The FTC recently released an update to its 2000 report, “Dot Com Disclosures” offering further guidance on effective disclosures for advertising in digital media.

The FTC instructed advertisers to adopt the perspective of a reasonable consumer, and should assume consumers do not read the entire website or screen, just as they don’t read every word on a printed page. Under the new guidance, the required disclosures need to be clear and conspicuous across all devices and platforms. The following is a highlight of some of the guidance provided in the comprehensive report.

Read More

This morning, Congressmen Edward J. Markey (D-MA) and Joe Barton, (R-TX), Co-Chairmen of the Congressional Bi-Partisan Privacy Caucus, hosted a roundtable briefing with Federal Trade Commission (FTC) Chairman Jonathan Leibowitz, FTC Commissioner Julie Brill, and invited representatives of companies and consumer advocacy groups to discuss the “data broker” industry and consumer concerns with the transparency of data collection practices.

Read More

On December 10, 2012, the Federal Trade Commission issued the report, Mobile Apps for Kids: Disclosures Still Not Making the Grade, concluding that mobile app developers have made little progress in providing parents with clear information regarding the data collection and interactive features of apps geared toward children. This new report is a follow up to the FTC’s first survey of children’s apps conducted in 2011.

The new report found a significant discrepancy between the privacy disclosures and the actual practices of many children’s apps. The FTC in the report urges app developers to 1) incorporate privacy protections into the design of the mobile apps and services; 2) provide parents with clear choices about the data collection and sharing; and 3) provide greater transparency regarding how data is collected, used and shared.

In addition, the FTC warned it is launching multiple nonpublic investigations to determine whether certain apps have violated the Children’s Online Privacy Protection Act or engaged in deceptive trade practices.

The full FTC report can be found here: Mobile Apps for Kids: Disclosures Still Not Making the Grade

Written by Nick Stamos, Associate | Alston & Bird LLP

Rep. Ed Markey (D-MA) today introduced in the U.S. House of Representatives the “Mobile Device Privacy Act”, which was numbered H.R. 6377 and will be referred to the House Energy & Commerce Committee for further consideration. Congressman Markey serves as a member of the committee and Co-Chair of the Bi-Partisan Congressional Privacy Caucus. In his released statement, the Congressman remarked, “Consumers should be in control of their personal information, including if and when their mobile devices are transmitting data to third parties.”

Read More

The Department of Commerce announced the approval of the United States’ participation in the Asia-Pacific Economic Cooperation Cross-Border Privacy Rules system (CBPR). The CBPR promotes “a baseline set of data privacy practices for companies doing business in participating APEC economies. The goal of the system is to enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections across the Asia Pacific region.” The CBPR is a voluntary but enforceable code of conduct implemented by participating businesses. In the U.S., the Federal Trade Commission (FTC) will be the Privacy Enforcement Authority (PE Authority).

Read More

On June 26, 2012, the Federal Trade Commission (“FTC”) filed a complaint in federal district court in Arizona against Wyndham Worldwide Corporation and three subsidiaries (“Wyndham”) alleging that the company’s failure to adequately safeguard customers’ personal information led to millions of dollars in losses to fraud.

Read More

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP

Last week the FTC issued its final report to address privacy issues associated with new and emerging technologies and business models (“Report”). This follows the FTC’s preliminary report issued in December 2010. Since the preliminary report, the FTC received and considered over 450 comments prior to making its final recommendations.

The Report articulates a privacy framework of best practices (“Framework”) for businesses to follow in developing and implementing privacy and security practices relating to the collection and use of consumer data. While not legally binding, the Framework is an indication of how the FTC will use its enforcement and regulatory authority, including its authority to challenge unfair or deceptive practices, under Section 5 of the FTC Act. As such, companies should pay close attention to the Framework in order to mitigate any FTC enforcement actions.

Read More

On November 29, the Federal Trade Commission announced that it had entered an agreement and consent order with Facebook Inc. to settle charges made by the FTC that Facebook’s changes to its website’s privacy settings in December 2009 had threatened the “health and safety” of Facebook’s users. As alleged in the FTC’s complaint, Facebook’s 2009 website changes made aspects of users’ profiles, such as name, picture, gender and friends lists public by default, retroactively overriding their existing privacy preferences without their consent. The FTC charged that these changes were in violation of Facebook’s own published privacy policy and, as a result, Facebook engaged in deceptive practices in violation of Section 5 of the FTC Act.

