Monday, October 18, 2021

Deceptive or Misleading Conduct & Protecting Older Consumers

  • The FTC issued its latest report to Congress on protecting older consumers, which highlights updated findings from the Commission’s fraud reports showing trends in how older adults report being affected by fraud with the most frequent type of fraud reported by older adults

Tuesday, October 5, 2021

Advertising and Marketing & Privacy and Security

  • The FTC approved a settlement with the operators of MoviePass over allegations that they took steps to block subscribers from using the service as advertised, while also failing to secure subscribers’ personal data. The FTC alleged that MoviePass Inc.—along with CEO Mitchell Lowe, and MoviePass’ parent company and its CEO, deceptively marketed its “one movie per day” service, then deployed deceptive tactics aimed at preventing subscribers from using the service as advertised —actions the FTC alleged violated both the FTC Act and the Restore Online Shoppers’ Confidence Act. The FTC also alleged MoviePass’s operators left a database containing large amounts of subscribers’ personal information unencrypted and exposed, leading to unauthorized access.


Continue Reading FTC Updates – October 2021

First, it was the “Internet of Things” and now it is the “Internet of Dolls.” Mattel, maker of the iconic Barbie doll, has announced plans to introduce “Hello Barbie,” a doll with a Siri-like ability to communicate. The new Barbie, which connects to the cloud through WiFi, can have conversations, tell jokes, and play games with the children who own them.

Hello Barbie also has the ability to listen and learn girl’s preferences and adapt to them accordingly.  During a recent demonstration when a Hello Barbie prototype was asked “What should I be when I grow up?” she responded “Well, you told me you like being on stage. How about a dancer? Or a politician? Or a dancing politician?”

This Barbie doll is likely just the first in what will surely be a long line of dolls and toys that have incredible technological capabilities—whether it is a Siri-like ability to communicate, video recording technology, or the chance to communicate to friends.

But, as these new frontiers of play develop, manufacturers and marketers need to work to ensure that we can strike a balance between innovative play and children’s safety and privacy. And the lines aren’t always clear.


Continue Reading When Your Toys Talk Back: Children’s Privacy and Safety in an Age of Wired Toys

A bill has been introduced in the California legislature that would dramatically increase retailers’ liability for data breaches. Dubbed the “Consumer Data Breach Protection Act,” Assembly Bill 1710 would enact sweeping changes to California’s data breach notification laws, setting short deadlines by which consumers would need to be notified of breaches and increasing the penalties associated with such breaches. AB 1710’s new provisions would apply to all businesses that sell goods or services to California residents and accept credit or debit cards, although the law retains exemptions for certain businesses that are subject to other privacy regulations (such as financial institutions).

The California Retailers Association has already come out in opposition to the bill, and in years past, has successfully fought similar efforts to expand the state’s data breach notification laws. However, given the number of recent high profile data incidents, lawmakers are in a stronger position this year to amend California’s data protection laws. Indeed, as introduced, AB 1710 made only minor nonsubstantive changes to the data privacy laws, but in the wake of various well-publicized data breaches, the bill’s authors substantially amended the bill to increase the “teeth” in the law.

The following briefly summarizes some of the bill’s key proposed changes:

Expands Restrictions on Data Use and Retention. AB 1710 limits retention of “payment-related data” to the amount of time required for “business, legal, or regulatory purposes.” Retention of payment-related data would be prohibited if it is unnecessary for those purposes. The bill also requires businesses to create “payment data retention and disposal” policies specifying the amount of time such data will be retained. The bill prohibits the retention of certain types of data, such as card verification codes, PIN numbers, social security and driver’s license numbers. The bill also forbids the sale of an individual’s social security number. The term “payment-related data” is defined to include all items that fall within the current statutory definition of “personal information,” such as a consumer’s name, social security number, driver’s license number, account numbers, and user name and passwords.


Continue Reading California Legislature Seeks to Restrict Data Use and Ramp Up Retailer Liability for Data Breaches