Dana B. Rosenfeld

Dana B. Rosenfeld

Dana Rosenfeld is a partner in the Advertising and Marketing and Food and Drug Law practices at Kelley Drye & Warren LLP.

Subscribe to all posts by Dana B. Rosenfeld

Big Government? FTC Advocates for More Authority in Congressional Hearing

Last week, the House Committee on Energy and Commerce held a Committee Hearing on the Oversight of the Federal Trade Commission. All five Commissioners attended and their message was largely the same: the FTC needs additional rulemaking and civil penalty authority to better protect consumers, especially as it applies to privacy and data security enforcement. … Continue Reading

GDPR Sidebar: Comparing the California Consumer Privacy Act to the GDPR

California recently passed the California Consumer Privacy Act (CCPA), providing new rights for California consumers (broadly defined as California residents) regarding their personal data. The CCPA is modeled after the EU’s General Data Protection Regulation (GDPR), which provides EU citizens with a number of rights related to data processing and imposes specific requirements on companies … Continue Reading

California Enacts Sweeping Privacy Law; Will Other States Follow?

On June 28, 2018, Governor Brown signed into law the “California Consumer Privacy Act of 2018.” The legislation was a compromise to avoid a ballot initiative that was more closely modeled after the European Union’s General Data Protection Regulation (GDPR). This Act is scheduled to go into effect on January 1, 2020. The Act enumerates … Continue Reading

GDPR SIDEBAR: Best Practices for Complying with GDPR Consent Requirements

Under the GDPR, processors must have a lawful basis for processing any data of an EU data subject. Consent is one of six lawful bases[1] under the GDPR, and in this installment of GDPR SIDEBAR, we’ll cover best practices that can help achieve an acceptable level of compliance with GDPR consent requirements. Valid consent under … Continue Reading

Colorado Reaches New High with Strict Data Breach Notification Law

On May 29, Colorado Governor John Hickenlooper signed into law HB18-1128 to strengthen data breach notification requirements for companies and government entities collecting and maintaining personal information from Colorado residents. Effective September 1, covered entities will be required to notify individuals within 30 days of discovery of a security breach, unless the entity is notified … Continue Reading

New Watchdog, New Tricks: European Data Protection Board Adopts GDPR Guidelines and Releases Statement on ePrivacy Regulation

Less than one week after replacing the now defunct Article 29 Working Party (WP29), the European Data Protection Board (EDPB) has adopted new guidelines on the EU General Data Protection Regulation (GDPR) and issued a statement on the ePrivacy Regulation revision. What is the European Data Protection Board? How is It Different from the Article … Continue Reading

SADDLE UP AMERICA: California Aims to Pass its Own GDPR Law

Just when you think you’ve tackled the Wild, Wild West of GDPR and privacy compliance, California decides to mix it all up again. This November 6th, California voters will decide on the California Consumer Privacy Act (“Act”), a statewide ballot proposition intended to give California consumers more “rights” with respect to personal information (“PII”) collected … Continue Reading

GDPR SIDEBAR: Should You Be Complying with the New Data Protection Law?

You’ve probably heard of the dreaded four-letter word – GDPR.  Companies around the globe had been preparing for the May 25th implementation date for quite some time.  But U.S.-based companies with no apparent EU presence may not have thought twice about whether the data protection law across the pond even applies to them.  Let’s face … Continue Reading

Why So BLU?: FTC Settles Privacy and Data Security Claims with Mobile Company; Fencing-In Relief Requires Consumer Opt-In to Data Sharing

Earlier this week, the FTC settled its case with BLU Products, Inc., a cell phone company the FTC claimed misled consumers about its privacy and data security practices. According to the agency, the company represented that it did not collect unnecessary personal information and that it imposed specific data security procedures to protect consumers’ personal … Continue Reading

Data Breach Notification Law Roundup

Just when you think you have it all under control, the data breach notification law landscape changes – again. Over the past few weeks, several data breach notification statutes were updated, including an effective date for Canada’s mandatory breach notification obligations, as well as the adoption of legislation in the two holdout states (Alabama and … Continue Reading

Full Panel of D.C. Circuit Upholds CFPB Structure, Reversing Earlier Decision

Earlier today, an en banc panel of the U.S. Court of Appeals for the D.C. Circuit ruled that the CFPB was constitutionally structured, reversing an earlier decision by a divided three-judge panel and holding that the Dodd-Frank Act permissibly shields the CFPB Director from removal without cause.  The Court’s 7-3 majority opinion only addressed the … Continue Reading

FTC Announces Settlement Involving Connected Toys

Earlier this week, the FTC announced its first settlement involving internet-connected toys. The FTC alleged that the Kid Connect app used with some of VTech’s toys collected personal information from hundreds of thousands of children, and that the company failed to provide direct notice of its privacy practices to parents, or to obtain verifiable consent … Continue Reading

House Antitrust Subcommittee Explores the Role of Antitrust Law in Net Neutrality

