On Episode 4 of the Davis Polk Dialogues podcast, Avi Gesser joined Davis Polk partners Jon Leibowitz and Ronan Harty and former Federal Trade Commission (“FTC”) official Eileen Harrington to discuss the FTC’s Hearings on Competition and Consumer Protection in the 21st Century.  The episode covers, among other topics, the
Continue Reading

Momentum is building in Congress for federal privacy legislation and several states have their own privacy laws in the works.  But, as concerns grow that companies are collecting and sharing personal information about U.S. residents without their knowledge and not adequately protecting that data, regulators and plaintiffs aren’t waiting for
Continue Reading

In our first Cyber Blog post, we predicted that the rules-based approach adopted by the NYDFS would become the model for cybersecurity regulation.  Two years later, we’re feeling pretty good about that prediction, as the FTC recently proposed incorporating a number of aspects of the NYDFS cybersecurity rules into
Continue Reading

On June 6, 2018, the Eleventh Circuit vacated a cease and desist order issued by the FTC against LabMD as unenforceably vague.  The FTC’s Order, which resulted from a finding that LabMD had failed to maintain an adequate cybersecurity program, directed LabMD to “establish and implement, and thereafter maintain,
Continue Reading

On April 30, 2018, BLU Products, Inc. (“BLU”) reached a settlement with the Federal Trade Commission (“FTC”) over allegations that BLU allowed ADUPS Technology Co. LTD (“ADUPS”) to collect detailed personal information about BLU’s consumers without their knowledge or consent, despite BLU’s assurances that
Continue Reading

On April 23, 2018, Senators Klobuchar (D-Minn.) and Kennedy (R-La.) introduced the Social Media Privacy Protection and Consumer Rights Act of 2018 (“the Act”), which was referred to the Senate Commerce Committee. Like the CONSENT Act introduced by Senators Markey (D-Mass.) and Blumenthal (D-Conn.)—discussed in detail in our
Continue Reading

Plaintiffs in data breach cases have tried many theories of recovery, including negligence, negligence per se, violations of state data protection statutes, violations of the Fair Credit Reporting Act, breach of fiduciary duty, and violations of the constitutional right to privacy, with mixed results.

Courts have rejected many of these
Continue Reading