On July 24, 2019, the FTC announced a $5 billion settlement with Facebook to address Facebook’s alleged violations of the FTC Act and its 2012 consent order with the FTC. The settlement comes as no surprise to the privacy community – Facebook has been closely scrutinized by the public and regulators since the Cambridge Analytica data incident in March 2018 and indicated to investors earlier this year that it anticipated a fine from the FTC between $3 and $5 billion.

We have read the complaint, settlement, and press releases issued by the FTC and Facebook, and provide our thoughts below on what it means for business:
Continue Reading

In the past five months, we’ve seen a significant shift in the direction of privacy regulation at the federal level. As discussed in our previous post, Congress voted (and President Trump signed) a resolution repealing last year’s FCC Order that imposed greater obligations on broadband Internet service providers and other carriers regarding the protection of customer data. The FCC and FTC also announced that they intend to reverse the FCC’s 2015 decision to treat broadband Internet service providers as Title II common carriers, which would effectively return jurisdiction over broadband Internet service providers to the FTC. Then, at the beginning of this month, the Ninth Circuit granted a petition by the FTC to rehear its ruling from last year that the FTC lacked authority under the FTC Act to regulate AT&T as a common carrier.
Continue Reading

Just this month, Major League Baseball issued a ground-breaking decision approving players’ use of biometric devices during games in the 2017 baseball season.  The devices, made by Whoop Inc. and which look like a sleek watch or bracelet, have been billed as the fitness tracker for elite athletes, with their ability to monitor various biometric factors like the wearer’s heart rate, heart rate variability, sleep performance, and recovery.   The data generated by the device will be used to assess players’ performance, endurance and recovery, with the goal of optimizing training and rest periods for players and potentially influencing batter line-ups and pitcher workloads.   Although the MLB’s decision marks the first time a major U.S. professional league has allowed such devices to be worn in-game, it is only the latest sign that the professional sports world is embracing wearable technology.  But as the saying goes, “with great power comes great responsibility,” and many are wondering whether the potential risks involved have been taken into account.  While few would dispute the helpful insights this technology can provide, there’s no doubt that significant privacy legal concerns are raised by professional athletes’ use of fitness trackers “at work.”
Continue Reading

Protection background. Technology security, encode and decrypt, techno scheme, vector illustration

Biometric data — from, e.g., retina, face and fingerprint scans — plays a big role in the current wave of new technology services. For example, biometrics provide security features for financial and healthcare products. And biometrics are behind some cool new in-game offerings in the interactive entertainment and social media space. But companies using or thinking of using biometric data have to comply with myriad privacy and data security laws and regulations, or face potential enforcement action and litigation. On January 30, 2017, the Southern District of New York dismissed one such litigation brought against video game publisher Take-Two Interactive Software, Inc. for alleged violation of the Illinois Biometric Information Privacy Act (“BIPA“). Here’s a summary.


Continue Reading