According to recent disclosures, the Trump Administration has been acting aggressively to control Chinese investment in companies that have access to Americans’ personal data. Last week, it was revealed that the Committee on Foreign Investment in the United States (CFIUS) has ordered Chinese company Beijing Kunlun Tech Co. Ltd. to sell its majority stake in on-line dating app Grindr over concerns that Chinese access to personal data held by Grindr could pose a threat to U.S. national security. Then, on April 4, 2019, it was announced that CFIUS had also ordered Chinese investor and digital healthcare company iCarbonX to sell its stake in the U.S. company PatientsLikeMe. PatientsLikeMe is an on-line service that links individuals suffering the same health issues in an effort to improve disease detection and treatment. Again, the concern reportedly prompting the CFIUS action is Chinese access to the personal data of Americans and the national security risk that could pose.
FTC: “Illegal Robocallers, You’re Out”
In an active week of FTC announcements, the agency on March 26, 2019, announced four major settlements with entities that were responsible for billions of illegal robocalls made to consumers nationwide. The entities targeted by the agency initiated illegal robocalls across a number of industries – they pitched auto warranties, debt-relief services, home security systems, fake charities, and Google search results services. These settlements resolved FTC allegations that the defendants had violated the FTC Act and the FTC’s Telemarketing Sales Rule.
In Veterans of America, the FTC’s complaint against Travis Deloy Peterson alleged that he “created and used a series of corporate entities and fictitious business names that sound like veterans’ charities to operate a telemarketing scheme that used robocalls to trick generous Americans into giving their vehicles or other valuable property to him” since at least 2012. The settlement includes a monetary judgment of $541,032.10 and would permanently ban defendant Peterson or his employees or contractors from soliciting charitable contributions, making misrepresentation in advertising or promoting any good or service, initiating robocalls, and engaging in deceptive and abusive telemarketing.
FTC Seeks Information from Platform-Based ISPs about Their Privacy Practices
Following congressional hearings last month on potential federal data privacy legislation − Hearing on Policy Principles for a Federal Data Privacy Framework in the United States before the Senate Committee on Commerce, Science, and Transportation; Hearing on Improving Data Security at Consumer Reporting Agencies before the House Subcommittee on Economic and Consumer Policy − the Federal Trade Commission (FTC) on March 26, 2019, announced the initiation of a study concerning the privacy policies, procedures, and practices of seven internet service providers (ISPs). The FTC has used this process in other industries or areas of focus to gather information that it may later share in a public report.
Continue reading “FTC Seeks Information from Platform-Based ISPs about Their Privacy Practices”
U.S. Supreme Court Declines to Hear Zappos Data Breach Case
The Supreme Court recently declined to review the Ninth Circuit’s decision in Zappos.com, Inc. v. Stevens, a class action suit resulting from a 2012 data breach of the online retailer. As a result, there remains a split in the courts as to whether a breach of data confers Article III standing on potential plaintiffs, even if no actual injury occurred.
Continue reading “U.S. Supreme Court Declines to Hear Zappos Data Breach Case”
Coming Soon to Singapore: Mandatory Data Breach Notifications
Singapore’s Personal Data Protection Commission (PDPC) issued a statement on March 1 announcing its plan to introduce mandatory breach notifications as part of a set of proposed amendments to the country’s Personal Data Protection Act (PDPA). The proposed amendments come in response to the PDPC’s recent review of the PDPA in order “to ensure that it keeps pace with the evolving needs of businesses and individuals, and balances safeguarding individuals’ interests and enables the legitimate use of personal data by organisations.” The details of the mandatory breach notification have not yet been made public, but the amendment will likely require organizations to notify the PDPC and affected data subjects when a certain level of breach has occurred.
Continue reading “Coming Soon to Singapore: Mandatory Data Breach Notifications”
The FTC’s Approach to Consumer Privacy
As part of the FTC’s Hearings on Competition and Consumer Protection in the 21st Century, the Commission will hold a two-day hearing on April 9–10 at the Constitution Center (400 7th Street SW in Washington D.C.). The FTC has received 40 comments already and will continue receiving comments until May 31, 2019.