The Consumer Financial Protection Bureau (CFPB) announced on March 15, 2023, that it is issuing a Request for Information (RFI) about the business practices of data brokers, which the agency said will assist it in “planned rulemaking” under the Fair Credit Reporting Act (FCRA). The CFPB has explained it is seeking information on (1) “new

Janis Kestenbaum
Janis Kestenbaum is a partner in the Privacy & Security practice and Advertising, Marketing & Promotions industry group. Janis represents companies under investigation by the Federal Trade Commission (FTC), state attorneys general, congressional committees, and foreign data protection authorities regarding privacy, data security, and consumer protection issues.
FTC’s Second Settlement in Weeks Highlights Scrutiny on Businesses Processing Health Data for Advertising
The Federal Trade Commission on March 2, 2023, announced a proposed complaint and proposed consent order with BetterHelp, Inc., an online counseling platform that allegedly disclosed consumer health data to third-party advertising platforms. The settlement requires payment of $7.8 million to be used for consumer refunds—the first time an FTC action has required the return…
FTC Claims Sharing User Health Data With Advertising Platforms Is a “Security Breach”
For the first time, the Federal Trade Commission has brought an enforcement action under its 2009 Health Breach Notification Rule (HBNR). The case was brought against a digital health company, GoodRx Holdings, Inc., for sharing users’ health information with third-party advertising platforms without the authorization of the users whose data was being shared.
Four Data Security Safeguards the FTC Would Like Companies To Adopt in 2023
Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.
This Update discusses what these safeguards are and why the FTC believes they are so critical.
FTC Sues Data Broker for Alleged Unfair Act of Selling Precise Geolocation Data
The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting…
FTC Kicks Off Wide-Ranging Privacy Rulemaking
On August 11, 2022, the Federal Trade Commission (FTC) issued an advance notice of proposed rulemaking (ANPRM), kicking off its long-awaited rulemaking on commercial surveillance and data security.
The ANPRM is the first step in a long process that could result in the adoption of a federal regulation addressing privacy, data security, and use of…
FTC Scrutinizing Ed Tech Providers and Endorsements
In its most recent open meeting, the Federal Trade Commission unanimously: (1) issued a Children’s Online Privacy Protection Act policy statement directed at ed tech providers, and (2) proposed amendments to the Endorsement Guides, which address influencer advertising on social media and consumer reviews.
The COPPA policy statement makes clear that the FTC is…
What’s Next for Privacy at the FTC Following the Confirmation of Alvaro Bedoya
Alvaro Bedoya has now been sworn in as a commissioner for the U.S. Federal Trade Commission. This restores a Democratic majority on the Commission and will enable the agency to move forward with the aggressive agenda of Chair Lina Khan. As a result, we can expect to see significant actions by the FTC on privacy…
FTC Chair Lina Khan Gives First Public Address Regarding Privacy
Federal Trade Commission Chair Lina Khan made her first speech about privacy at the opening of this year’s International Association of Privacy Professionals conference. She noted ways the FTC is using its resources to “rein in” what she called “surveillance-based business models.”