The Federal Trade Commission (FTC), the US’s chief privacy and data security enforcement agency, released its 2018 annual report highlighting the FTC’s recent enforcement, advocacy, and rulemaking activity. In 2018, the FTC brought close to 40 enforcement actions addressing a wide range of privacy issues, including against: (1) a peer-to-peer payment company for misrepresenting its security systems and privacy settings; (2) a consumer reporting agency for failure to take reasonable steps to ensure the accuracy of information subject to the Fair Credit Reporting Act; (3) an electronic toy manufacturer for failure to implement adequate safeguards and for violating the Children’s Online Privacy Protection Act by collecting children’s data without obtaining parental consent; and (4) five separate companies for misrepresenting their certification status with the EU-US Privacy Shield Framework.
FTC 2018 Privacy & Data Security Update