Privacy & Data Protection

Photo Credit: Jason Trim (Flickr)

Vizio Reaches $2.2 Million Settlement With FTC, New Jersey, For Failing to Obtain Viewer Consent to Track and Sell Viewing Habits to Third Parties

Traditionally, advertisers purchase ad inventory during television programs based on basic demographic information regarding viewer attributes. Thus, while ads may reach viewers of a particular gender and age range, those ads may not necessarily reach the consumers that are most interested in their products or services.  Thus, advertisers are increasingly interested in more finely targeting their advertising and sending a specific television commercial to a specific household based on the viewing activities in that household.  In order to pinpoint their targets, marketers rely on data extending beyond demographic information that includes information on consumer viewing and internet habits.  While targeting commercials to specific households can be highly beneficial to marketers (allowing them to send their ads to the consumers most interested in seeing them) and consumers (showing them the ads they most want to see), marketers must remember that the basic requirements of advertising law still apply.  Thus, in collecting data, marketers must ensure that they clearly disclose their data collection practices up front, obtain consent from consumers before collecting and sharing highly specific information regarding their viewing practices, and make it easy for consumers to opt out.


Continue Reading Failure to Obtain Viewer Consent Leads to $2.2 Million Settlement for Vizio

In Spokeo, Inc. v. Robins, the U.S. Supreme Court has issued yet another narrow decision—apparently designed to avoid a 4-4 deadlock—in another hard-fought, potentially divisive case on its docket this term. On May 16, 2016, the Court held 6-2 that the Ninth Circuit had erred in not asking whether plaintiff Robins had alleged that he suffered a “concrete” harm—actual, rather than hypothetical, damage—as a result of statutory violations by defendant Spokeo.

In reaching this decision, the Court reaffirmed that plaintiffs bringing class actions in federal court must do more than allege a “mere technical violation” of a statute or regulation. In order to demonstrate that they have a real stake in the case—or “standing”—as required in federal court by Article III of the Constitution, they must also explain how the violation in question caused them real harm. At the same time, however, the majority was careful to point out that, “in some circumstances,” plaintiffs could base standing on procedural or technical violations if coupled with a “real risk of harm.” And the Court remanded the specific question of whether Robins himself had alleged that he suffered real harm as a result of Spokeo’s technical violations.

In sending the case back to the Ninth Circuit, then, the Court left the deeper issues in the case unresolved—inviting further litigation over what its holding means in specific cases.Continue Reading Keeping It “Real”: Supreme Court Holds That Consumers Must Allege Real Harm

FLC Pic

On February 12, 2016, the Federal Bar Association will host a day-long Fashion Law Conference at Parsons School of Design (Starr Foundation Hall in the New School’s stunning new University Center) on the last day of New York Fashion Week!

Speakers include in-house counsel from The Estee Lauder Companies, Inc., Tiffany & Co., New York

Kate Smartphone Keyboard

Just in time for the holiday shopping rush, “Hello Barbie” has hit the shelves.  This Barbie actually talks back to its playmates and is the latest high-tech version of the iconic doll. The secret to this innovation? The Internet. Toymaker Mattel partnered with software firm ToyTalk to equip the doll with a microphone, voice-recognition, and cloud-based intelligence to give Barbie “call-and-respond” functionality. (Think Siri talking through Barbie.) Hello Barbie is yet another example
Continue Reading Hello Barbie (and Lawsuit)

The Third Circuit’s Monday decision in FTC v. Wyndham Worldwide confirmed the Federal Trade Commission’s (FTC) statutory authority to pursue enforcement actions for allegedly “unfair” data security practices under Section 5 of the FTC Act. Many believe that the decision will embolden the FTC to continue aggressively regulating what it considers to be unreasonable data

The Federal Trade Commission (FTC) has struck again in the data privacy world, this time at 13 companies that allegedly misrepresented in their privacy statements that they were U.S.-EU or U.S.-Swiss Safe Harbor certified. This latest enforcement sweep demonstrates the FTC’s privacy focus and reinforces the need for companies to make accurate public representations.

