December 1, 2022

Volume XII, Number 335


December 01, 2022

Subscribe to Latest Legal News and Analysis

November 30, 2022

Subscribe to Latest Legal News and Analysis

November 29, 2022

Subscribe to Latest Legal News and Analysis

November 28, 2022

Subscribe to Latest Legal News and Analysis

What Is FTC’s Course Under Biden?

The new acting FTC chair, Rebecca Kelly Slaughter, recently signaled that the FTC may increase enforcement and penalties in the privacy and data security realm. Slaughter pointed to several areas of focus for the FTC this year, which companies will want to keep in mind:

  • Notifying Consumers About FTC Allegations: Slaughter referred favorably to two recent cases: (1) the Everalbum biometric settlement from earlier this year (which we wrote about at the time); and (2) the Flo Health settlement over alleged deceptive data sharing practices (which we also wrote about at the time). In drawing on these two cases, Slaughter indicated that in future cases the FTC intends to include as part of any settlement a requirement to notify customers of any FTC allegations. This, she said, would allow consumers to “vote with their feet” and help them decide whether to recommend their services to others.

  • FTC Intent to Plead All Relevant Violations:  According to Slaughter, another lesson the FTC is taking from the Flo case is to include in the cases it brings all potentially applicable violations of all relevant privacy-related laws.  In the Flo case, Slaughter said the FTC should have pleaded a violation of the Health Breach Notification Rule, which requires that vendors of personal health records notify consumers of data breaches.

  • Focus on Ed Tech and COPPA: Given the explosive growth of education technology during COVID-19, the FTC is conducting an industry sweep of the industry. Related to this, the FTC is reviewing its Children’s Online Privacy Protection Act Rule. This goes beyond the refresh the agency did of their FAQs earlier in the pandemic (which we wrote about at the time). For now, Slaughter reminds companies that parental consent is needed before collecting information online from children under the age of 13.

  • Examination of Health Apps: The FTC will take a closer look at health apps, including telehealth and contact tracing apps, as more and more consumers are relying on such apps to manage their health during the pandemic.

  • Overlap Between Competition and Privacy: Slaughter also indicated that it is worth looking at situations where there may be not only privacy concerns, but antitrust as well. Because the FTC has a dual mission (consumer protection and competition) she notes that it has a “structural advantage” over other regulators in that it can look at these issues, especially since -she states- “many of the largest players in digital markets are as powerful as they are because of the breadth of their access to and control over consumer data.”

  • Racial Equality and AI/Biometrics/Geotracking: Slaughter noted that COVID-19 is exacerbating racial inequities. She pointed to the unequal access to technology, as well as algorithmic discrimination (the idea that discrimination offline becomes embedded into algorithmic system logic). The FTC intends to focus on algorithmic discrimination, as well as on the discrimination potentially embedded into facial recognition technologies. (This mirrors concerns that gave rise to the recent Portland facial recognition law, which we recently wrote about). Finally, Slaughter commented on the use of location data to identify characteristics of Black Lives Matter protesters, and said she is concerned about the misuse of location data to track Americans engaged in constitutionally protected speech.

Putting it Into PracticeCompanies that operate health apps, that are in the education technology space, or that use algorithms or facial recognition tools will want to keep in mind that these are areas of focus for the FTC. And for everyone, keep in mind that the FTC has indicated it will beef up privacy law penalties and will ask for more notification to injured consumers. 

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 70

About this Author

James Fazio Intellectual Property Attorney Sheppard Mullin Law Firm
Special Counsel

James Fazio is special counsel in the Intellectual Property Practice Group in the firm's San Diego (Del Mar) office.

Areas of Practice

James focuses on intellectual property and business litigation. He represents public and private companies in disputes such as those involving patent and trademark infringement, theft of trade secrets, fraud, breach of contract, unfair competition, false advertising and various business tort claims. James has more than 24 years of litigation experience and was selected by his peers among the top ten intellectual property...

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...