreement Reached In Principle
The U.S. President and European Commission President announced in a joint press statement on March 25th, 2022 that an agreement “in principle” has been reached on a new Trans-Atlantic Data Privacy Framework (Privacy Shield Agreement 2.0). Once approved and implemented, the agreement would facilitate the transatlantic flow of personal data and provide an alternative data transfer mechanism (in addition to EU Standard Contractual Clauses and Binding Corporate Rules) for companies transferring personal data from the EU to the U.S. This is a welcome announcement for companies that have been dealing with the legal uncertainty of such data flows following the Schrems II decision in July 2020, which invalidated the EU-U.S. Privacy Shield 1.0 for international transfers of personal data.
Data Protection in Financial Services Week 2022
WEBINAR
From February 28-March 3, Sidley and OneTrust DataGuidance hosted their annual Data Protection in Financial Services (DPFS) Week, a series of webinars looking at the impacts of data privacy across the financial sector. Industry speakers covered a range of issues including:
- How the latest privacy and cybersecurity developments in Europe and the U.S. have impacted financial services
- How new and existing privacy and cyber requirements intersect with finance-specific regulation
- What financial organizations can do to keep ahead of the curve in the ever-evolving data privacy and cyber landscape
- How to deal with and manage the key issues for 2022, such as AI, data governance, and international transfers
FTC Announces it May Pursue Rulemaking to Combat Discrimination in AI
On December 10, the Federal Trade Commission (FTC) announced it is considering a rulemaking on commercial Artificial Intelligence (AI). The purpose of the rulemaking, according to an advanced notice of proposed rulemaking (ANPRM) titled “Trade Regulation in Commercial Surveillance,” would be “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”
While not formally part of the rulemaking process mandated by the Administrative Procedure Act, advanced notices allow agencies to solicit public comment before drafting more specific proposals. The FTC has not yet issued privacy or artificial intelligence rules, though it has indicated that such rulemaking is on the horizon. The December 10 ANPRM is another signal that the FTC is gearing up to develop substantive privacy guidelines. (more…)
FTC Issues Civil Penalty Notice to 700 Companies Regarding Endorsements and Reviews
The U.S. Federal Trade Commission (FTC) on October 13 published a Notice of Penalty Offenses advising more than 700 companies that they could incur significant civil penalties if they use endorsements in ways that run counter to the FTC’s guidance. The FTC, in its own words, “blanket[ed] industry” with these notices to send a “clear message” that companies cannot use “fake reviews and other forms of deceptive endorsements” to “cheat consumers and undercut honest businesses.” (more…)
Changes to FTC Rulemaking Procedures Herald More Aggressive Action on Consumer Privacy
On July 22, 2021, the Federal Trade Commission finalized important changes to its procedures for rulemaking under Section 18 of the FTC Act. Section 18 authorizes the Commission to make regulations, termed “Trade Regulation Rules,” (or “Magnuson-Moss Rules” after their authorizing statute), which “define with specificity” conduct that violates the FTC Act’s ban on “unfair or deceptive” business practices. Section 18 rules are promulgated through a “hybrid rulemaking” process that includes, if an interested party requests it, an “informal hearing” with limited opportunities for oral presentation and cross-examination by representatives of stakeholder groups. (more…)
Federal Trade Commission Hosts Panels Related to Consumer Privacy and Data Security at PrivacyCon
This summer, the Federal Trade Commission (“FTC”) hosted its sixth annual PrivacyCon, an event focused on the latest research and trends related to consumer privacy and data security. This years’ event was divided into six panels: Algorithms; Privacy Considerations and Understandings; Adtech; Internet of Things; Privacy-Children and Teens; and, Privacy and the Pandemic. Welcoming attendees and kicking off the event, Commissioner Rebecca Kelly Slaughter called for minimization of data abuses and for a move away from the notice and consent model of privacy in favor of data minimization. PrivacyCon topics are selected by the FTC and often seen as an indication of enforcement priorities. (more…)
