When it comes to consumer privacy and data security, your clients and colleagues want the word on what’s been happening at the FTC – and they want it in an accessible, to-the-point format. The agency’s 2020 Privacy and Data Security Update is ready for you to read, post, and share.
Building on decades of experience in consumer privacy and data security enforcement, the FTC announced a number of notable cases in 2020. Here are a few highlights:
- Privacy. In addition to final court approval of the FTC’s settlement with Facebook, 2020 saw the Commission’s action against Zoom to address false and deceptive encryption claims and Zoom’s unfair practice of secretly installing software that bypassed a security feature in Apple’s Safari browser.
- Data security. Settlements with “smart” lock maker Tapplock, emergency travel services business SkyMed International, and mortgage industry analytics company Ascension Data & Analytics all include enhanced orders that impose greater accountability on businesses.
- FCRA. Actions against retailer Kohl’s Department Stores, mortgage company Mount Diablo Lending, and background report business AppFolio demonstrate that the Fair Credit Reporting Act is celebrating its 50th birthday with renewed vigor.
- COPPA. Cases against HyperBeard and Miniclip demonstrate the FTC’s continued commitment to enforcing the Children’s Online Privacy Protection Rule.
- Telemarketing. Actions against companies that engaged in or facilitated illegal telemarketing, including VoIP service providers like Alcazar Networks, are the latest efforts to protect consumers from unwanted calls. 2020 also marked the end to the decade-long litigation by the FTC and California, Illinois, North Carolina, and Ohio against Dish Network, resulting in $210 million in total financial remedies.
The FTC enforces more than a dozen rules designed to protect the privacy and security of consumers’ personal information. In 2020 reviews were underway for a number of those regulations, including the Health Breach Notification Rule and the COPPA Rule.
Reports and studies
Section 6(b) of the FTC Act authorizes the Commission to conduct wide-ranging studies based on information from companies submitted in the form of Special Reports. In 2020, the FTC issued 6(b) orders to nine social media and video streaming services: Amazon.com; ByteDance Ltd. (TikTok); Discord Inc.; Facebook, Inc.; Reddit, Inc.; Snap Inc.; Twitter, Inc.; WhatsApp Inc.; and YouTube LLC. The orders require them to provide data on how they collect, use, track, and present personal and demographic information; their advertising and user engagement practices; and how their practices affect kids and teens. In addition, the FTC submitted three reports to Congress in 2020 related to its privacy and data security efforts: Fair Credit Reporting Act: Efforts to Promote Consumer Report Accuracy and Disputes, Resources Used and Needed for Protecting Consumer Privacy and Security, and FTC’s Use of its Authorities to Protect Consumer Privacy and Security.
Last year the FTC hosted three workshops to bring stakeholders together to discuss key privacy and security issues: Information Security and Financial Institutions: An FTC Workshop to Examine Safeguards Rule, PrivacyCon 2020, and Data to Go: An FTC Workshop on Data Portability.
Consumer education and business guidance
In 2020 the FTC distributed millions of copies of consumer education materials in both English and Spanish on topics like identity theft, internet safety for children, mobile privacy, credit reporting, Do Not Call, and computer security. The FTC updated its IdentityTheft.gov site and published dozens of posts on its Consumer Blog to alert readers to the latest scams that could put their information at risk. For businesses, the FTC continues to publish an extensive library of resources – including a suite of materials on cybersecurity for small business – and ran 55 Business Blog posts on topics to help companies honor their privacy promises and protect sensitive information in their possession.
In 2020 the FTC continued to work with foreign privacy authorities, international organizations, and global privacy networks to encourage cooperation in privacy and data security investigations. The FTC also played a role in advocating for globally-interoperable privacy protections for consumers. Another major priority in 2020: participating in policy deliberations and projects on privacy and data security internationally, including the global response to the COVID-19 pandemic.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
- We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
- We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
- We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
- We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to ReportFraud.ftc.gov.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.