Thursday, November 10, was a big day for the FTC asserting its competition authority, from an announcement to strengthen FTC enforcement of Section 5 to weighing in on hiring restrictions. These stories, plus warnings of limited options for medication, an upcoming open Commission meeting, and more, after the jump.
The FTC had its hands full last week with enforcement actions—releasing orders and a warning letter in matters across the board from consumer privacy, to COVID-19, and to advertising. More on these actions, as well as an update on a forthcoming event on consumer privacy and data security, after the jump.
The FTC’s past week focused on the future. From Director Levine’s comments about consumer protection in the digital era to the House passing H.R. 3843, the FTC is in a forward-looking posture. More on this, as well as a settlement secured by the FTC, after the jump.
The FTC had an active week and addressed numerous topics, including ways to protect older adults and gig economy workers. Notably, the FTC released a report showing the rise in sophisticated dark pattern practices and the Commission’s commitment to combatting them. The Commission also announced a proposed rule targeting government and business impersonation scams. This story and more after the jump.
The FTC has been aggressive wrapping up the fiscal year before the Labor Day weekend—it initiated several actions across various industries, protecting consumers from sensitive data leak to deceptive “pre-approved” credit offers. The Commission also issued its E-Cigarette Report for 2019-2020, which highlights dramatic surge in sale of flavored disposable e-cigarettes and menthol e-cigarette cartridges. Last but not the least, the FTC is sending checks totaling more than $1.9 million to consumers who bought Hubble brand contact lenses from Vision Path, Inc. This story and more after the jump.
On August 24, 2022, the California Attorney General’s Office announced a settlement with Sephora, Inc. (Sephora), a French multinational personal care and beauty products retailer. The settlement resolved Sephora’s alleged violations of the California Consumer Privacy Act (CCPA) for allegedly failing to: disclose to consumers that the company was selling their personal information, process user requests to opt out of sale via user-enabled global privacy controls, and cure these violations within the 30-day period currently allowed by the CCPA.
The FTC released its policy paper and fact sheet urging state legislatures to avoid using Certificate of Public Advantage (“COPA”) laws and instead invited state lawmakers to work collaboratively with competition policy experts to minimize the potentially harmful effects of further hospital consolidation. This follows that Agency’s recent blocking of a number of healthcare provider mergers, emphasizing the Commission’s focus on preventing what it considers anticompetitive hospital mergers. The Agency also announced that it will be sending out checks totaling more than $822,000 to borrowers that lost money to a student loan debt-relief scheme. These stories after the jump.
The FTC announced two victories in separate actions against Personal Protective Equipment (“PPE”) companies and secured more than $17 million for consumers. In the two cases, the FTC has alleged that California-based Glowyy and Louisiana-based American Screening each failed to deliver PPE products within promised time periods during the early stages of the COVID-19 pandemic. In addition, the FTC announced a new action and consent agreement against online homebuying firm Opendoor Labs, Inc. for allegedly misleading claims about the benefits of its service. Last, the Commission is sending checks totaling more than $1 million to 1,966 consumers who were harmed by a debt collection scam. These stories and more after the jump.
Last week, the President signed the Internet of Things (IoT) Cybersecurity Improvement Act into law, kicking off a multi-year process that will culminate in the first-ever federal requirements for IoT devices. Under the law, the National Institute of Standards & Technology (NIST) is now charged with drafting and finalizing security requirements for IoT devices, as
On November 3, 2020, California voters approved California Proposition 24, also known as the California Privacy Rights Act of 2020, or CPRA. The CPRA expands protections afforded to personal information, building off of the California Consumer Privacy Act (CCPA), which took effect in January of this year. While some of the CPRA changes will take effect immediately, most will not become enforceable until July 1, 2023, and apply only to personal information collected after January 1, 2022.
At 54 pages long, the CPRA makes numerous changes to the CCPA, ranging from minor revisions to the introduction of new concepts and the creation of several new consumer rights. Some of the most impactful changes are discussed below. A series of future client alerts will explore the nuances of these changes in greater detail.
Sensitive Personal Data
The CPRA establishes new rules for a category of “sensitive personal information,” which includes, for example, genetic data and religious or philosophical beliefs, and is defined as personal information that reveals:
(1)
(2)
This definition is among the most impactful changes in the CPRA, given the breadth of data that it sweeps in, along with the creation of new disclosure and opt-out rights associated with “sensitive personal information.” These changes will likely require covered businesses to dive into their data, map it, and ensure they are compliant.
In addition, the CPRA creates a right for consumers to “limit use and disclosure of sensitive personal information.” Similar to existing CCPA opt-out rights, beginning in 2023, consumers may direct businesses that collect sensitive personal information to limit its use to that “which is necessary to perform the services or provide the goods reasonably expected by an average consumer” or to perform a small subset of specifically identified exempt services. Significantly, exemptions to the opt-out will include short-term, transient advertising, and “performing services on behalf of the business,” but not general advertising and marketing, nor long-term profiling or behavioral marketing technologies.
Continue Reading CCPA 2.0? California Adopts Sweeping New Data Privacy Protections