On January 10, 2019, Massachusetts Governor Charlie Baker signed into law the Massachusetts’s Data Breach Notification Act, which amends Massachusetts data breach reporting laws. The new law, available here, amends the timing and content of individual and regulator data breach notifications, and provides for credit monitoring services when social security numbers may have been

Last month, CTIA, the wireless industry association, launched an initiative through which wireless-connected Internet of Things (“IoT”) devices can be certified for cybersecurity readiness.  According to the CTIA announcement, the CTIA Cybersecurity Certification Program (the “Program”) is intended to protect both consumers and wireless infrastructure by creating a more secure foundation for IoT applications

If you follow our blog, you know that we often write about issues involving the FTC and the CPSC, but we usually do not write about both in the same post. Now those worlds have collided. The staff of the FTC’s Bureau of Consumer Protection (“BCP”), a prominent voice in the Internet of Things dialogue,

Manufacture, import, or sell a connected device?  In addition to the potential hazards associated with the physical performance of the product, you also need to consider the potential hazards associated with the product’s connectivity.  The Consumer Product Safety Commission (“CPSC”) is considering the Internet of Things and will hold a public hearing on May 16 for interested stakeholders to discuss the potential safety issues with connected products and the CPSC’s role in addressing these issues, along with industry best practices and current standards development.  Privacy and personal data security issues in the IoT environment do not fall under the CPSC’s jurisdiction, but the agency has the authority to cover consumer hazards resulting from IoT products, which could include fire, burn, shock, tripping or falling, laceration, contusion, and chemical exposure.  

The CPSC has identified two product safety challenges associated with IoT products: (1) preventing or eliminating hazardous conditions designed into products intentionally or without sufficient consideration; and (2) preventing and addressing incidents of hazardization.  While the former falls into the CPSC’s wheelhouse of preventing and correcting consumer product issues, the latter is a non-traditional area of product safety activity and could pose some challenges with the high rate of growth of connected products.   The CPSC defines hazardization as “the situation created when a product that was safe when obtained by a consumer, but which, when connected to a network, becomes hazardous through malicious, incorrect, or careless changes to operational code.”  Examples include a connected cooktop with a software glitch that ignites without the consumer’s knowledge and starts a fire or an integrated home security system that fails to download a software update and the default condition is to deactivate the system, disabling the smoke alarms without the consumer’s knowledge.
Continue Reading

Earlier this week, the FTC announced its first settlement involving internet-connected toys. The FTC alleged that the Kid Connect app used with some of VTech’s toys collected personal information from hundreds of thousands of children, and that the company failed to provide direct notice of its privacy practices to parents, or to obtain verifiable consent

Last Friday, ten consumer and privacy advocacy groups, including the Electronic Privacy Information Center, Center for Digital Democracy, and Consumer Watchdog, sent a letter to Acting Chairman Ann Marie Buerkle, requesting that the CPSC recall the Google Home Mini smart speaker. The speaker was designed to respond to the voice commands, “OK, Google” and “Hey,

On June 28, the FTC and National Highway Traffic Safety Administration (NHTSA) brought together a variety of stakeholders including regulators, automakers, software companies, and consumer groups to discuss connected cars, including current innovations and challenges in the field of data privacy. Acting FTC Chairwoman Maureen Ohlhausen opened the day by asserting that regulators will need

On Monday, the FTC submitted comments to the draft National Telecommunications and Information Administration (NTIA) guidance intended to improve Internet of Things (IoT) device security and increase consumer transparency. While recognizing the benefits (and proliferation) of IoT devices, the Commission’s comments caution that such benefits can only be realized when device manufacturers both incorporate –

Please join Kelley Drye in 2017 for the Advertising and Privacy Law Webinar Series. Like our annual in-person event, this series will provide engaging speakers with extensive experience and knowledge in the fields of advertising, privacy, and consumer protection. These webinars will give key updates and provide practical tips to address issues faced by counsel.

Ad iconThe Digital Advertising Alliance (DAA) recently announced that enforcement of its guidance on cross-device tracking (the “Application of the DAA Principles of Transparency and Control to Data Used Across Devices”) is set to begin on February 1, 2017. Originally published in November 2015, the guidance was intended to clarify how the DAA’s Core