The Federal Trade Commission’s 2017 Privacy and Data Security Update

The Federal Trade Commission (FTC) released its annual report for 2017 comprising its privacy and data security work. The FTC has authority to enforce a variety of sector specific laws, including the CAN-SPAM Act, the Children’s Online Privacy Protection Act, the Fair Credit Reporting Act, and the Telemarketing and Consumer Fraud and Abuse Prevention Act, among others. Among the actions concerning privacy and security announced in 2017 are the settlements with computer manufacturers Lenovo and Vizio, as well as FTC’s first actions enforcing the EU-U.S. Privacy Shield framework. The FTC organised events and workshops in relation to the security and privacy issues, such as those about connected cars, students’ privacy and education technology, the changing nature of identity theft, and informational injury. Moreover, in January 2018, the FTC announced the agency’s first children’s privacy and security case on connected toys against electronic toy maker VTech. The company agreed to pay 650,000 USD to settle allegations that it violated the Children’s Online Privacy Protection Act by collecting personal information from children without providing direct notice and obtaining parent’s consent, as well as failing to take reasonable steps to secure the data it collected. On 28 February 2018, the FTC will host their third annual PrivacyCon event.