On April 22, 2025, the Federal Trade Commission (FTC) published the finalized amendments (Amendments) to the Children’s Online Privacy Protection Rule (COPPA Rule) that would impose additional restrictions on website and online service operators that collect personal information from children under the age of thirteen. The Amendments will become effective on June 23, 2025. Operators […]
FTC
To Delete or Not to Delete: Can 23andMe Really Sell Genetic Data Via Bankruptcy?
On March 23, 2025, 23andMe Holding Co. (“23andMe”) filed for bankruptcy in the Eastern District of Missouri, potentially setting in motion the sale of genetic data collected from more than 15 million people. This has led to news outlets and state Attorneys General encouraging consumers to delete their 23andMe data before it is sold as […]
FTC Finalizes COPPA Rule Amendments
On January 16, 2025, the Federal Trade Commission (FTC) voted 5-0 to approve the finalized amendments to the Children’s Online Privacy Protection Rule (COPPA Rule) that would offer additional privacy safeguards for children under the age of thirteen. The amened COPPA Rule will require operators to obtain separate verifiable parental consent before disclosing personal information […]
Data Breach Notification Requirements under the Safeguards Rule Now in Effect
For years, the Gramm-Leach-Bliley Act (GLBA) has required financial institutions to maintain reasonable safeguards for consumer data, but has only had limited breach-reporting requirements. To the extent financial institutions were subject to breach-reporting obligations, these were set by non-GLBA legislation, such as state law, or by relatively narrow incident-reporting rules under Interagency Guidelines overseen by […]
FTC Denies an Application to Add a New Verifiable Parental Consent Mechanism Under COPPA Rule Without Prejudice
On March 29, 2024, the Federal Trade Commission (the “FTC”) published a unanimous decision to deny an application by the Entertainment Software Rating Board, Yoti, and SuperAwesome (collectively, the “Applicants”) to add a new verifiable parental consent (“VPC”) mechanism under the Children’s Online Privacy Protection Rule (“COPPA Rule”). The application, which our previous blog post […]