PUTTING IT INTO PRACTICE: This announcement is a reminder for companies to look at how they are sharing privacy practices with consumers across a variety of platforms, including mobile apps.
FTC Seeks Comment on Fundamental Privacy Enforcement Issues
Posted on August 10, 2018
On August 6, the FTC announced that it is seeking comment on a number of topics that are fundamental to its work, including on privacy. These topics will form the basis of its hearings on “Competition and Consumer Protection in the 21st Century”, which it will hold from September through January 2019, as we recently mentioned on this blog. The hearings will cover a variety of topics critical to the FTC, a few of which relate directly to privacy issues. These include:
• The intersection of privacy, big data, and competition, including the benefits and costs of privacy laws, and the benefits, costs and conflicts of such laws existing at different levels of government (federal, state, local, etc.);
• The Commission’s remedial authority to deter unfair and deceptive conduct. This is probably the most significant topic, because it touches on the expansiveness of the Commission’s authority to regulate privacy issues. It follows on Commission Chairman Simons’s recent testimony in the House of Representatives that the Commission may need more and better authority in the privacy realm than its current reliance on Section 5 of the Federal Trade Commission Act’s focus on unfair and deceptive practices;
• The welfare effects and privacy implications of using algorithmic decision tools and predictive analytics; and
• The efficacy of the FTC’s current investigation and remedial processes.
Those who wish to comment only have until August 20 to do so – for now. However, the FTC has said that it will also solicit comments down the road, ahead of each of its 15-20 public hearings, and upon their completion.
PUTTING IT INTO PRACTICE: For those who have views on the FTC’s exercise of its powers and wish to express them to the Commission, this is the time to do it. It only holds these kind of broad, introspective hearings every 20-25 years, and it will be making some important decisions once they are completed. If you can’t get comments in by the current deadline of August 20, you might think about doing it in the upcoming opportunities over the next five months. For instructions on how to submit comments, check out the Federal Register notice, or get in touch with us.
The California Privacy Law Is Coming – What Should Your Company Do Now?
Posted on July 25, 2018
As has been widely reported, California’s new privacy regime is set to come into effect on January 1, 2020. The law constitutes an expansion beyond California’s existing privacy laws, in particular California’s existing Shine the Light Law and the California Online Privacy Protection Act. Various provisions of the new law will apply to businesses with annual total revenue greater than $25 million (not just in California), that obtain or share for commercial purposes the personal information of 50,000 or more, or that get 50% or more of their revenue from selling or sharing PII. The law was passed quickly to avoid a similar voter-initiative ballot measure, and as a result has several ambiguities and apparent inconsistencies. It is therefore very likely that the law will be changed by amendment, and clarified through rules and regulations, before it comes into effect in 2020.
In the meantime, though, it is useful to look at what the law, as currently drafted, will require. The law has been compared to GDPR, and referred to as the US’s first “GDPR” law. There are many differences between GDPR and this California law, however. For example, the California law does not require companies to appoint a Data Protection
                    Eye on Privacy 2018 Year in Review 14