On November 1, 2017 the House Antitrust Law Subcommittee held a hearing to discuss the role of federal agencies in preserving an open Internet. The core question discussed at the hearing was whether current antitrust law is sufficient to ensure net neutrality absent FCC rules. The panelists—including FTC Acting Chairman Maureen Ohlhausen and Commissioner Terrell … Continue Reading

FTC Issues Enforcement Policy on Collection and Use of Voice Recordings of Children Under COPPA

On Monday, the FTC issued an Enforcement Policy Statement stating that the Commission will not take action against operators that collect an audio file of a child’s voice as a replacement for written words, such as for translation into text, without first obtaining parental consent, provided the file is retained only for the brief time … Continue Reading

Trump To Nominate Competition-Focused Simons for FTC Chair, CP-Focused Chopra for Commissioner; Reports of Phillips for Additional Seat

After months of speculation among the consumer protection and antitrust bars, Trump announced today his intention to nominate former Director of the Bureau of Competition and current Paul Weiss partner Joseph Simons as Chairman of the Federal Trade Commission.  Trump also announced his plan to nominate Rohit Chopra, currently a senior fellow at the Consumer … Continue Reading

Moonlight Slumber Says “Goodnight” to Misleading and Unsubstantiated “Organic” Advertising Claims After Settlement with FTC

In its first case challenging “organic” claims, the FTC announced a settlement with Moonlight Slumber, LLC  resolving charges that the company misrepresented or could not support a variety of environmental and health-related claims about its baby mattresses. Misleading and Unsubstantiated Claims. The FTC’s complaint asserts that Moonlight advertised its baby mattresses as “organic,” “natural,” “hypoallergenic,” … Continue Reading

Claiming Privacy Shield Participation on Your Website? Lessons from the FTC’s First Privacy Shield Enforcement Action

The Federal Trade Commission recently announced settlements with Decusoft, LLC, Tru Communication, Inc. (doing business as TCPrinting.net), and Md7, LLC, resolving allegations that the companies misrepresented their participation in the E.U.-US and Swiss-US Privacy Shield. The announcement comes just before the first Privacy Shield annual review (scheduled for September 2017) and marks the FTC’s first … Continue Reading

FTC Settles With Lead Generation Firm For Illegally Selling Consumer Data, False Data Security Promises

The FTC announced last week a settlement with Blue Global Media, LLC  and its CEO Christopher Kay.  The company operated 38 Internet domains that solicited online loan applications from consumers.  The applications collected extensive sensitive personal information, including social security numbers, bank routing numbers, credit scores, and incomes. The company represented to consumers it would … Continue Reading

One Employee in Europe Could Trigger New EU Data Protection Obligations

An Update on the New EU General Data Protection Regulation On 16 April 2016, the EU adopted the General Data Protection Regulation (‘GDPR’) which largely rewrites and harmonizes the European legal framework of data protection. The new regulation will become applicable in May 2018, but given the scope and complexity of the GDPR it is … Continue Reading

NetSpend Settles FTC Charges, Resolving Allegations that it Deceived Consumers over Access to Prepaid Funds

Last week the FTC announced that it had reached a settlement with NetSpend over allegations that NetSpend deceived consumers by promising “immediate access” with “guaranteed approval” to money loaded on its general purpose reloadable cards.  Approved 2-1 with a vote by then-Commissioner Ramirez before her resignation, the order prohibits NetSpend from making misrepresentations about the … Continue Reading

Smart TV Manufacturer “Smarting” after $2.2 Million Privacy Enforcement

This week, the FTC announced a settlement with VIZIO, Inc., one of the world’s largest manufacturers of “smart” TVs.  The settlement, also with the Office of the New Jersey Attorney General, arises from claims by regulators that VIZIO installed software that collected viewing data for 11 million consumer TVs without consent.  The $2.2 million settlement … Continue Reading

FTC Announces Changes at the Helm of the Bureau of Consumer Protection; Thomas Pahl to Take Over as Acting Bureau Director Following Jessica Rich’s Departure

Acting Chairman of the Federal Trade Commission Maureen Ohlhausen announced today that Thomas Pahl – a current partner at Arnall Golden Gregory with significant experience at both the FTC and the Consumer Financial Protection Bureau – will take over as Acting Director on February 17.  Jessica Rich will depart as Director of the Bureau of … Continue Reading

EU Data Protection Authority Issues GDPR Action Plan, Swiss Sign Privacy Deal with U.S.

On January 16, 2017, the Article 29 Working Party (“Working Party”)—the EU’s central data protection advisory board—published a press release regarding its Action Plan for 2017, which was adopted as part of its wider implementation strategy for the General Data Protection Regulation (“GDPR”).  The Action Plan follows up on the actions initiated in 2016 and … Continue Reading

New FTC Acting Chair Maureen Ohlhausen Offers Insight into Consumer Protection Priorities

Just over one week after being named acting chair of the Federal Trade Commission (FTC), Maureen Ohlhausen delivered the keynote address at the American Bar Association’s biennial Consumer Protection Conference in Atlanta on February 2. During her remarks, acting chair Ohlhausen offered insight into consumer protection priorities during her tenure as acting chair. First, acting … Continue Reading
LexBlog