• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Consumer Finance ABstract

  • Home
  • Services
  • Contacts

High Profile Settlements, Strengthened Data Security Orders, and COPPA: The FTC’s 2019 Privacy and Data Security Update

March 3, 2020 By Kathleen Benway

A&B ABstract

Each year the Federal Trade Commission (the “FTC” or “Commission”) publishes a report on its activities with respect to consumer privacy and data security during the prior year.  On February 25, 2020, the Commission released its 2019 Privacy and Data Security Update. The update contains a summary of the FTC’s enforcement, advocacy, and rulemaking actions as well as its activities with respect to its privacy and security-related workshops, consumer education and business guidance, and international engagement.  The update is a useful way to see what the FTC focused on in the prior year and where to expect continued interest. Some highlights from the update are provided below.

 Discussion

In the enforcement space, the FTC update spotlights its two most high-profile settlements to date: Facebook and Equifax.  First, in July 2019 the FTC and the Department of Justice’s announced a joint settlement with Facebook based on allegations that the company’s misrepresentations and consumer privacy failures violated its 2012 order.  The 2019 settlement order imposed a record-setting $5 billion penalty and included a number of provisions designed to change Facebook’s overall approach to privacy.  The settlement is currently pending approval by the United States District Court for the District of Columbia. Also, in July 2019, the FTC announced a settlement with Equifax for alleged data security violations, including Gramm-Leach-Bliley Act violations, that affected 147 million people.  The settlement included a payment of up to $700 million to help consumers affected by the breach and was part of a global resolution with a consumer class action, the Consumer Financial Protection Bureau, and 50 states and territories.

Data Security Orders

The FTC’s enforcement actions over the past year with respect to data security incidents also highlight the Commission’s efforts to strengthen its data security orders, including through increased specificity, increased accountability of third- party assessors, and improved corporate governance on data security issues.  Each category of improvement is reflected in seven data security orders issued by the FTC over the past year against companies in a range of industries: ClixSense (pay-to-click survey company), i-Dressup (online games for kids), DealerBuilt (car dealer software provider), D-Link (Internet-connected routers and cameras), Equifax (credit bureau), Retina-X (monitoring app), and InfoTrax (service provider for multilevel marketers).

COPPA

The FTC’s update also makes clear the FTC’s continued focus on the Children’s Online Privacy Protection Act (“COPPA”) in 2019 and beyond.  In September 2019, the FTC and New York Attorney General settled with Google, and its subsidiary YouTube over allegations it collected personal information, including in the form of persistent identifiers, from viewers of child-directed channels without first notifying parents and getting their consent.  The $170 million judgment is the largest civil penalty under COPPA. In 2019 he FTC also settled charges against Musical.ly, now known as TikTok, for $5.7 million for illegally collecting personal information from children on a child-directed app.  The FTC also announced it was seeking comments on the effectiveness of the 2013 amendments to the COPPA Rule and hosted a workshop in October 2019 to discuss whether additional changes are needed.

Other Concerns

The FTC update describes other areas of focus, including credit reporting and financial privacy, Do Not Call and telemarketing, and international enforcement. You can read the entire update here.

Filed Under: Federal Trade Commission (FTC), Online Privacy, Privacy and Cybersecurity

About Kathleen Benway

Kathleen Benway concentrates her practice on government investigations and corporate compliance related to consumer protection issues, including privacy, security, advertising, and marketing.

[Read Bio]

Primary Sidebar

RECEIVE EMAIL NOTIFICATIONS WHEN NEW POSTS ARE ADDED.

A confirmation email has been sent to the email address provided.


Tags

#California #CCPA #CFPA #CFPB #COVID=19 #debtcollection #FCRA #FDCPA #GSEs #Massachusetts #mortgageservicing #New York #NYDFS #Part419 #Privacy #QMPatch #redlining #validwhenmade abusive ATR/QM CARES Act Case law Connecticut Covid-19 CSBS Cybersecurity data breach Debt Collection DOJ Eleventh Circuit Fair Lending fintech Forbearance Foreclosure HUD licensing mortgage lending Mortgage Servicing passive investors QM QM Patch Regulation F Servicing student loan servicing UDAAP

Secondary Sidebar

Categories

Recent Posts

  • Illinois Proposes Rules Implementing Its Community Reinvestment Act for Banks, Mortgage Lenders, and Credit Unions
  • Supreme Court Wrestles with Scope of Attorney-Client Privilege
  • CFPB Proposes Nonbank Registry to Focus on Compliance “Recidivism”
  • New York Amends Disclosure Requirements for Telemarketers
  • 38 Attorneys General Ask SCOTUS to Determine the CFPB’s Fate
Copyright © 2023 · Alston & Bird · All Rights Reserved. Privacy.