FTC Lawsuit Against D-Link Highlights the Importance of Routine Review of Public Statements and Security Protocols

The Federal Trade Commission (“FTC“) announced today that it has filed a lawsuit against D-Link alleging that it made deceptive claims about its products’ security and engaged in unfair practices that placed consumers’ privacy at risk.  The Complaint For Permanent Injunction and Other Equitable Relief was filed in the United States District Court Northern District of California San Francisco Division, naming the Taiwanese D-Link Corporation and its California subsidiary D-Link Systems, Inc. as defendants.  The FTC claims that D-Link failed “to take reasonable steps to secure the routers and Internet-protocol cameras they designed for, marketed, and sold to United States consumers.”  In response to the charges, D-Link posted on its website a “FTC Complaint Q&As” in which it summarizes “D-Link Systems, Inc. is aware of the complaint filed by the Federal Trade Commission on January 5, 2017. D-Link Systems denies the unwarranted allegations outlined in the FTC complaint and will vigorously defend the action.” Continue Reading

Re-file Your DMCA Agent Designation Starting Dec. 1st

The Copyright Office recently introduced changes to the process by which online service providers can designate an agent under the Digital Millennium Copyright Act (“DMCA”).  To qualify for DMCA safe-harbor protections, service providers are required to maintain with the Copyright Office contact information for an agent designated to receive takedown notices. The changes, which go into effect on December 1, 2016, are part of the long-awaited transition to an electronic system for submitting these “Designation of Agent” filings.

Below is a quick look at some of the more significant changes.  (A complete discussion of all changes is set out in the Copyright Office’s “Designation of Agent To Receive Notification of Claimed Infringement” Final Rule, available here.)

(a) Existing Designation of Agent Filings Must be Re-filed by 12/31/17. For online service providers (e.g., website and app operators) who currently have a Designation of Agent on file, the most notable change is the need to refile.  Under the existing system, a Designation of Agent would remain valid in perpetuity, until replaced or affirmatively withdrawn. As part of the transition to an electronic system, all online service providers that previously filed a Designation of Agent with the Copyright Office will need to refile electronically between December 1, 2016, and December 31, 2017. (Existing paper filings will remain valid until either replaced electronically or January 1, 2018, whichever comes first.)

(b) Filings Must Be Renewed Every Three Years. The Copyright Office will now require that a service provider refile its Designation at least once every three years.  Service providers will need to heed these renewal deadlines or risk losing their safe-harbor protection. (The Copyright Office has indicated that the new electronic system will be set up to send reminder emails as the renewal deadline approaches.)

Continue Reading

Partner Jamie Rubin To Speak At The 2016 ANA/BAA Marketing Law Conference in Chicago (Nov. 9-11, 2016)

InfoLawGroup Partner Jamie Rubin to Speak at the 2016 ANA/BAA Marketing Law Conference titled Face Off: Dynamic Technologies vs. Regulatory Controls.  The conference is in Chicago from November 9-11, 2016.  Jamie will speak on Friday, November 11th on the legal issues associated with consumer reviews, including incentivized reviews, how consumer reviews can and cannot be used as substantiation for advertising claims and how platforms can allow consumer reviews on their sites while limiting liability.




Enforcing Canadian Anti-Spam Law

The Canadian Anti-Spam Legislation (CASL) has aroused concern among marketers on both sides of the border since it started coming into force in July 2014 (some provisions, such as a private right of action, do not take effect until next year). It has stricter consent requirements than the US CAN-SPAM Act, as well as rules about installing software onto users’ devices. This week, the Canadian Radio-television and Telecommunications Commission (CRTC) issued its first published Compliance and Enforcement Decision under CASL, Blackstone Learning Corp., CRTC 2016-428 (October 26, 2016), offering insights into the Commission’s reasoning and enforcement policies. Continue Reading

New FTC Data Breach Response: A Guide for Business

This week, the Federal Trade Commission (“FTC”) announced on its Business Blog the release of Data Breach Response: A Guide for Business (“Guide”).  The Guide’s release seems to be part of the FTC’s push to position itself as the main federal regulator of data security practices and is available for free on the FTC’s website.  The Guide outlines the steps to take and those that should be contacted when there is a data breach; and includes advise on securing systems, how to handle service providers, and network segmentation.  In addition, it has tips on notifying law enforcement, affected businesses and individuals.  The Guide even has a model data breach letter to notify people whose Social Security numbers have been stolen. The FTC smartly drafted the Guide so that those who are not security and data privacy professionals can understand. Continue Reading

Developing a Privacy Compliance Program: An Updated Roadmap

Developing a privacy compliance program is an essential, if often daunting, compliance step for organizations of all sizes, and across all industries.  InfoLawGroup partner Justine Young Gottshall and her co-author recently updated their an in-depth practice note on this topic.  The updated version is published by Practical Law and available here.

