On January 24, 2025, a three-judge panel in the U.S. Court of Appeals for the Eleventh Circuit held in Insurance Marketing Coalition v. FCC, No. 24-10277, that the Federal Communications Commission’s (FCC) one-to-one consent requirement rule (the “FCC Rule”) went beyond the FCC’s authority under the Telephone Consumer Protection Act (“TCPA”). The court held

Gerard Stegmaier
New Target in Sight: FTC Zeroes in on Algorithmic Pricing Models Based on Personal Data
Witnessing the race to harness the power of Artificial Intelligence (“AI”) by markets and businesses, the Federal Trade Commission (“FTC”), recently issued a warning over the emerging technology and its ever-widening use cases. Citing its authority under Section 6(b) of the FTC Act, the Commissioners voted 5-0 on July 19 in favor of issuing investigative…
Personal Jurisdiction Doctrine Shows Teeth as First Circuit Dismisses Class Action Wiretapping Claim
The First Circuit Court of appeals has affirmed that specific personal jurisdiction must be based on defendants’ intentional conduct. In affirming the dismissal of a consumer class action that alleged “wiretapping” claims based on ordinary website activity, the federal appeals court’s decision reflects growing judicial skepticism toward the proliferation of class action claims applying…
SEC Issues Final Cybersecurity Rules Enhancing and Modifying Disclosure Requirements: Companies will want to Measure Twice and Cut Once
On July 26, 2023, the U.S. Securities and Exchange Commission (“SEC”) adopted new rules specifying enhanced disclosure regarding cybersecurity risk management, strategy governance, and incident disclosure. The SEC first proposed new cybersecurity rules back in March 2022. The agency’s comments to the final rule suggest greater disclosure and improved consistency of disclosures will benefit investors. Several of the key aspects of the final rules are outlined below, and ultimately will probably be navigable for organizations with meaningful incident response and evaluation experience as well as robust risk management programs which already include and evaluate cybersecurity.Continue Reading SEC Issues Final Cybersecurity Rules Enhancing and Modifying Disclosure Requirements: Companies will want to Measure Twice and Cut Once
Unanimous Supreme Court limits FTC and other agencies’ investigative power
In the latest of a recent string of judicial rebukes, the Supreme Court’s unanimous decision in Axon Enterprise, Inc. v. FTC offers the targets of Federal Trade Commission (“FTC”) and other agencies’ administrative proceedings a path to quicker judicial relief. Historically, courts have been reluctant to permit immediate challenges to investigations and adjudications without forcing the targets to wait for the resolution of all agency proceedings. While aptly referred to as the doctrine of “exhaustion,” the result, as Justice Gorsuch observed, is that “agencies sometimes use this as leverage to extract settlement terms they could not lawfully obtain any other way.” The Court’s decision in Axon not only deprives the FTC of a potential source of leverage, but it also increases the likelihood that companies faced with investigations may turn to the courts for relief at an earlier stage. The decision comes at a time when the FTC’s powers and attempts to exercise those powers have been called into question by the bar, members of Congress, and by courts.Continue Reading Unanimous Supreme Court limits FTC and other agencies’ investigative power
Kids’ Smart Watchmaker Updates Privacy Practices at Safe Harbor’s Direction
On March 8th, the Children’s Advertising Review Unit (“CARU”), a FTC-approved safe harbor organization that monitors compliance with the Children’s Online Privacy Protection Act (“COPPA”), announced it had found TickTalkTickTalk––a children’s smart watchmaker and one of CARU’s member organizations—in violation of COPPA and CARU’s privacy guidelines.
Continue Reading Kids’ Smart Watchmaker Updates Privacy Practices at Safe Harbor’s Direction
SEC proposes cybersecurity rules for registered funds and investment advisers
The Securities and Exchange Commission (SEC) is proposing new rules to require registered funds (RFs) and investment advisers (RIAs) to implement comprehensive cybersecurity programs. Under the proposed rules, the SEC seeks to accomplish four main objectives, requiring RFs and RIAs to:
- Maintain and implement cybersecurity policies and procedures;
- Adopt new recordkeeping standards;
- Report significant cybersecurity incidents to the commission; and
- Disclose cybersecurity risks and incidents to clients and investors.
Continue Reading SEC proposes cybersecurity rules for registered funds and investment advisers
Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action
Maryland and California look to join the list of states that not only regulate biometric data but provide consumers with the opportunity to seek hefty statutory damages and attorney’s fees from offending businesses. Similar to Illinois’ oft-litigated Biometric Information Privacy Act (“BIPA”), both bills would also (i) require written consent prior to the collection of biometric information; (ii) impose BIPA-like security measures, and (iii) mandate specific retention criteria, as described below.
Continue Reading Maryland and California Propose Biometric Privacy Legislation that Would Include Illinois-Like Private Rights of Action
Chinese data security laws increasingly create roadblocks for litigants seeking discovery in U.S. courts
Two Chinese information security laws, the Data Security Law (“DSL”) and the Personal Information Protection Law (“PIPL”), are creating difficulties for parties involved in litigation in the United States seeking discovery materials stored in China.
Both the DSL and the PIPL require data processors to obtain approval from the Chinese government before transferring any data stored in China to a foreign court or law enforcement authority, or otherwise face significant penalties such as fines in the millions of dollars.
Litigants in the U.S. should be aware that the DSL and PIPL may impose significant costs and delays in the discovery process, and may be used to avoid turning over certain materials.Continue Reading Chinese data security laws increasingly create roadblocks for litigants seeking discovery in U.S. courts
Prior notice required in New York to monitor employees’ electronic communications
Beginning in May 2022, employers in New York state will be required to make certain disclosures to their workers if they engage in electronic monitoring of employee communications. On November 8, a bill signed into law by Governor Kathy Hochul requires that all employers provide written notice to newly-hired employees if they intend to monitor…