The Cybersecurity Law Report

Incisive intelligence on cybersecurity law and regulation

Articles By Topic

By Topic: COPPA

  • From Vol. 4 No.2 (Jan. 31, 2018)

    Lessons and Trends From FTC’s 2017 Privacy and Data Security Update: Enforcement Actions (Part One of Two)

    In its recently released Privacy & Data Security Update, the FTC recapped its 2017 privacy and data security enforcement actions, advocacy, workshops and guidance, providing valuable information about steps companies can take to ensure their privacy and data security measures are up-to-snuff. In this first part of our article series covering lessons from the Update, we examine, with expert insight, enforcement highlights – from financial services actions to general privacy cases – and what these actions tell us about steps companies should take to comply with applicable laws and steer clear of the FTC’s reach. Part two will cover what can be learned from the FTC’s 2017 workshops and guidance and shed light on what to expect from the agency in 2018. See also “FTC Priorities for 2017 and Beyond” (Jan. 11, 2017).

    Read Full Article …
  • From Vol. 3 No.18 (Sep. 13, 2017)

    Focus on Children’s Privacy by FTC and Plaintiffs Calls for Prioritizing COPPA

    The FTC and private plaintiffs have sharpened their focus on children’s privacy and COPPA in recent months. Updated COPPA guidance and approval for changes to a valuable safe harbor program for companies have been issued by the FTC. In addition, private plaintiffs are attempting to find ways to bring civil suits based on COPPA concepts despite the lack of a private right of action in the regulation itself. Companies “absolutely need to start thinking very seriously about COPPA compliance and the FTC’s warning. If the FTC starts to make enforcement a priority, it can certainly take a lot of steps to impose hefty sanctions on companies that are found out of compliance,” Eimer Stahl partner Dan Birk told The Cybersecurity Law Report. See also “Enforcing Consumer Consent: FTC Focuses on Location Tracking and Children’s Privacy” (Jul. 6, 2016). 

    Read Full Article …
  • From Vol. 3 No.1 (Jan. 11, 2017)

    FTC Priorities for 2017 and Beyond

    From holding events on ransomware, disclosure and marketing tactics, to entering into settlement agreements for the misuse of location data, to tackling APEC’s privacy framework for the first time, 2016 was a busy year for the FTC’s privacy and security enforcement arm. The Commission’s actions indicate that it is intending to keep pace with the latest tech and policy developments. But what is in store for 2017? At IAPP’s recent Practical Privacy Series conference, FTC Commissioner Maureen Ohlhausen discussed the agency’s priorities for the coming year. See also “Demystifying the FTC’s Reasonableness Requirement in the Context of the NIST Cybersecurity Framework (Part One of Two)” (Oct. 19, 2016); Part Two (Nov. 2, 2016).

    Read Full Article …
  • From Vol. 3 No.1 (Jan. 11, 2017)

    Privacy, Security Risks and Applicable Regulatory Regimes of Smart TVs

    Technology often outpaces regulation. Connected devices such as smart TVs are no exception. Like other devices in the growing Internet of Things, smart TVs provide a variety of conveniences and content options to their users, along with a range of serious data privacy and security risks, and regulators are struggling to keep pace with developments. In a recent WilmerHale program, attorneys D. Reed Freeman and Sol Eppel discussed the FTC’s December 2016 workshop, and detailed the regulatory and legal regimes that may affect smart TV manufacturers, providers and users. See also “New NIST and DHS IoT Guidance Signal Regulatory Growth” (Nov. 30, 2016).

    Read Full Article …
  • From Vol. 2 No.16 (Aug. 3, 2016)

    Is Pokémon Go Pushing the Bounds of Mobile App Privacy and Security?

