Federal Trade Commission (FTC)

In two recent proposed consent orders by the Federal Trade Commission (FTC or Commission), the agency has emphasized critical data governance practices that all data controllers should carefully consider. These cases, Gravy Analytics/Venntel and Mobilewalla, primarily focus on issues related to the brokerage of consumer mobile device location data and other adtech and data broker practices. However, the settlements, and the learnings that can be gleaned from them, are relevant beyond location data and these specific industries. Indeed, the data governance measures required of the respondents by the FTC signal the FTC’s thinking around what it considers proper data governance and privacy compliance programs, and can be used as a guide as to how companies in all industries should be framing such programs to both avoid FTC scrutiny and address compliance with the patchwork of state consumer privacy laws.Continue Reading What Should Data Controllers Take Away From Recent FTC Privacy Case Settlements?

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2024 Data Privacy Thought Leadership Series

The Trade Practitioner Blog Features Post on Key Takeaways from the Proposed August 2024

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Deep Fake of CFO on Videocall Used to Defraud Company of US$25M | Privacy World

Address Cyber-risks From Quantum Computing

Acting expeditiously in part in response to recent events, the Federal Communications Commission (“FCC”) declared on February 8 that the Telephone Consumer Protection Act’s “restrictions on the use of ‘artificial or prerecorded voice’ encompass current [artificial intelligence (“AI”)] technologies that generate human voices.” Therefore, the FCC ruled “calls that use such technologies fall under the TCPA and the [FCC’s]…implementing rules and…require the prior express consent of the called party to initiate such callas absent an emergency purpose or exemption.” If telemarketing is involved, prior express written consent is required. However, contrary to other media reports, the FCC ruling neither bans use of AI, nor even requires consent to use AI to create content that is in text or that is subsequently converted into artificial voice. Rather, it merely equates AI-voice generation to other forms of artificial or prerecorded voice messages for TCPA consent purposes. Since prior express consent to use of artificial or prerecorded voice messages is what the TCPA requires, that is what the consent should cover. However, it is advised that the use of AI to generate such audio content should also be disclosed as part of the consent.Continue Reading FCC Rules Voice-Cloned Robocalls Are Covered by the TCPA as Artificial/Pre-Recorded

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Ten Things About Artificial Intelligence (AI) for GCs in 2024 | Privacy World

CCPA Regs Effective Immediately, No One-Year Delay

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

2023 Cybersecurity Year In Review | Privacy World

FTC Consumer Protection and Data Protection Insights for 2024 | Privacy World

2023 was another busy year in the realm of data event and cybersecurity litigations, with several noteworthy developments in the realm of disputes and regulator activity.  Privacy World has been tracking these developments throughout the year.  Read on for key trends and what to expect going into the 2024.

Growth in Data Events Leads to Accompanying Increase in Claims

The number of reportable data events in the U.S. in 2023 reached an all-time high, surpassing the prior record set in 2021.  At bottom, threat actors continued to target entities across industries, with litigation frequently following disclosure of data events.  On the dispute front, 2023 saw several notable cybersecurity consumer class actions concerning the alleged unauthorized disclosure of sensitive personal information, including healthcare, genetic, and banking information.  Large putative class actions in these areas included, among others, lawsuits against the hospital system HCA Healthcare (estimated 11 million individuals involved in the underlying data event), DNA testing provider 23andMe (estimated 6.9 million individuals involved in the underlying data event), and mortgage business Mr. Cooper (estimated 14.6 million individuals involved in the underlying data event). Continue Reading 2023 Cybersecurity Year In Review

On January 18, during a luncheon fireside chat at the California Lawyers Association’s UCL Institute event in Los Angeles, Federal Trade Commission (“FTC”) Bureau of Consumer Protection Director Samuel Levine shared his insights on what data practices are of concern to him and to the FTC.  Companies should take heed of his comments, the highlights

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Privacy Challenges for Digital Advertising, Particularly in Europe

The Online Safety Act: Does this present a difficult balancing act for