Peter B. Miller, CIPP/G/US, CIPP/E, CIPM, CIPT

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In part one of our multi-part series regarding the draft CCPA regulations, we focused on businesses’

On October 10, 2019, California Attorney General Xavier Becerra announced a long-awaited notice of proposed rulemaking and draft regulations for the California Consumer Privacy Act (CCPA), California’s new consumer privacy law, which we have analyzed here and here.

In this first part of our multi-part series on the CCPA regulations, we will focus on

NIST has finalized Internet of Things (IoT) risk management guidance, which derived from a draft publication.  The guidance informs government agencies how to understand and manage IoT risks throughout device lifecycles.  Industry can anticipate government focus on three high-level goals:

  1. Device security;
  2. Data security; and
  3. Individual privacy.

The publication highlights three differences between

Join Us For A Complimentary Webinar – Thursday, October 25, 2018 – 12:00 – 1:00 PM ET

Two years into the Trump Administration and:

  • The Consumer Product Safety Commission finally has a Republican majority,
  • the Department of Transportation has released its 3.0 guidance on autonomous vehicles,
  • NIST has published a 375 page recommendation on medical

© Getty Images

On January 8, 2018, the FTC announced settlement of its first connected toy case with VTech Electronics Ltd (“VTech”) for violating the Children’s Online Privacy Protection Act (COPPA) Rules by failing to properly collect and protect personal information about and from children and violating the FTC Act by misrepresenting its security practices. In addition to paying a $650,000 civil penalty, VTech agreed to comply with COPPA, implement and maintain a comprehensive information security program with regular third-party security audits for the next twenty years, and not misrepresent its privacy and data security practices.

The settlement comes more than two years after VTech learned that a hacker had gained remote access to databases for its interactive electronic learning products (ELPs), including for its Kid Connect chat application, in what was described at the time as the largest known hack targeting children. According to the FTC’s Complaint, the hacker accessed VTech’s databases “by exploiting commonly known and reasonably foreseeable vulnerabilities,” and VTech was unaware of the intrusion until it was informed by a reporter.

Continue Reading FTC Settles First Connected Toy Case With VTech After Massive Data Breach

The incoming administration promises big changes to federal consumer protection administration and enforcement. On January 5, 2017, Crowell & Moring’s Advertising & Product Risk Management Group hosted a webinar in which they discussed likely changes on the horizon to the Federal Trade Commission, Federal Communications Commission, and Consumer Financial Protection Bureau.

Please click here to

In its 2012 revisions to the Green Guides (16 C.F.R. Part 260) on environmental marketing claims, the FTC declined to provide guidance regarding “organic” claims, “either because the FTC lacks a sufficient basis to provide meaningful guidance or wants to avoid proposing guidance that duplicates or contradicts rules or guidance of other agencies.” That self-imposed

Miller FTC Image Businesses that try to prevent disgruntled customers from sharing their experiences with other consumers may have to answer to the FTC for engaging in an unfair practice.

In Roca Labs, the FTC filed a complaint against marketers of purported weight loss products who “spent millions of dollars … to serve online advertisements.”  Consumers who went online to complain about their experiences faced threats and lawsuits for violating “a Gag Clause purporting to prohibit purchasers from disparaging Roca Labs, its products, and its employees, regardless of the purchasers’ outcomes.” That Gag Clause, part of the terms and conditions
Continue Reading Don’t Put a Sock In It: FTC Says “Let Customers Complain”

On Monday, September 14, the FTC announced that it had sent letters to five providers of environmental seals and certifications and 32 individual companies using such seals and certifications, warning them against potentially overbroad, deceptive uses. The latest edition of the FTC’s Green Guides contains a section dealing with the use of environmental seals and certifications. 16 C.F.R. Part 260.6. The Guides make clear that labeling a product with an unqualified environmental seal runs the risk of conveying an unsubstantiated and overbroad claim about the overall environmental benefits of a product. Furthermore, third-party seals and certifications do not relieve marketers of the obligation to substantiate all of the claims that they convey to consumers, including claims relating to the seals and certifications. For that reason, the FTC recommends that such seals and certifications be prominently qualified in order to explain to consumers exactly the attributes on which the certification is based. In a blog post regarding the release, the FTC reminds marketers who use a green seal or certification on products that they must “explain what the seal or certification is based on, and it has to be specific. For example, a marketer could say the product is ‘biodegradable’ or ‘recyclable.’ It’s not enough for a seal to just say ‘green’ or ‘eco-friendly;’ in fact, that could be deceptive.”

Chris FTC Enviro Seals Image

The letters to the certifiers focus on the risk of “unqualified general environmental benefit claims [which] likely convey a wide range of meanings, including that a product has specific and far-reaching environmental benefits and that an item has no negative environmental impact.” As the Green Guides state,
Continue Reading The FTC’s Latest Warning Letter Barrage Targets Misuse of Environmental Seals and Certifications.

Smartphone app image
Photo courtesy of Flickr by highwaysengland

The FTC continued its campaign against deceptive health and disease claims with enforcement actions against the marketers of “MelApp” and “Mole Detective,” smartphone apps that claimed to detect melanoma. These enforcement actions follow earlier FTC actions against smartphone apps that claimed to cure acne.

The Commission voted 4-1 to settle deceptive advertising claims against the Mel App defendant and two of the Mole Detective defendants and to litigate against the remaining two Mole Detective defendants.  Commissioner Ohlhausen disagreed with the majority’s interpretation of the melanoma detection claims and thus with the amount of substantiation required.  The settlement agreements require defendants to substantiate future melanoma-related claims with “competent and reliable scientific evidence [that] shall consist of human clinical testing” that meets rigorous scientific standards.  Consistent with her analysis in POM Wonderful, Commissioner Ohlhausen’s dissent made clear that she  would not require such “onerous” substantiation because “substantiation requirements must flow from the claims made by the advertiser” and “[w]ithout extrinsic evidence, I do not have reason to believe that a reasonable consumer would take away the implied claim that using these apps would increase their chances of detecting skin cancer in the early stages as compared to an examination by a dermatologist.”Continue Reading Holy Moly! FTC Says Smartphone Apps Don’t Detect Skin Cancer