Photo of Janis Kestenbaum

Janis Kestenbaum is a partner in the Privacy & Security practice and Advertising, Marketing & Promotions industry group. Janis represents companies under investigation by the Federal Trade Commission (FTC), state attorneys general, congressional committees, and foreign data protection authorities regarding privacy, data security, and consumer protection issues.

For the first time since 2015, the Federal Trade Commission (FTC) has been asked to approve a new “verifiable parental consent” (VPC) method under the Children’s Online Privacy Protection (COPPA) Rule. Under COPPA, operators of online sites and services “directed to children” under 13 must obtain VPC before collecting personal information from a child online. The COPPA Rule enumerates several acceptable methods for obtaining VPC, but also allows interested parties to submit new VPC methods to the FTC for approval. The FTC has announced that the Entertainment Software Rating Board (ESRB), which operates a COPPA safe harbor program, along with Yoti Ltd., a digital identity company that offers identity verification, age assurance, reusable digital identity, and e-signature solutions, and SuperAwesome Ltd., which provides technology to help companies comply with parental verification requirements, submitted an application for a new VPC method utilizing “Privacy-Protective Facial Age Estimation,” which is designed to analyze the geometry of a parent’s face to confirm that they are an adult.

Continue Reading COPPA: Public Comment Period Open for Proposed Verifiable Parental Consent Method

On June 6, 2023, Florida Governor Ron DeSantis signed Senate Bill 262 into law. SB 262 is a departure from the comprehensive privacy laws enacted by other states for a variety of reasons, including its (1) ban on government-directed moderation of social media, (2) restrictions on online interactions with minors (somewhat akin to the California Age-Appropriate Design Code), and (3) establishment of a “digital bill of rights” that creates general consumer privacy rights similar in many respects to those adopted in other states but, unlike them, Florida’s are narrowly applicable. Governor DeSantis has not shied away from saying the new law is directly aimed at “Big Tech,” and the targeted application of certain aspects of the law reflects that goal.

The ban on government-directed moderation took effect on July 1, 2023, with the protections for minors and digital bill of rights provisions set to take effect on July 1, 2024.

Continue Reading Florida Enacts “Digital Bill of Rights” Combining Narrowly Applicable “Comprehensive” Privacy Provisions and More Broadly Applicable Restrictions on Children’s Privacy and Social Media Restrictions

As the hype about generative artificial intelligence (AI) has grown, the Federal Trade Commission (FTC) has made clear that it intends to be at the forefront of federal agencies working to ensure the responsible use of AI. In just the last few months, it has spoken repeatedly about AI, issuing multiple warnings about the risks of AI technology. In many respects, this is not new terrain for the FTC. Since at least 2016, the FTC has cautioned about the potential for machine learning and AI algorithms to lead to discrimination against protected classes. The FTC recently reiterated those concerns and cautioned businesses about the use of generative AI to spread manipulative, fraudulent, or unsubstantiated content.

Continue Reading The FTC Can’t Stop Talking about AI

International, federal, and state privacy regulators highlighted their ambitious agendas at the 2023 IAPP Global Privacy Summit in Washington, D.C. They, along with speakers from an array of private organizations, underscored the following takeaways that should be top of mind for businesses:

Continue Reading Ten Takeaways From the 2023 IAPP Global Privacy Summit

The Supreme Court unanimously ruled in two related cases, Axon Enterprise Inc. v. FTC (No. 21-86) and SEC v. Cochran (No. 21-1239), that federal district courts have jurisdiction to hear structural constitutional challenges to the adjudicative authority of the Federal Trade Commission and the Securities and Exchange Commission. 

As a consequence, in such challenges, respondents

The Consumer Financial Protection Bureau (CFPB) announced on March 15, 2023, that it is issuing a Request for Information (RFI) about the business practices of data brokers, which the agency said will assist it in “planned rulemaking” under the Fair Credit Reporting Act (FCRA). The CFPB has explained it is seeking information on (1) “new

The Federal Trade Commission on March 2, 2023, announced a proposed complaint and proposed consent order with BetterHelp, Inc., an online counseling platform that allegedly disclosed consumer health data to third-party advertising platforms. The settlement requires payment of $7.8 million to be used for consumer refunds—the first time an FTC action has required the return

For the first time, the Federal Trade Commission has brought an enforcement action under its 2009 Health Breach Notification Rule (HBNR). The case was brought against a digital health company, GoodRx Holdings, Inc., for sharing users’ health information with third-party advertising platforms without the authorization of the users whose data was being shared.

Click here

Data security will be an enforcement priority for the FTC in 2023. The FTC, in its December 14, 2022, Commission meeting, highlighted four data security measures that it believes are particularly important for strong cybersecurity.

This Update discusses what these safeguards are and why the FTC believes they are so critical.

Click here to read

The Federal Trade Commission filed a lawsuit on August 29, 2022, against data broker Kochava Inc., alleging that the company’s sale of precise geolocation data is an unfair act or practice that violates Section 5 of the FTC Act. The case follows an FTC blog post warning that the agency would be vigilant in protecting