The Federal Trade Commission (FTC), the federal consumer protection agency created in 1914 to break up large, anticompetitive monopolies, has recently focused its efforts in regulating consumer privacy and data protection. Although some specific kinds of data are subject to various federal legal requirements—such as medical information under HIPAA—and states have their own laws governing
Alleging a “mere statutory violation” is not sufficient to confer Article III standing for a federal cause of action according to a recent ruling of the United States Supreme Court in Spokeo, Inc. v. Robins, __ U.S. __, 136 S.Ct. 1540 (2016), in the context of an alleged violation of the Fair Credit Reporting Act
Whether we like it or not, whether we adopt similar legislation in the U.S. or not, the stringent requirements of the General Data Protection Regulations (“GDPR”) are coming and the requirements are becoming boilerplate language in U.S. contracts. This will impact businesses as it relates to their operations, contract negotiations and, eventually, exposure to liability.