Federal Trade Commission (FTC)

FTC Seeks Comments on a New Verifiable Parental Consent Mechanism Under COPPA

July 24, 2023 By Kathleen Benway, Maki DePalo and Hyun Jai Oh

On July 19, 2023, the Federal Trade Commission (the “FTC”) announced that it is seeking comment on an application for a new verifiable parental consent mechanism under the Children’s Online Privacy Protection Act (“COPPA”). The application, submitted jointly by the Entertainment Software Rating Board, Yoti, and SuperAwesome (collectively, the “Applicants”), requests the FTC to approve […]

FTC Delays Effective Date of Certain Changes to the Safeguard Rule

November 17, 2022 By Kathleen Benway and Hyun Jai Oh

On November 15, 2022, the Federal Trade Commission (FTC) announced that it is delaying the effective date of certain changes to the Gramm–Leach–Bliley Safeguards Rule. The Safeguards Rule, which first became operative in 2003, imposes certain security requirements on non-banking financial institutions. The FTC amended the Rule in December 2021, and several provisions under the […]

Recent FTC Order Has Implications for Executive Liability and Corporate Data Minimization Practices

October 28, 2022 By Kim Peretti, Alysa Austin and Kristen Bartolotta

On October 24, 2022, the Federal Trade Commission (“FTC”) announced a proposed consent order against both Drizly LLC, an online marketplace for alcohol delivery, and its CEO over the company’s alleged security failures that led to a data breach in 2020, which exposed the personal information of approximately 2.5 million Drizly customers. Drizly and its […]

FTC Issues Advance Notice of Proposed Rulemaking on Commercial Surveillance and Data Security

August 25, 2022 By Dorian Simmons

On August 22, 2022, the Federal Trade Commission (FTC) published its advance notice of proposed rulemaking (ANPR) to request public comment on commercial surveillance and data security practices. The ANPR comes at the same time as Congress is considering the federal American Data Privacy and Protection Act (ADPPA). The FTC seeks public comment on a […]

Schrems 2.0: CJEU invalidates EU-US Privacy Shield and emphasizes exporter obligations when using Standard Contractual Clauses

July 16, 2020 By Paul Greaves and Wim Nauwelaerts

Executive Summary Today, the Court of Justice of the European Union (‘CJEU’) handed down its long-awaited judgment in the ‘Schrems 2.0’ case (Facebook Ireland and Schrems (Case C-311/18)), about the validity of two means of legitimizing transfers of personal data outside the EEA under the EU General Data Protection Regulation (‘GDPR’)[1]. In somewhat of a […]