FTC Defends Expansive Privacy and Data Security ANPR at Public Forum

The FTC continues its defense of the wide-reaching Advance Notice of Proposed Rulemaking (ANPR) on “Commercial Surveillance and Data Security” that the Commission, by a 3-2 vote, issued in August. (See the supporting statements of Chair Lina Khan and Commissioners Rebecca Slaughter, and Alvaro Bedoya, and the dissenting statements of Commissioners Christine Wilson and Noah Phillips.)

On Thursday, September 8, the FTC hosted a public forum on the notice, featuring remarks by Chair Khan, Commissioner Bedoya, and panels featuring guests representing industry and consumer interests. (more…)

The California Age-Appropriate Design Code Act Dramatically Expands Business Obligations

On September 2, 2022, the California Age-Appropriate Design Code Act (the “Act”) (effective July 1, 2024) was passed by the California legislature, and on September 15, 2022 was signed into law by Governor Newsom.  This Act dramatically expands business obligations and will force entities that provide an online service, product, or feature that is “likely to be accessed by children” (“Product”) to implement stringent privacy settings for users under 18. It aligns in many respects with the United Kingdom’s Age Appropriate Design Code, which passed in 2020. Together, these laws represent a significant shift in the regulatory landscape of children’s digital services.

The overarching policy of the Act is to require such entities to prioritize the best interests of children when developing and implementing their services.  The Act implements this policy through a number of stringent requirements, including using language in privacy notices that is age-appropriate, undertaking physical and mental well-being impact assessments for existing and new products and services, and implementing stringent requirements on such entities use of the data as a default.

(more…)

Big California Privacy News: Legislative and Enforcement Updates

Privacy never sleeps in California.  In recent days and as California’s legislative session comes to a close, there have been a number of significant legislative and regulatory developments in the state, each of which will likely (again) change the privacy landscape in California and, by extension, the rest of the country.  For businesses operating in California or whose websites, products or services reach California residents, these changes mean new compliance obligations, some of which could require significant investments of time and resources.  The impact of these changes highlight once again how the United States lacks a consistent national policy on privacy that could be set by a comprehensive federal privacy law.  (more…)

FTC ANPR Explores Wide Ranging Topics for Privacy and Cybersecurity Rulemaking

On Thursday, August 11, the Federal Trade Commission (“FTC”) announced that it is exploring rules to crack down on harmful commercial surveillance and lax data security practices.  The FTC’s Advance Notice of Proposed Rulemaking (“ANPR”) solicits public comment on whether it should put into effect new rules and restrictions concerning standards and requirements for information security, the ways in which companies collect and process data in commercial contexts, and whether any practices related to the transfer, sharing, selling, or other monetization of personal information should be categorized as unfair or deceptive.  The FTC voted 3-2 to publish the notice, with Chair Khan and Commissioners Slaughter and Bedoya voting in favor and issuing separate statements.  Commissioners Phillips and Wilson voted against publication and also issued separate dissenting statements.  The following Monday, Commissioner Phillips announced he would be leaving the FTC this fall.

(more…)

Reflecting on the UK Inaugural DaTA Conference: Top Five Trends to Watch as Global Regulators Step up Enforcement in Digital Markets

Last week, the UK Competition and Markets Authority (CMA) hosted its inaugural Data, Technology, and Analytics (DaTA) Conference.

The CMA DaTa Conference has been hailed as a milestone as it convened for the first time regulators, data scientists, engineers, tech companies, and academics to discuss evolving challenges in digital markets. The conference coincided with London Tech Week, during which Chris Philp, UK Minister for Tech and the Digital Economy, unveiled a new UK Digital Strategy: the UK government’s vision for regulating digital markets, involving a monitoring framework and outcomes-focused regulation. The government has opened a public consultation, and stakeholders have until September 5, 2022, to offer their views on the proposed approach.

Against this background, here is our selection of the top five trends that stood out over the course of the CMA DaTa Conference. (more…)

Connecticut Makes Five: The Constitution State Enacts Broad Data Privacy Law Effective July 2023

Connecticut has passed a new state data privacy law slated to go into effect on July 1, 2023.  The law largely tracks other new state data privacy laws recently passed in Virginia and Colorado, but also includes several provisions that could impact compliance plans, including a new obligation to provide a mechanism for consumers to revoke their consent to the processing of their data. (more…)

Suits Against Google Signal Increased ‘Dark Patterns’ Scrutiny

*This article first appeared on Law360 on June 16, 2022

Pending lawsuits against Google LLC illustrate how regulators and plaintiffs lawyers are increasingly wielding a dark patterns theory in challenging companies’ practices involving consumers.

The attorneys general of Washington, D.C., Washington state, Texas and Indiana all filed complaints against Google, alleging that the company tricks consumers into providing their location data, on Jan. 24. (more…)

UK Consults on Algorithmic Processing

Algorithms touch upon multiple aspects of digital life, and their use potentially falls within several separate – though converging – regulatory systems. More than ever, a ‘joined up’ approach is required to assess them, and the UK’s main regulators are working together to try to formulate a coherent policy, setting an interesting example that could be a template for global approaches to digital regulation. (more…)

Data Regulation Ramps Up in Europe: DMA, DSA, and the UK Online Safety Bill

Location
WEBINAR
REGISTER HERE
11:00 a.m. ET | 4:00 p.m. BST | 5:00 p.m. CET

Date
Wednesday, June 8, 2022

Since the EU announced its Digital and Data Strategy in February 2020, the European Commission has released several legislative proposals to regulate digital platforms and services, including with respect to access and the use of data. Included within the proposals are the Digital Markets Act (DMA) and the Digital Services Act (DSA).

(more…)

The Digital Markets Act Is Almost Here: 10 Things to Know About the EU’s New Rules for Big Tech

As regulators around the world fiercely debate new ways to oversee competition in the digital sector, the EU is on the brink of formally approving a landmark new law. The Digital Markets Act (DMA) will impose a stringent regulatory regime on large online platforms (so-called “gatekeepers”) and give the European Commission (Commission) new enforcement powers, including an ability to impose severe fines and remedies for noncompliance.

Once it comes into force, the DMA is set to revolutionize the way in which so-called Big Tech is regulated in the EU, shifting toward ex-ante rulemaking and away from traditional after-the-fact enforcement. Given the far-reaching nature of the DMA obligations, their effects will likely be felt globally.

There is a lot to digest, so below is our breakdown of the top 10 key points you should know about the EU’s new rules. (more…)