Blog
FTC warns that quietly changing privacy policies could be deceptive
February 19, 2024
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
USA
FTC warns quietly changing privacy policies could be deceptive
A blog post from the FTC reminded companies that simply changing the terms of a privacy policy to allow for expanded use of personal data, including to train AI models or to share with third parties, may be unfair or deceptive if the change is made retroactively without notifying consumers or getting their consent. In essence, “a business that collects user data based on one set of privacy commitments cannot then unilaterally renege on those commitments after collecting users’ data.”
The FTC said it would continue to bring actions against companies that surreptitiously re-write their privacy policies or terms of use in such a manner.
TAKEAWAY
The concept that changing a privacy policy and applying it retroactively without notice or consent may be deceptive isn’t new and hopefully doesn’t come as a surprise to many companies. However, this is the second post from the FTC in less than two months reminding companies to uphold their privacy commitments in the context of AI, the first focusing on promises made by “model-as-a-service companies” regarding use of data. We can probably expect, therefore, that the FTC will have its eye on companies that use data for AI and their transparency about such use to their consumer and business customers.
EUROPE
Bavaria conducts enforcement sweep of non-compliant cookie banners
The Bavarian Data Protection Authority checked the cookie banners of around 1,000 websites and found around 350 violations of its requirements, including that a “Reject All” option is present and not hidden, worded differently, or otherwise less prominent. The DPA has contacted the violating website providers to correct the violations.
TAKEAWAY
Bavaria isn’t the only DPA to emphasize the need for an equally prominent “reject all” option on cookie banners. The ICO recently sent warning letters to the UK’s top websites requiring that they make it as easy for users to “reject all” advertising cookies as it is to “accept all” and warned that they plan to steadily make their way through the list of websites offering services to UK users. DPAs in other jurisdictions, including Greece, France and Hamburg, have conducted similar enforcement.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
Sourcepoint Expands European Footprint and CTV Offerings Through Strategic Acquisition of Sibbo CMP
April 25, 2024Sourcepoint has announced the expansion of its European operation...
Nebraska Becomes 16th State to Enact Comprehensive Privacy Law
April 22, 2024The Nebraska Data Privacy Act will take effect January...
Bicameral, bipartisan discussion draft of federal privacy bill announced
April 15, 2024If passed, the American Privacy Rights Act, a comprehensive...
Latest White Papers
Benchmark Report: US Privacy Compliance
August 19, 2022The current state of publisher compliance with CCPA, and...
Ebook: A Publisher’s Guide to Vendor List Curation
December 16, 2021How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.