Although the entire Rule has been vacated, businesses offering negative option programs should remain aware of general unfair and deceptive advertising principles and applicable state law requirements.
KEY POINTS: On July...more
The first updates to the COPPA Rule since 2013 impose new obligations for sharing children’s personal information with third parties.
On April 22, 2025, the Federal Trade Commission (FTC or Commission) published the final...more
5/15/2025
/ Amended Regulation ,
Biometric Information ,
Compliance Dates ,
COPPA ,
Data Privacy ,
Data Security ,
Data-Sharing ,
Federal Trade Commission (FTC) ,
Online Safety for Children ,
Parental Consent ,
Personal Information
Companies with B2C or B2B recurring payment programs that include negative option terms now have until July 14, 2025, to ensure their disclosure, consent, and cancellation practices are compliant with the Negative Option...more
Companies with B2C or B2B recurring payment programs that include negative option terms should review their disclosure, consent, and cancellation practices to ensure compliance with the rule....more
5/9/2025
/ Auto-Renewal ,
Automatic Renewals ,
B2B Transactions ,
Compliance ,
Consumer Protection Laws ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Negative Option Rule ,
Regulatory Requirements ,
Subscription Services ,
Unfair or Deceptive Trade Practices
New DOJ guidance helps companies understand their obligations under the DSP, which could severely impact investment agreements and ordinary commercial data transactions.
On April 11, 2025, the US Department of Justice...more
The rule impacts both B2B and B2C subscription autorenewals and other negative option programs; however, significant legal challenges could impact the rule’s implementation....more
1/16/2025
/ B2B Transactions ,
B2C ,
Compliance ,
Consumer Contracts ,
Consumer Financial Products ,
Disclosure Requirements ,
Enforcement Actions ,
Federal Trade Commission (FTC) ,
Final Rules ,
FTC Act ,
Regulatory Agenda ,
Regulatory Requirements ,
Subscription Services ,
Unfair or Deceptive Trade Practices
On December 20, 2023, the Federal Trade Commission (FTC or Commission) issued a Notice of Proposed Rulemaking (Notice) recommending amendments to the Children’s Online Privacy Protection Rule (COPPA Rule or Rule).
The FTC...more
1/11/2024
/ COPPA ,
Data Protection ,
Data Retention ,
Data Security ,
Federal Trade Commission (FTC) ,
NPRM ,
Online Platforms ,
Online Safety for Children ,
Parental Consent ,
Personally Identifiable Information ,
Proposed Rules ,
Websites
The amended rules follow the Biden Administration’s “whole of government” approach to maximizing notifications to executive agencies of cybersecurity events.
On December 21, 2023, a divided Federal Communications...more
1/4/2024
/ Amended Rules ,
Biden Administration ,
Breach Notification Rule ,
Broadband ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity Information Sharing Act (CISA) ,
Data Breach ,
FCC ,
Personally Identifiable Information ,
Telecommunications
On October 11, 2023, the FTC issued a Notice of Proposed Rulemaking and Request for Public Comment titled “Trade Regulation Rule on Unfair or Deceptive Fees” (the Proposed Rule). The FTC said the Proposed Rule “would prohibit...more
Florida’s law introduces novel provisions that depart from existing US state privacy laws, which businesses will need to carefully consider.
With passage of Florida’s Digital Bill of Rights, along with the Texas Data...more
7/11/2023
/ Compliance ,
Consumer Privacy Rights ,
Covered Entities ,
Data Controller ,
Enforcement ,
Governor DeSantis ,
New Legislation ,
Notice Requirements ,
Privacy Laws ,
Search Engines ,
State Privacy Laws
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches.
...more
Companies should take steps now to prepare for the new rules and expectations.
The US government continues to expand regulatory requirements around notification and disclosure of major cyberattacks or incidents. ...more
Utah enacts data privacy legislation in the mold of California, Colorado, and Virginia, but with less onerous requirements for businesses, in what is expected to be a model for more states going forward.
On March 24, 2022,...more
Following recent setbacks, the FTC seeks a foothold for monetary remedies in the online advertising space.
On October 13, 2021, the Federal Trade Commission (FTC) sent a Notice of Penalty Offenses Concerning Endorsements...more
President Biden signed an executive order to bolster the federal government’s cybersecurity posture on May 12. The order focuses on implementing vital improvements to networks of federal departments and agencies, many of...more
6/9/2021
/ Biden Administration ,
Cyber Attacks ,
Cybersecurity ,
Cybersecurity Information Sharing Act (CISA) ,
Executive Orders ,
Federal Acquisition Regulations (FAR) ,
Federal Contractors ,
Government Agencies ,
National Security ,
Notice Requirements ,
Risk Assessment ,
Risk Management
The Act represents an accelerating trend among US states to attempt to pass comprehensive privacy legislation in the wake of the CCPA.
On March 2, 2021, Virginia Governor Ralph Northam signed comprehensive state privacy...more
With the new administration poised to take office, public and private companies will need to consider how President Biden’s regulatory, enforcement, and legislative priorities will affect their businesses. During this...more
2/17/2021
/ Administrative Law Judge (ALJ) ,
Antitrust Provisions ,
Biden Administration ,
Broadband ,
CFIUS ,
Climate Change ,
Commodities ,
Congressional Oversight ,
Cybersecurity ,
Data Privacy ,
Energy Policy ,
Energy Sector ,
Environmental Policies ,
FCC ,
Health Care Providers ,
Investigations ,
Legislative Agendas ,
Life Sciences ,
Net Neutrality ,
Regulatory Agenda ,
Sanctions ,
Securities Regulation ,
White Collar Crimes
Slaughter discusses the FTC’s priorities under the new administration, including ed-tech, health apps, and racial equity.
On February 10, 2021, in her first major speech as acting chair of the Federal Trade Commission...more
Background -
2020 was a busy year on the global data privacy front, and marks the first full year of the California Consumer Privacy Act (CCPA). Businesses that posted their CCPA Privacy Policy in January 2020 will need...more
Buyers in M&A transactions should consider a number of due diligence items in response to COVID-19 and the governmental response thereto.
As parties pursue mergers and acquisitions transactions during, and in the wake of,...more
While still in draft form, the modifications both clarify certain obligations and introduce new uncertainty for businesses covered by the CCPA.
Key Points:
..On February 7 and 10, 2020, the California AG announced and...more
Eliminating the risk of business email compromise (BEC) attacks requires all parties to a financial transaction to pay close attention to email security, financial controls, and communication protocols.
Key...more
2/21/2020
/ Cyber Threats ,
Department of Justice (DOJ) ,
Electronically Stored Information ,
Email ,
FBI ,
Financial Fraud ,
Financial Transactions ,
Fraud ,
Risk Management ,
Security and Privacy Controls ,
Wire Fraud
US regulators are calling attention to financial firms’ obligations to protect against evolving cybersecurity threats.
On October 2, 2019, the Financial Industry Regulatory Authority (FINRA) issued an information notice to...more
11/26/2019
/ Business E-Mail Compromise (BEC) ,
CFTC ,
Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Protection ,
Data Security ,
Enforcement Actions ,
Financial Industry Regulatory Authority (FINRA) ,
Information Systems Security Program (ISSP) ,
National Futures Association ,
New Guidance
Covered businesses have much work to do to revise disclosures, implement choice mechanisms, and design compliant data subject request programs.
Key Points:
..The Attorney General’s draft regulations, released on October...more
The Act’s final statutory form has taken shape, leaving the 2018 version of the law largely intact.
Key Points:
..The California State Senate and Assembly have completed their legislative session, passing only modest...more