On August 9, the US District Court of Georgia ruled that the FTC had provided “broad and detailed evidence” for its allegations that a tech company and its CEO engaged in deceptive advertising and unfair fee practices in violation of Section 5 of the FTC Act. The FTC’s 2019 complaint alleged the defendants made deceptive representations to customers and charged hidden, unauthorized fees in connection with the company’s “fuel card” as well as through co-branded cards, to companies in the trucking and commercial fleet industry. The FTC’s factual allegations include the following: Continue Reading Court Orders Injunctive Relief Against Tech Company for Deceptive Advertising, Unfair Fee Practices

On August 10, the CFPB issued an interpretive rule stating that digital marketing providers that are involved in the identification or selection of prospective customers or the selection or placement of content to affect consumer engagement including purchase or adoption behavior, are subject to the CFPB’s jurisdiction. The rule ostensibly clarifies the scope of companies that are “service providers” under the Consumer Financial Protection Act (“CFPA”) to include digital marketing providers, and thereby subjecting them to the CFPB’s authority to prohibit unfair, deceptive, abusive acts or practices (UDAAPs). Continue Reading CFPB’s New Interpretive Rule Sets Sights on Digital Marketing Vendors

This is not a drill.

Companies and law enforcement agencies around the world have been left scrambling after the world’s most prolific ransomware attack hit over 500,000 computers in 150 countries over a span of only 4 days. The ransomware – called WannaCry, WCry, WannaCrypt, or WannaDecryptor – infects vulnerable computers and encrypts all of the data. The owner or user of the computer is then faced with an ominous screen, displaying a countdown timer and demand that a ransom of $300 be paid in bitcoin before the owner can regain access to the encrypted data. The price demanded increases over time until the end of the countdown, when the files are permanently destroyed. To date, the total amount of ransom paid by companies is reported to be less than $60,000, indicating that companies are opting to let their files be destroyed and to rely instead on backups rather than pay the attackers. Nevertheless, the total disruption costs to businesses is expected to range from the hundreds of millions to the billions of dollars.
Continue Reading WannaCry Ransomware Alert

The Federal Trade Commission recently proposed several updates to the Children’s Online Privacy Protection Act of 1998 (COPPA).

COPPA currently provides that operators of websites and other online services that collect personal information online about children under 13, or whose websites or services are directed at children under 13, must:Continue Reading FTC Proposes Updates to Children’s Online Privacy Law

The preliminary Staff Report issued by the FTC earlier this month is the most aggressive effort by the FTC to date on the issue of online and mobile privacy generally. The preliminary Staff Report proposes a “do not track” mechanism along with an overall online privacy framework that would rigidly regulate how information is collected both online and through mobile devices, how it can be used, and how it must be stored. Deviating from the distinction between “personally-identifiable information” and “non-personally-identifiable information” that has formed the foundation for other privacy regulations and legislation, the framework proposed in the preliminary Staff Report maintains that such dichotomy is no longer relevant. Because this is arguably a profound change in the existing state of regulation in this area, the preliminary Staff Report is being circulated for comment before it becomes final. This article provides a basic outline of the proposed framework for those who may not already be familiar with the preliminary Staff Report.
Continue Reading The Federal Trade Commission’s Proposed Framework For Consumer Privacy Protection – The Basics