Posted in FTC

Opinion

Hey “Chicken Littles,” Wyndham Doesn’t Mean the Sky is Falling

By Jeff Kosseff, CIPP/US

Based on the extensive news coverage of this week’s court ruling against Wyndham Hotels and Resorts in its battle with the Federal Trade Commission (FTC), one would think that the sky is falling on efforts to resist FTC enforcement actions relating to data security.

More from Jeff Kosseff

Opinion

Think the FTC Is the De Facto U.S. Data Protection Authority? State AGs May Have Something To Say

By Divonne Smoyer, CIPP/US
and Aaron Lancaster, CIPP/US

The U.S. Federal Trade Commission (FTC) has understandably been the focus of much attention in the data privacy world. The FTC is considered by many to be the primary U.S. data privacy regulator and this blog has gone so far as calling the FTC the U.S.’s de facto Data Protection Authority (DPA). We respectfully disagree. The FTC is facing unprecedented challenges, while state attorneys general (AGs), who have similar—and in some instances greater—authority, are taking more and more steps to protect the privacy of their citizens.

More from Divonne Smoyer

Opinion

Legal Reform Is Needed on Both Sides of the Atlantic, Not Just in Europe

I recall that in the 1990s and early 2000s, it was often a struggle to get people outside of Europe to take EU data protection law seriously. The perceived lack of enforcement in the EU, and the dynamic legislative climate in the U.S., meant that more attention was given to U.S. developments.

The situation is now reversed, and there has been intense interest in the European Commission’s proposal for a General Data Protection Regulation published in January 2012, and in related developments such as calls for reform of the EU-U.S. Safe Harbor. U.S.-based lobbyists have descended in hordes on the EU institutions; U.S. government representatives travel to Brussels to lobby the EU, and U.S. authors publish articles and papers on complex issues of EU law. Brussels has become the center of the global privacy world.

This causes us in Europe to wonder: Why doesn’t the U.S. work as hard to improve its own privacy law as it does to lobby for changes in the EU?

More from Christopher Kuner

Practical Privacy

COPPA, Behavioral Ads, Mobile Marketing and Other Big PPS Takeaways

By Annie C. Bai, CIPP/US

Jed’s not the only one who was having a good time at last week’s Practical Privacy Series in NYC. Across the way, many of us found that an entire day was barely enough to devote to Online Marketing. First, it was all about the kids, then it was all about the web, and finally we ended with a rousing roundtable on Big Data. Here are some of the tidbits from the day that caused me to take pause and grab my pen.

More from Annie C. Bai

Internet of Things

Law of the Connected Horse? FTC Appropriately in Learning Mode on Internet of Things

Image from the FTC

As the Federal Trade Commission (FTC) prepares to hold its first workshop on the “Internet of Things” (IoT) on November 19, early Internet era passages from the famous “law of the horse” debate between Judge Easterbrook and Professor Lessig seem apt. They remind us that with the emergence of new technologies comes the perennial contest over whether the current legal framework provides sufficient protections. To inform that debate with respect to privacy and data security protections, the FTC is using the daylong public workshop to learn about the technologies and data collection in the IoT ecosystem.

No proposals for new laws, regulations or law enforcement initiatives are on the table. The workshop is a mission in fact-finding.

More from Christopher Wolf

Opinion

Has the LIBE Committee Torpedoed the Safe Harbor?

The committee of the European Parliament charged with shepherding the proposed EU Data Protection Regulation—the LIBE Committee—finally has reported out an amended version of the Regulation. And despite the fact that a Commission-initiated review of the EU-U.S. Safe Harbor is pending, it appears the LIBE Committee effectively has called for the end of the Safe Harbor.

More from Christopher Wolf

Opinion

Galileo’s Problem and How Legislation Won’t Stop the Orbit of Technology

Like the Catholic Church’s Congregation of the Index of 1616, which outlawed the movement of the Earth around the sun, so too will the European Parliament restrict transborder data flows by legislative fiat this week.

Of course, the flow of data across borders will not cease or even diminish. Individuals will continue to carry iPhones on cross-Atlantic flights, “transferring data” (whatever that means) about their employers’ customers to “non-adequate” countries; and European individuals and businesses will access non-EU based websites and services, including banking, telecom, retail and cloud. Lawyers will be paid to produce paperwork, which bureaucrats will read; businesses continue to operate as before.

As Galileo said, “And yet it moves”.

More from Omer Tene

Opinion

The U.S. Doesn’t Have a National Data Protection Authority? Think Again…

“The U.S. has no national data protection authority.” Ask an EU official why he or she believes the EU’s data protection system to be superior to the U.S. model, and that will be at or near the top of the list. But tell that to Google. Or TJX. Or CBR Systems. Or any of the dozens of other companies that have been pursued by the U.S. Federal Trade Commission (FTC) over the past several years for alleged data security or privacy violations.

More from Jason Weinstein