CalOPPA Getting Renewed Attention

On Friday, October 14, 2016, Attorney General Kamala D. Harris announced the launch of a new tool for consumers to report alleged violations of the California Online Privacy Protection Act (CalOPPA).  CalOPPA requires companies doing business in California (even if operating from outside of California) to post compliant privacy policies and abide by the promises in those policies.  The press release announcing the launch of the new tool mentions a specific focus on the “internet of things” as well as how companies are sharing information they collect about users.  The tool allows consumers to fill out an online form and submit it to the AG’s office.

A new study from the Future of Privacy Forum is cited in the press release.  The study calls out that while a significant percentage of mobile apps now have privacy policies, health and fitness apps that collect sensitive PII are less likely to have privacy policies than others.  The study also found that apps are not properly disclosing their information sharing practices.  The AG (in coordination with research conducted by Carnegie Mellon University) is reviewing a number of apps in the Google Play store for legal compliance.

Of equal importance is the announcement that the Usable Privacy Policy Project (also out of Carnegie Melon University) is developing a piece of technology that can look for discrepancies between disclosures in a privacy policy and an app’s actual data practices.

As a reminder, CalOPPA requires an operator that collects PII from California consumers to post a privacy policy that describes the categories of information collected, the types of third parties with whom the operator may share that information, instructions on how to review and request changes to a user’s information and the effective date of the privacy policy.  The law also requires privacy policies to include information on how the operator responds to do not track signals and whether third parties can collect PII about users.

We should all expect new enforcement actions coming from the CA AG’s Office in the near term.

InfoLawGroup Partner Justine Young Gottshall to speak at the 2016 Privacy + Security Forum in Washington, D.C.

Join Justine Young Gottshall for the 2016 Privacy + Security Forum at the George Washington University Marvin Center.   Ms. Gottshall will speak on Tuesday, October 25th on the panel entitled The Internet’s Digital Advertising Architecture: From Cookies to Addressable TV and the privacy issues in between. For more information, visit https://privacyandsecurityforum.com/.


Partner Justine Gottshall Interviewed by Cybersecurity Law Report

Partner Justine Young Gottshall was interviewed regarding key issues for mobile apps in the Cybersecurity Law Report on August 3, 2016 (note that subscription or registration for a free trial required to access full article).

Is Pokémon Go Pushing the Bounds of Mobile App Privacy and Security?

The popularity of the new app Pokémon Go, an augmented reality game in which players use their mobile devices to catch Pokémon characters in real-life locations, continues to grow despite security and privacy concerns. Intelligence firm Sensor Tower estimates the game has been downloaded 75 million times. The game’s success brings to light a number of privacy issues generally tied to the collection, storage and sharing of user information by mobile apps, as well as users’ control of those actions and the app’s disclosure practices. Justine Gottshall, a partner at InfoLawGroup, and Shook, Hardy & Bacon attorney Eric Boos recently spoke with The Cybersecurity Law Report about these issues as well as the recently filed lawsuit alleging that the Pokémon Go terms of service and privacy policy are deceptive and unfair.



The NAD’s First Native Ad Case Since Issuance of FTC Native Ad Guides

Just five months after the Federal Trade Commission (“FTC”) released its Native Ads Policy Statement, the National Advertising Division of the Better Business Bureau (“NAD”) has followed suit and issued a decision in its investigation of Joyous Inc.’s (“Joyous”) native advertising practices (NAD Case #5956, 05/19/16).

In its routine monitoring, the NAD explored the formatting and placement of Joyous ads in the Style Watch section of the online version of People Magazine, as well as claims about the efficacy of its products. While Joyous discontinued the efficacy claims at issue, the NAD conducted a complete analysis of the native advertising content on People.com.

Continue Reading