The FTC charged the 13 companies with misleading consumers and has proposed placing them under a familiar 20-year consent order. The consent order requires the companies to refrain from  misrepresenting privacy or security program adherence and to keep strict records for the FTC’s overview. For the next 20 years, any companies that disobey the consent order will be subject to a $16,000 civil penalty per violation.

The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks (collectively, “Safe Harbor”) are the most popular of several mechanisms through which companies can legally transfer personal data from Europe to the United States. There are currently over 4,300 U.S. companies certified to the U.S.-EU Safe Harbor.

As FTC Chairwoman Edith Ramirez said this week, “The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are important agreements, and the FTC remains strongly committed to enforcing them. Companies must not deceive consumers about their participation in these programs.”

The FTC’s focus on Safe Harbor enforcement, and privacy enforcement in general, raises concerns for companies of all sizes. Indeed, the FTC has now undertaken 39 Safe Harbor-related enforcement actions against both small and large U.S. companies in the past five years. Here are five key items for companies to review based on the lessons learned from these settlements:Continue Reading Recent FTC Safe Harbor Enforcement Takeaways

First, it was the “Internet of Things” and now it is the “Internet of Dolls.” Mattel, maker of the iconic Barbie doll, has announced plans to introduce “Hello Barbie,” a doll with a Siri-like ability to communicate. The new Barbie, which connects to the cloud through WiFi, can have conversations, tell jokes, and play games with the children who own them.

Hello Barbie also has the ability to listen and learn girl’s preferences and adapt to them accordingly.  During a recent demonstration when a Hello Barbie prototype was asked “What should I be when I grow up?” she responded “Well, you told me you like being on stage. How about a dancer? Or a politician? Or a dancing politician?”

This Barbie doll is likely just the first in what will surely be a long line of dolls and toys that have incredible technological capabilities—whether it is a Siri-like ability to communicate, video recording technology, or the chance to communicate to friends.

But, as these new frontiers of play develop, manufacturers and marketers need to work to ensure that we can strike a balance between innovative play and children’s safety and privacy. And the lines aren’t always clear.Continue Reading When Your Toys Talk Back: Children’s Privacy and Safety in an Age of Wired Toys

The CapitolLast week, the Senate broke Congressional silence by passing Resolution 101 – enunciating the chamber’s position on how the country should approach the burgeoning technology of the “Internet of Things,” or what’s more commonly known as the “IoT.” Amidst a series of recent hearings in both the House and the Senate, the IoT industry and

To tackle the challenges of launching products on the Internet of Things, the FTC recommends designing security into interconnected products from the outset as well as monitoring products post sale to quickly identify security risks. Most consumer product companies already have similar programs in place to ensure the safety of the products and meet CPSC

At this year’s National Law Journal (NLJ) Regulatory Summit in Washington, DC, held on December 1, 2014, speakers focused on the current and future of the federal regulatory landscape in the United States.  Highlights included:

  • Former Congressional Leaders Speak on Future Trends in Health Care and Other Sectors

The featured speakers included former U.S. Senate Majority Leader Tom Daschle and Former Speaker of the House of Representatives Dennis Hastert.The former congressional leaders spoke of the current political division between what Daschle described as “rugged individualism versus collective action.”  While acknowledging an increased divide between political parties, the speakers hoped to see possible movement in some areas, possibly in the areas of Medicare, Medicaid or tax reform.Much of their discussion focused on health care issues as prominent areas of focus going forward, although they predicted more action in the courts and at the state level than at the federal level.Trends to watch for included a movement away from fee for service, and also continued emphasis on wellness extending beyond the health care sector and into businesses themselves as a way to reduce health care costs.

Continue Reading Highlights from the National Law Journal Regulatory Summit 2014