Federal Trade Commission (FTC)

Amidst all of the recent news and developments about the privacy of kids and teens (including multiple Congressional hearings; Frances Haugen’s testimony; enactment of the UK’s and California’s Age Appropriate Design Codes; the Irish DPC’s GDPR decision against Instagram; numerous bills in Congress; and the FTC’s ongoing focus on kids’ privacy in policy statements, workshops, and its “commercial surveillance” rulemaking), the FTC still has a powerful tool that seems to be sitting on the back-burner: the Children’s Online Privacy Protection Act (COPPA) and its implementing rule.

But some members of Congress just wrote a letter to the FTC, asking it to make COPPA a priority.

Background on COPPA 

As most of our readers know, COPPA protects the privacy of kids under 13, mostly by requiring kid-directed web sites or apps, or sites/apps that have actual knowledge they’re dealing with kids, to get parental permission before collecting, using, or sharing kids’ data.  Enacted in 1998, COPPA is now nearly 25 years old, a dinosaur in today’s fast-moving world of privacy.  However, using the APA rulemaking authority granted in COPPA, the FTC has amended its COPPA rule to ensure that it keeps pace with developments – for example, extending the rule to ad networks and plug-ins; adding geolocation, persistent identifiers, photos, and videos to the definition of “personal information”; and strengthening the rule’s requirements governing data security, retention, and deletion.

However, those updates to COPPA became final in 2013 – almost ten years ago – and the FTC hasn’t amended the rule since then.  Although the FTC initiated a rule review in July 2019, that review is still pending more than three years later. According to Regulations.gov, the Commission received over 176,000 public comments in the rule review.  That’s a lot of comments, but it surely can’t explain such a lengthy delay.
Continue Reading Congress to FTC: “Please Update the COPPA Rule Now”

On September 21, Rep. Gus Bilirakis, R-Fla., cited the Kelley Drye article “The Deletion of ‘Legitimate Business Activity’ from the FTC’s Strategic Plan” during a House Energy & Commerce Committee hearing before entering it into the record. From the transcript:

*Mr. Bilirakis.

For years, the FTC has been tasked with the critical  

Join us on Thursday for a webinar discussing how to operationalize adtech privacy compliance, and learn about other ways you can stay informed.

Operationalizing Adtech Privacy Compliance: Understanding the IAB Multi-State Privacy Agreement

State privacy laws that go into effect in 2023 will significantly change the digital advertising landscape.  These privacy laws require companies to

No, we’re not talking about sinister sewing guides, but rather practices or formats that may manipulate or mislead consumers into taking actions they would not otherwise take.

We untangled the topic of so-called “dark patterns” in two in-depth blogs earlier this year, available here and here. At that time, we noted there was a

Last November, the FTC sought public comment on a draft strategic plan for 2022-2026.  As we blogged here and discussed in a comment submitted to the FTC (one of only 21 submitted), a key change from prior strategic plans was deletion of the phrase “without unduly burdening legitimate business activity” from the FTC’s Mission Statement

The FTC and six states just announced that they had filed a lawsuit against Roomster – a platform through which people can find rooms and roommates – along with its owners, alleging that they had “inundated the internet with tens of thousands of fake positive reviews to bolster their false claims that properties listed on

It’s late August, but there’s a lot going on at the FTC and in consumer protection news more generally.  This blogpost highlights some recent FTC-related news, as well as several issues related to the FTC’s legal authority that bear watching.


As we blogged here, the FTC filed suit in March against Intuit for its alleged deception in claiming that its online tax preparation service is “free” when it’s only free for taxpayers filing “simple returns.”  As we reported, the FTC filed an administrative complaint while also seeking a TRO in federal district court, even as multiple State AGs were investigating and Intuit claimed it had pulled its “free” claims off its website. Soon after, the FTC lost its motion for the TRO; the States and Intuit entered into a multi-state settlement; and Intuit moved for withdrawal of the FTC’s case from administrative adjudication (per FTC Rule 3.26(c), to allow the FTC to determine “whether the public interest warrants further litigation”), which the FTC granted.

In its motion for withdrawal, Intuit argued that the case had become moot, in large part due to the multi-state settlement. However, on August 19, the Commission issued an order disagreeing with that assessment and returning the case to administrative litigation. Soon after, FTC complaint counsel filed a motion for summary decision seeking entry of a cease-and-desist order without need for a trial.

The merits of this case are interesting – FTC counsel argues that Intuit shouldn’t be able to use the word “free” unless the product is free for everyone or, alternatively, the conditions for making it free (and the fact that it isn’t free for everyone) are clearly disclosed at the outset of the offer. But the dynamics between the FTC and the State AGs are just as notable. In its recent motion, FTC counsel argues that an FTC order is necessary because the State settlement is “inadequate, allow[s] ongoing deception and harm, and … undermine[s] consumer welfare.” In particular, says FTC counsel, the State settlement allows key disclosures to be “hidden behind” a hyperlink for “space-constrained” ads and sunsets key provisions after 10 years. At a time when the FTC is increasingly teaming with the States to obtain monetary relief (post-AMG), this battle over the adequacy of their settlement could get messy.   
Continue Reading FTC Updates – Intuit, Mag-Moss, and More

Earlier this year, CARU’s new Advertising Guidelines went into effect, including various updates that were designed to apply to digital advertising. This week, CARU issued a warning to put “advertisers, brands, influencers and endorsers, developers, and others on notice that CARU’s Advertising Guidelines apply to advertising in the metaverse” and that “CARU will strictly enforce

On August 11, the FTC finally launched its “commercial surveillance and data security” rulemaking after many months of hype and speculation about the FTC’s ability to address consumer privacy through its “Mag-Moss” rulemaking authority. It did so by releasing (by 3/2 vote) an Advanced Notice of Proposed Rulemaking (ANPR) – the first step in a Mag-Moss rulemaking – and holding a press conference featuring Chair Khan, Commissioners Slaughter and Bedoya, and senior FTC staff.

People familiar with the many hurdles in Mag-Moss were watching to see whether the ANPR would be broad and far-reaching (thus guaranteeing a lengthy, complex process) or more narrowly tailored. The answer? The ANPR is remarkably sweeping in scope – covering virtually every form of data collection across the economy, posing 95 questions about factual and legal issues of all kinds, and raising issues that reach beyond the FTC’s legal authority. Indeed, in reading the ANPR, we couldn’t help but wonder whether this is a serious effort to develop a rule or simply a show of activity to address over-hyped expectations. (See more on this topic below.)

Not surprisingly, Commissioners Phillips and Wilson issued strong dissents. Among other things, they raised concerns about agency overreach and the potential to derail the bipartisan privacy bill currently pending in Congress (the ADPPA). Here are more details and takeaways from the FTC’s announcement:
Continue Reading The FTC’s Privacy Rulemaking: Broad and Far-Reaching, but Unlikely to Lead to a Rule Anytime Soon