In a judgment of August 1, 2022, the Court of Justice of the European Union (CJEU) provided further guidance on two important aspects of the General Data Protection Regulation (GDPR) (CJEU C-184/20). In summary, the CJEU held that, first, for a national law that imposes a legal obligation to process personal data to be able to constitute a legal basis for processing, it needs to be lawful, meaning that it must meet an objective of public interest and be proportionate to the legitimate aim pursued, and second, that non-sensitive data that are liable to reveal sensitive personal data need to be protected by the strengthened protection regime for processing of special categories of personal data.

Continue Reading Processing of Personal Data That May Indirectly Reveal Sensitive Information on the Basis of a Legal Obligation: The CJEU Draws the Contours

The FTC had a lighter week following Labor Day as the Commission hosted a public forum on its proposed rulemaking on commercial surveillance and lax data security practices. A D.C. federal court judge handed the FTC a victory when it denied a request from Facebook to turn over the FTC’s analysis of Facebook’s acquisition of Instagram and WhatsApp. The Commission ended the week by announcing its agenda for an open commission meeting scheduled for September 15. This story and more after the jump. 

Continue Reading FTC Updates (September 5-9, 2022)

The FTC has been aggressive wrapping up the fiscal year before the Labor Day weekend—it initiated several actions across various industries, protecting consumers from sensitive data leak to deceptive “pre-approved” credit offers. The Commission also issued its E-Cigarette Report for 2019-2020, which highlights dramatic surge in sale of flavored disposable e-cigarettes and menthol e-cigarette cartridges. Last but not the least, the FTC is sending checks totaling more than $1.9 million to consumers who bought Hubble brand contact lenses from Vision Path, Inc. This story and more after the jump. 

Continue Reading FTC Updates (August 29-September 2, 2022)

The FTC unveiled its Proposed Rule on Commercial Surveillance and Data Security. The Commission relied on the COVID-19 Consumer Protection Act and the Made in USA Labeling Rule to refer a complaint against personal protective equipment (“PPE”) and light fixture manufacturers. The case marks the second time the FTC has used the Made in the USA Labeling Rule to target companies for allegedly deceptive claims. Commissioner Alvaro Bedoya spoke at the National Association of Attorneys General Presidential Summit on technology threats to consumer protection. These stories and more after the jump.

Continue Reading FTC Updates (August 8-12, 2022)

For the first time, the FTC used its new Made in USA rule to go after a battery manufacturer. The rule, enacted last summer, gives the agency power to seek civil penalties, injunctive relief, and other remedies against companies who use a “Made in USA” label in a misleading way.  The FTC also received a request from the House of Representatives to look into a NFL team’s potentially illegal business practices, and the agency attempted to put a positive spin on a recent DOJ criminal wage-fixing case. These stories and more after the jump.
Continue Reading FTC Updates (April 11-15, 2022)

The FTC had a busy week in the consumer protection realm. The agency settled with several companies over allegations ranging from shoddy data security to a full-on credit card laundering scam. Chair Khan and DOJ Assistant AG Kanter have remained busy in their efforts to gather information on merger guidelines, and, in case there wasn’t enough on the FTC’s plate, a U.S. Senator has asked the agency to dig up evidence of wrongdoing in the gas and oil markets. More on all of this after the jump.

Continue Reading FTC Updates (March 14-18, 2022)

On February 23, join Crowell attorneys Preetha Chakrabarti and Suzanne Trivette and Gail Gottehrer of Gail Gottehrer LLC for “Lawyers in the Metaverse.” Hosted by the National Association of Women Lawyers’ Women in Intellectual Property & Tech Law affinity group of which Preetha and Gail are co-chairs, this timely webinar will help lawyers understand how

Tuesday, November 2, 2021

Deceptive or Misleading Conduct & Consumer Protection

  • The FTC recently issued full refunds totaling over $2 million to consumers who lost money through certain deceptive direct mail schemes. The agency recovered the refunds via a federal district court order resulting from the FTC’s lawsuit against Agora Financial, LLC, NewMarket Health, and other defendants. The lawsuit was based upon two publications defendants marketed to older consumers. One publication contained a protocol promising to permanently cure type 2 diabetes in 28 days, while the other promised to show how to claim money from a secret giveaway by Congress. The FTC obtained the order including consumer refunds before the Supreme Court stripped the agency of its ability to obtain equitable monetary relief in federal court in the April 22, 2021 AMG Capital decision. Congress has not yet acted on the FTC’s request to reinstate this power.


Continue Reading FTC Updates (November 1-5, 2021)

As the world continues to settle into its new normal regulators have so too. Recently, State Attorneys General (AGs) are increasingly focused on several specific enforcement priorities, including (1) price gouging; (2) privacy concerns; (3) antitrust litigation; and (4) harmful substances in products and environmental issues. Many of these priorities have gained prominence in the midst of the COVID-19 pandemic.
Continue Reading Enforcement in the New Normal: Recent Trends in State AG Enforcement

On August 20, 2021, China’s national legislature passed the Personal Information Protection Law (“PIPL”), which will become effective on November 1, 2021. As China’s first comprehensive system for protecting personal information, the PIPL is an extension of the personal information and privacy rights enshrined in China’s Civil Code, and also a crucial element of a set of recent laws in China that seek to strengthen data security and privacy. Among other things, the PIPL sets out general rules for processing and cross-border transfer of personal information. A number of provisions, notably various obligations imposed on data processors, restrictions on cross-border transfer, and hefty fines, will have significant impact on multinational corporations’ HR activities, including recruitment, performance monitoring, cross-border transfers, compliance investigations, termination of employment relationships, and background checks.

This alert will highlight specifically how the PIPL will apply to workplace scenarios in China and provide suggestions to help ensure data privacy compliance for multinational corporations’ China labor and employment operations.

Employee Consent and Exceptions to Consent

Under Article 4 of the PIPL, “personal information” is defined broadly as information related to natural persons recorded electronically or by other means that has been used or can be used to identify such natural persons, excluding information that has been anonymized. Specific types of personal information have been noted for additional protection under Article 28 of the PIPL as “sensitive personal information”. Sensitive personal information is defined under the law as personal information that is likely to result in damage to the personal dignity, physical wellbeing or property of any natural person, and includes, among others, information such as biometric identification, religious belief, special identity, medical health, financial account, physical location tracking and whereabouts, and personal information of those under the age of 14.
Continue Reading Employee Personal Information Protection in China – Are You Up to Speed?