Are You Ready for Brazil’s New Data Protection Law?
27 December 2018
The Brazilian General Data Protection Law (“Lei Geral de Proteção de Dados” or “LGPD”), passed by Congress on 14 August 2018, will come into effect on...
Blog: Chronicle of Data Protection | 04 November 2013
On October 22, the FTC announced a settlement with national “rent-to-own” retailer Aaron’s, Inc. on charges that it knowingly assisted its franchisees in tacitly collecting images and information about their customers. Specifically, the FTC alleges that Aaron’s “played a direct and vital role in its franchisees’ installation and use of software on rental computers that secretly monitored consumers including taking webcam pictures of them in their homes.” Aaron’s is a national “rent-to-own” retailer of consumer electronics, residential furniture, and household appliances that allows companies to rent products with an option to purchase them. According to the FTC complaint, between 2009 and January 2012 some of Aaron’s franchisees licensed a software product known as "PC Rental Agent" and installed it on computers rented to consumers. This product enabled the installation of an add-on, Detective Mode, that allowed user activities to be monitored through, among other things, logging keystrokes, capturing screenshots, and using the computer's webcam. They were also able to track the physical location of rented computers. According to the FTC, all of this was done without notifying consumers, and as a result consumers’ personal, medical and financial information was put at risk for unauthorized access. The FTC brought an enforcement action against Aaron’s, a franchisor, even though alleged violations were committed by its franchisees, because according to the FTC Aaron’s provided the franchisees with the “technical capacity to access and use” the software. To use and activate Detective Mode, Aaron's required that franchisees obtain corporate email accounts provided by Aaron’s. Emails were routed through Aaron’s corporate headquarters and stored on servers owned, controlled and maintained by Aaron’s. According to the FTC, Aaron's senior corporate management noted as early as 2010 that “data and information gathered by Detective Mode could be highly intrusive and invaded consumers' privacy.” The FTC also claims that Aaron's IT personnel were aware that company server space was being used to store Detective Mode emails and what data those emails contained, and that Aaron's provided franchisees with instructions on how to install and use the software. The proposed settlement requires Aaron's, for twenty years, to: