Author: chris

Here’s a Q&A I did with BNA’s Privacy and Security Law Report on the Wyndham decision. [pdf-embedder url=”https://hoofnagle.berkeley.edu/ftcprivacy/wp-content/uploads/2016/02/hoofnagleInt.pdf”]

My newest article is FTC-relevant. In Native Advertising and Endorsement: Schema, Source-Based Misleadingness, and Omission of Material Facts, my former student, Eduard Meleshinsky and I explain why native advertising may mislead consumers and we present evidence from an experiment where we presented survey respondents with an advertorial. Let me say here that if you are…

The Wyndham case has settled. Here are several observations about the settlement: If Wyndham obtains a clean PCI-DSS assessment, Wyndham enjoys a presumption that it is in compliance with the requirement to have a “comprehensive information security program.” The presumption is important, because it is in effect a safe harbor from civil penalty/contempt actions. The…

For decades, the FTC went into a period of dormancy where the agency appeared to get very little done. Much of the agency’s activity was focused on convening various industries for “Trade Practice Conferences,” where the FTC would oversee the creation of voluntary rules by business leaders. The minutes from the FTC’s activities in the…

I’m in the process of updating my post on TRENDnet. It turns out that the FTC agreed with me that TRENDnet’s initial assessment left something to be desired. The Agency requested that TRENDnet submit a supplemental report, available here. I’m also writing up an essay about Google’s interim assessment report covering 2012-2014, available here [updated…

According to Dissent, in an initial order, the Administrative Law Judge in LabMD dismissed the FTC’s complaint against the company Friday. The FTC should appeal this decision—not to punish LabMD, but rather to clarify its power to pursue matters under the unfairness power. The initial decision is another example of how the FTC is haunted…

Thanks to the Privacy Bridges effort, we are having a constructive conversation at the Data Protection and Privacy Commissioners Conference about how companies can do the right thing as they operate globally. Several elephants are in the room—the Safe Harbor being most prominent. Yet, that solution cannot emerge from this conference. Another elephant could be…

Historians of consumerism have recognized three waves of consumer movements. The first surrounded the passage of the 1906 Food and Drug law. The second took hold after the great depression, and reached its height with the passage of amendments to the FDA Act and the Wheeler–Lea Amendments to the FTC Act. The third was actuated…

When companies settle FTC charges, they often agree to extended periods of oversight by the Agency. The FTC requires companies to be regularly assessed by an outside firm during the oversight period. In my forthcoming book, I argue that this assessment model is inapt for the Commission for several reasons. The 2014 assessment report by…

In 2009, FaceBook made major changes to privacy settings of its users that became part of the basis of FTC charges against the company. Prior to the 2009 changes, Facebook CEO Mark Zuckerberg announced that the service would radically change its privacy policies. Later Zuckerberg explained, “People have really gotten comfortable not only sharing more…

Should privacy be a matter of individual choice and individual responsibility, or an inherent part of products and services? Should public policy focus on educating the consumer, or on creating incentives to building attributes into the structure of products? Lessons from the 1950s–60s battle over car safety features some of the same public debates as…

Policy arguments and analyses abound with ahistorical argument concerning technology and privacy. In these arguments, privacy is often presented as a modern concept, one that came into focus with the rise of the commercial internet. Privacy is not a modern concept; it is deeply embedded in the values of Western culture.[1] Nor are conflicts among…