Read More

In light of changes in technology, particularly in the mobile, interactive gaming and social networking space, this past week the FTC formally requested comments to its proposed changes to the Children’s Online Privacy Protection Rule (“COPPA”).  Comments on the proposed changes are due November 28, 2011.

The changes focus on five substantive sections of the rule: (i) definitions, (ii) parental notice, (iii) parental consent, (iv) confidentiality and security, and (v) the self-regulatory safe harbor.  Key highlights are stated below.

Read More

On Thursday, December 2, 2010, the House Energy & Commerce Committee held its last privacy hearing of the year to examine the feasibility of “Do-Not-Track” legislation authorizing the Federal Trade Commission (“FTC”) to establish a mechanism (similar to the popular Do-Not-Call registry) for Internet users to globally opt-out of receiving targeted online advertising based on their Internet behavior (i.e, known in the industry as “online behavioral advertising”). The House hearing was held less than 24 hours after the FTC released a long-awaited report and proposed guidelines for businesses on consumer data practices, including the Do-Not-Track proposal, entitled Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (the “Privacy Report”). This advisory provides a brief summary of both the Privacy Report and the House hearing on the Do-Not-Track proposal.

The advisory is provided in PDF on the Alston & Bird web site: http://www.alston.com/privacy_ftc_issues_privacy_report

The preeminent privacy issue facing the House Energy and Commerce Committee, Senate Commerce Committee, Federal Trade Commission (“FTC”) and Department of Commerce during the 112th Congress will be defining the proper role of the federal government in setting and regulating consumer privacy standards for all businesses operating in the United States. At the forefront of this issue is whether Congress and Obama Administration departments and agencies can agree upon a general framework and legislative language to regulate the collection, use and disclosure of consumer data by businesses, whether they are operating exclusively online, exclusively offline or in both environments. “Every business that sells to consumers likely collects some data on them that they use to enhance their future product and service offerings in order to grow their revenue and expand their customer base. Over the past two years, Congress has been considering legislation that would establish new rules to regulate this important customer relationship, making consumer privacy legislation in the next Congress one of the key issues with broad applicability to businesses, and one issue to which executives will want to pay close attention,” observed former Senate Majority Leader Bob Dole.

Read More

The basic rules governing privacy of customer information have been relatively stable for a number of years. But this regulatory environment is in the midst of fundamental change. This advisory provides a brief summary of existing principles of consumer privacy law, discusses recent developments in the area, and outlines how certain key principles are anticipated to change as a result of slowly emerging shifts in the policy-making and enforcement functions of the Federal Trade Commission, which soon may be codified by Congress into new privacy laws that would apply broadly to commercial industries.

The advisory is provided in PDF on the Alston & Bird web site: http://www.alston.com/privacy_advisory_standards  

The 2010 Edition of Chambers USA: America’s Leading Lawyers for Business once again recognized Alston & Bird’s Privacy and Security Practice as one of the leading practices in the nation. Our Privacy and Security Practice has been recognized every year since Chambers & Partners began listing law firms in this area.

This advisory discusses an FTC-issued Notice of Proposed Rulemaking (the “Proposed Rule” or the “Health Breach Notification Rule”) requiring vendors of personal health records (PHR) and related entities to notify individuals when the security of their individually identifiable health information is breached. The Proposed Rule establishes a new Part 318 of Title 16 of the Code of Federal Regulations for the health breach notification requirement that was mandated by Section 13407 of the American Recovery and Reinvestment Act of 2009 (ARRA). The FTC is accepting comments on the Proposed Rule through June 1, 2009, after which the FTC will issue an interim final rule in early August, as required under ARRA.

The advisory is provided in PDF on the Alston & Bird website: http://www.alston.com/healthcare_ftc_phr_vendor_rule  

This advisory announces that the Federal Trade Commission (FTC) has suspended enforcement of the new “Red Flags Rule” until May 1, 2009. This suspension gives creditors and financial institutions additional time to develop and implement written identity theft prevention programs.

The advisory is provided in PDF on the Alston & Bird web site: http://www.alston.com/healthcare_ftc_suspends_red_flags_rule_compliance