FTC Approves Settlement with Canadian Lockmaker Over Deceptive Security Claims
We previously posted about the Tapplock, Inc. (“Tapplock”) settlement with the Federal Trade Commission (“FTC”) over allegations that the company violated Section 5 of the FTC Act by falsely claiming that its “smart locks” were secure. Earlier this month, the FTC voted 5-0 to approve the settlement.
Tapplock sells fingerprint-enabled, internet-connected padlocks that interact with a companion mobile app, allowing users to lock and unlock their padlocks when they are within Bluetooth range. The FTC alleged that the locks were not secure and that Tapplock failed to take reasonable precautions or follow industry best practices to protect consumer data. The FTC also alleged that Tapplock falsely claimed that the smart locks were designed to be “unbreakable” and that it took reasonable steps to secure user data.
Under the settlement, Tapplock is required to implement a comprehensive security program and obtain independent security assessments every other year by an assessor that the FTC has the authority to approve. The settlement also prohibits Tapplock from misrepresenting its privacy and security practices.