Conceptual image about how a laptop computer with internet open a virtual door to worldwide information sharing.Keypoint: 2020 promises to be another ground-breaking year in privacy and cybersecurity law in the United States.

2019 was an exciting year in privacy and cybersecurity law. In the United States, the California Consumer Privacy Act (CCPA) was the most significant story, but there also were developments in states such as New York and Nevada. Numerous other states also considered consumer privacy legislation, and federal lawmakers even jumped into the fray, proposing a variety of bills and regulations. Overseas, GDPR garnered the most headlines of course, but other countries, such as Brazil, also made news.

But 2019 was just the start. There is no doubt that privacy and cybersecurity law is undergoing a fundamental change in the United States. If nothing else, the legal landscape of privacy law in the United States promises to look very different by the end of the year.

Below we discuss what we anticipate will be the biggest stories in 2020 and beyond.


Continue Reading

privacy computerKeypoint:  The fallout from the 2018 Cambridge Analytica incident continues with the FTC’s issuance of this unanimous opinion and order.

On December 6, the Federal Trade Commission (“FTC”) issued a unanimous opinion (the “Opinion”) finding that political consulting firm Cambridge Analytica, LLC (“Cambridge Analytica”) violated Section 5 of the Federal Trade Commission Act (“FTC Act”) (15 U.S.C. § 45) by engaging in deceptive practices to harvest personal information from tens of millions of Facebook users through a Facebook application called the “GSRApp.”


Continue Reading

Key Point: The FTC’s fine is the largest for any COPPA-related incident; however, two issues of first impression alleged in the Complaint could have a more significant impact over the long term.

Medicine doctor hand working with modern digital tablet

We previously reported that the Federal Trade Commission (“FTC”) entered into a settlement agreement with Facebook, Inc., which included a record-breaking $5 billion fine for repeat violations of consumers’ privacy rights. The FTC recently announced that it had entered into a settlement with Google, LLC (“Google”) and its subsidiary YouTube, LLC (“YouTube”), in which those entities will pay a $170 million fine for violating the Children’s Online Privacy Protection Act (“COPPA”) Rule. The $170 million fine is the largest the FTC has issued in a COPPA case since Congress enacted the law in 1998.


Continue Reading

iPhone close-up of appsIn 2010, Mark Zuckerberg famously stated that privacy was no longer a “social norm.”  Today, the Facebook founder is no doubt viewing social norms around privacy a bit differently, as are U.S. regulators and consumers.

On Wednesday, the Federal Trade Commission (FTC) confirmed that it agreed to a settlement with Facebook, Inc. stemming from Facebook’s alleged privacy violations in the Cambridge Analytica scandal.  In the settlement order (Order), Facebook agreed to pay a record-breaking $5 billion penalty to resolve the FTC’s claims that Facebook violated a prior FTC order by repeatedly using deceptive disclosures and settings to undermine users’ privacy preferences and allowing Facebook to share users’ personal information without prior consent with third party applications.


Continue Reading