    The popularity of the new app Pokémon Go, an augmented reality game in which players use their mobile devices to catch Pokémon characters in real-life locations, continues to grow despite security and privacy concerns. Intelligence firm Sensor Tower estimates the game has been downloaded 75 million times. The game’s success brings to light a number of privacy issues generally tied to the collection, storage and sharing of user information by mobile apps, as well as users’ control of those actions and the app’s disclosure practices. Justine Gottshall, a partner at InfoLawGroup, and Shook, Hardy & Bacon attorney Eric Boos recently spoke with The Cybersecurity Law Report about these issues as well as the recently filed lawsuit alleging that the Pokémon Go terms of service and privacy policy are deceptive and unfair. See “Legal and Regulatory Expectations for Mobile Device Privacy and Security” Part One (Feb. 3, 2016); Part Two (Feb. 17, 2016).

    Read Full Article …
  • From Vol. 2 No.14 (Jul. 6, 2016)

    Enforcing Consumer Consent: FTC Focuses on Location Tracking and Children’s Privacy

    The FTC is using its enforcement power to ensure meaningful choice when it comes to geo-location tracking that companies use to gain key marketing data, particularly when children are involved. The FTC brought an action against the global online advertising company InMobi alleging that the company had tracked millions of mobile app users, including children, even when they had opted out, and had misrepresented its practices to app developers and publishers. In the recent settlement, InMobi agreed to pay a significant fine and comply with a detailed long-term injunction. Donna Wilson, Manatt partner, told The Cybersecurity Law Report that companies should expect a “continued emphasis” from regulators on children’s privacy and geo-location practices, as well as a closer look at “how companies’ conduct in that area lines up with what they are telling either consumers and/or business partners and other third parties.” See also “FTC Director Analyzes Its Most Significant 2015 Cyber Cases and Provides a Sneak Peek Into 2016” (Jan. 6, 2016).

    Read Full Article …
  • From Vol. 2 No.9 (Apr. 27, 2016)

    Designing Privacy Policies for Products and Devices in the Internet of Things

    The connectivity of common devices, from watches to refrigerators, brings with it multiplying privacy challenges. Traditional ways of explaining privacy choices do not always work in this space, and manufacturers, consumers and regulators are struggling to find balance between privacy and convenience. Dana Rosenfeld and Crystal Skelton, Kelley Drye & Warren partner and associate, respectively, talked to The Cybersecurity Law Report about challenges and solutions for designing the Internet of Things for privacy. See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things” (May 20, 2015).

    Read Full Article …
  • From Vol. 1 No.10 (Aug. 12, 2015)

    Navigating the Evolving Mobile Arena Landscape (Part Two of Two)

    Mobile devices, and their constantly changing technology, present unique cybersecurity and privacy issues.  In the second installment of our coverage of a recent panel at PLI’s Sixteenth Annual Institute on Privacy and Data Security Law, Aaron P. Simpson, a partner at Hunton & Williams and H. Leigh Feldman, global chief privacy officer at Citi, discuss these challenges and contextualize relevant policy and regulatory landscapes in the U.S. and Europe, including enforcement activity.  The first article in the series explained the specific challenges related to mobile and wearable technology and presented best practices for stakeholders as consumers demand control of their information.  See also “Tackling Privacy and Cybersecurity Challenges While Fostering Innovation in the Internet of Things,” The Cybersecurity Law Report, Vol. 1, No. 4 (May 20, 2015). 

    Read Full Article …
  • From Vol. 1 No.8 (Jul. 15, 2015)

    Understanding and Mitigating Liability Under the Children’s Online Privacy Protection Act

    Faced with the threat of steep civil penalties that can arise from active FTC enforcement, operators of commercial websites must exercise caution when collecting personal information from children under the age of 13.  The long reach of the Children’s Online Privacy Protection Act (COPPA) applies not only to first-party website operators but also extends to third parties that collect personal information on behalf of first-party operators in certain circumstances.  In a recent presentation, attorneys Julia Siripurapu and Ari Moskowitz of Mintz Levin discussed key provisions and implementation of COPPA, including compliance, enforcement and applicability to third parties.  They also provided advice on best practices for websites and online services regarding the collection and use of children’s personal information, and for educational institutions as parental agents.

    Read Full Article …