Posted in FTC

Opinion

Hey “Chicken Littles,” Wyndham Doesn’t Mean the Sky is Falling

By Jeff Kosseff, CIPP/US

Based on the extensive news coverage of this week’s court ruling against Wyndham Hotels and Resorts in its battle with the Federal Trade Commission (FTC), one would think that the sky is falling on efforts to resist FTC enforcement actions relating to data security.

More from Jeff Kosseff

Opinion

IAPP Westin Research Center

In Standoff with FTC, Wyndham Shoots Itself in the Foot

The Federal Trade Commission’s (FTC) resounding victory over Wyndham Worldwide Corporation in a U.S. District Court paves the way for increasing privacy and data security action by the agency, which over the past decade has asserted itself as the most forceful and well-respected privacy enforcement authority in the world.

More from Omer Tene

Opinion

Is the Congressional Response to the Target Breach Off-Target?

In the aftermath of the Target breach announced last month, there has been understandable anxiety on the part of consumers and understandable concern by lawmakers about how to respond to large-scale breaches of this type.

In recent weeks, there have been calls by members of Congress for hearings on the Hill. Several Senators have demanded an investigation by the Federal Trade Commission (FTC) and have discussed legislation beefing up the FTC’s enforcement powers—although as I’ve written here previously , the FTC has not exactly needed an engraved invitation to investigate data breaches in recent years and does not seem to have been inhibited at all by the lack of clear (some might say any) authority to do so. And just this week, Sen. Patrick Leahy (D-VT) reintroduced the Personal Data Privacy and Security Act, which among other things would create a national breach notification standard.

More from Jason Weinstein

The Year in Review

2013: The Year of Privacy

Privacy Perspectives word cloud

If there ever was a “year of privacy,” surely it was 2013. A year that ends with dictionary.com selecting “privacy” as “word of the year;” with privacy making front-page headlines in The New York Times and The Washington Post (not to mention The Guardian) on a weekly, indeed almost daily, basis; with cross-Atlantic ties stretched to the limit over privacy issues, the UN passing a privacy resolution and armies of lobbyists spinning BCRs and Do-Not-Track in Washington bars and Brussels cafes—ladies and gentlemen, 2013 was the year of privacy.

More from Omer Tene

Opinion

Can Plaintiffs’ Lawyers Fill the Role of a DPA?

By Jeff Kosseff, CIPP/US

In recent months, authors on this blog have argued about whether the Federal Trade Commission (FTC) or state attorneys general serve as the de facto data protection authority in the U.S.

Both sides are correct.  The FTC and state attorneys general help set the general requirements for privacy and data security, just as DPAs do in Europe.  But another group is playing a role in the shaping of U.S. privacy and not always in a way that benefits society.

More from Jeff Kosseff

Opinion

Think the FTC Is the De Facto U.S. Data Protection Authority? State AGs May Have Something To Say

By Divonne Smoyer, CIPP/US
and Aaron Lancaster, CIPP/US

The U.S. Federal Trade Commission (FTC) has understandably been the focus of much attention in the data privacy world. The FTC is considered by many to be the primary U.S. data privacy regulator and this blog has gone so far as calling the FTC the U.S.’s de facto Data Protection Authority (DPA). We respectfully disagree. The FTC is facing unprecedented challenges, while state attorneys general (AGs), who have similar—and in some instances greater—authority, are taking more and more steps to protect the privacy of their citizens.

More from Divonne Smoyer

Opinion

Legal Reform Is Needed on Both Sides of the Atlantic, Not Just in Europe

I recall that in the 1990s and early 2000s, it was often a struggle to get people outside of Europe to take EU data protection law seriously. The perceived lack of enforcement in the EU, and the dynamic legislative climate in the U.S., meant that more attention was given to U.S. developments.

The situation is now reversed, and there has been intense interest in the European Commission’s proposal for a General Data Protection Regulation published in January 2012, and in related developments such as calls for reform of the EU-U.S. Safe Harbor. U.S.-based lobbyists have descended in hordes on the EU institutions; U.S. government representatives travel to Brussels to lobby the EU, and U.S. authors publish articles and papers on complex issues of EU law. Brussels has become the center of the global privacy world.

This causes us in Europe to wonder: Why doesn’t the U.S. work as hard to improve its own privacy law as it does to lobby for changes in the EU?

More from Christopher Kuner

Practical Privacy

COPPA, Behavioral Ads, Mobile Marketing and Other Big PPS Takeaways

By Annie C. Bai, CIPP/US

Jed’s not the only one who was having a good time at last week’s Practical Privacy Series in NYC. Across the way, many of us found that an entire day was barely enough to devote to Online Marketing. First, it was all about the kids, then it was all about the web, and finally we ended with a rousing roundtable on Big Data. Here are some of the tidbits from the day that caused me to take pause and grab my pen.

More from Annie C. Bai