TSCA Reform Center
TSCA Reform Center
Professionals By Name
Professionals By Practice Area
Professionals By Location
Advertising and Promotion
California's Proposition 65
Business Counseling and Transactional
Chemical Control REACH
Employment and Labor
Environmental and Toxic Tort Litigation
Food and Drug
Cannabis, Hemp, and Cannabinoids (CBD)
Tobacco and E-Vapor
Health and Safety Compliance Audit
International Regulatory Affairs
Nanotechnology Strategy, Regulation and Defense
Biocidal Products Regulation (BPR)
Privacy and Internet
Product Stewardship, Green Chemistry and Sustainability
Trade and Professional Associations
Workplace Safety and Health
Washington, DC Office
San Francisco Office
News & Events
Benefits for our U.S. Based Offices
Summer Associate Program
FTC's Annual Privacy and Data Security Report Highlights Connected Products Cases
Jan 31, 2018
The Federal Trade Commission (FTC) has released its annual
Privacy and Data Security Update
for 2017, which summarizes its enforcement activity, public education, and research over the year. Enforcement actions included complaints brought for privacy and data security violations related to connected products and services, many of which we've written about in this space over the past year.
the FTC highlights are a settlement with the ride-sharing service
for misrepresentations about the privacy of customer and driver data and failure to implement reasonable data security, and a settlement with smart television manufacturer
for tracking customer viewing activity without consent. Data security cases also included an action against computer giant Lenovo for selling laptops with preinstalled software that allegedly compromised security to deliver ads, and an action against mobile ad network
for deceptive online tracking. In another notable data security case against computer equipment manufacturer
, the FTC alleged that the company's wireless routers and Internet cameras were susceptible to hackers because of lax security measures. A California district court subsequently dismissed three of the six counts against D-Link. Click on the links above to read articles about these actions published on Keller and Heckman LLP's website and
Consumer Protection Connection
blog throughout 2017.
On the international front, the Commission took its first three enforcement actions under the new U.S.-EU Privacy Shield framework, which in 2017 replaced the U.S.-EU Safe Harbor program. According to the FTC, printing company Tru Communication, human resources software company Decusoft, and real estate leasing company Md7 falsely claimed that they were certified to participate in the EU-US Privacy Shield. The Commission also brought 4 actions under the APEC Cross-Border Privacy Rules (CBPR), charging software protection company Sentinel Labs, messaging service marketer SpyChatter, and cybersecurity software manufacturer Vir2us with violations of the FTC Act for deceptively stating in their online privacy policies that they participated in the APEC CBPR system.
The FTC also took other actions, including approving
TRUSTe's proposed revisions
to its COPPA Safe Harbor program.
In addition to its enforcement and regulatory work, the FTC convened several stakeholder meetings and public workshops during 2017 on topics ranging from emerging issues in consumer privacy and security to connected cars and the general issue of what should constitute actionable "informational injury" for FTC enforcement purposes. Commission staff released several reports, including
Cross-Device Tracking: an FTC Staff Report
which details the challenges and benefits of tracking technology across multiple Internet-connected devices and industry efforts to address privacy and data security issues related to tracking.
With 2017 behind us, 2018 already looks like it will also be a busy year at the FTC. The FTC began 2018 with its first-ever connected toy settlement under COPPA, the first time a COPPA settlement addressed both alleged data security and alleged privacy violations. Connected toymaker
settled with the FTC over alleged COPPA privacy and security violations, agreeing to injunctive provisions and payment of a $650,000 civil penalty. The FTC alleged that Vtech violated COPPA by collecting personal information from children without parental notice and
and failing to take reasonable steps to secure the data it collected.
The Commission has also just taken an
action against a company for deceptive "Made in the USA" advertising
- the third time it has done so in the last twelve months - which indicates the seriousness with which the FTC is approaching enforcement of country-of-origin claims.
The FTC continues to be an active cop on the beat on privacy, data security, advertising, and related consumer protection issues. It also seems likely to continue its useful tradition of seeking to be informed about changes and trends in technology and real-world implications to consumers and businesses before issuing regulations. With four new Commissioners to take office once confirmed by Congress, it will be interesting to see whether they identify new or different priorities for action in the next few years.
For more information, contact Sheila A. Millar at
Tracy P. Marshall at
or +1 202.434.4234.
Subscribe to our blog, the
Consumer Protection Connection
for regular in-depth analysis and updates on important consumer protection developments.
Tracy P. Marshall
Sheila A. Millar
Privacy, Data Security and Digital Media
Join our Mailing List
Updated Privacy and Cookies Policy
© 2020 Keller and Heckman LLP. All rights reserved