Most companies are familiar with the Children’s Online Privacy Protection Act (COPPA) and its requirement to obtain parental consent before collecting personal information online from children under 13. Yet COPPA also includes an information deletion requirement of which companies may be unaware. On May 31, 2018, the Federal Trade Commission (FTC) published a blog post
In the last few years, as advertising has followed consumers from legacy media such as television to online video and social media platforms, the Federal Trade Commission has been attempting to ensure that participants in this new advertising ecosystem understand the importance of complying with the FTC’s “Guides Concerning the Use of Endorsements and Testimonials in Advertising,” or the endorsement guides. The endorsement guides require advertisers and endorsers (also referred to as influencers) to, among other things, clearly and conspicuously disclose when the advertiser has provided an endorser with any type of compensation in exchange for an endorsement.
A failure to make appropriate disclosures may be a violation of Section 5 of the Federal Trade Commission Act, which prohibits unfair or deceptive acts or practices. In recent enforcement actions, press releases, guidance, closing letters and letters sent directly to endorsers (including prominent public figures), the FTC has made clear its belief that: (1) appropriate disclosures by influencers are essential to protecting consumers; and (2) in too many instances, such disclosures are absent from celebrity or other influencer endorsements.…
Companies that offer services, whether online or offline, to consumers on a subscription or other automatic renewal basis should be aware that such offers are heavily regulated at both the federal and state levels. A recent amendment to Section 17602 of California’s Business and Professions Code provides a good opportunity for businesses that make subscription offers to review their practices. As of July 1, 2018, the obligations under California law will expand in two ways that may require businesses to update those practices.
The first change relates to the information that businesses must provide to consumers regarding the terms of a subscription offer. The current law already requires a business to provide certain information about the renewal process—such as the amount of the recurring charges, the length of the renewal period, and the cancellation policy—both before the consumer accepts the agreement, and afterwards in an acknowledgement. The amendment provides that, as of July 1, 2018, if the offer includes any free trial or gift component, the information provided to consumers must also include a “clear and conspicuous explanation of the price that will be charged after the trial ends or the manner in which the subscription or purchasing agreement pricing will change upon conclusion of the trial.”…
With much fanfare, the Federal Trade Commission (FTC) continues to take actions relating to so-called “social media influencers” who allegedly fail to disclose material connections to the products or brands they endorse. Recurring enforcement actions and guidance—and the FTC’s ongoing promotion of its own efforts, such as through Twitter chats—make it clear that the FTC believes that its message has still not been heard by all of the players in this advertising ecosystem, including influencers themselves.
In short, any endorsements in any medium where the endorser has a material connection of any kind to the endorsed advertiser must be disclosed.
The most recent developments include an enforcement action against a company—and two of its officers—in connection with endorsements of the company made by the officers in YouTube videos and in social media. Before turning to this case, however, we provide a brief overview of how the FTC has gotten here. …
Recent challenges to the Federal Trade Commission’s (FTC) authority to police data security practices have criticized the agency’s failure to provide adequate guidance to companies.
In other words, the criticism goes, businesses do not know what they need to do to avoid a charge that their data security programs fall short of the law’s requirements.
A series of blog posts that the FTC began on July 21, 2017, titled “Stick with Security,” follows promises from acting Chair Maureen Ohlhausen to provide more transparency about practices that contribute to reasonable data security. Some of the posts provide insight into specific data security practices that businesses should take, while others merely suggest what, in general, the FTC sees as essential to a comprehensive data security program.…
If your company collects information regarding consumers though Internet-connected devices, you will want to take note of the Federal Trade Commission’s (FTC) recent privacy-related settlement (brought in conjunction with the New Jersey Attorney General) with smart TV manufacturer Vizio, Inc. The settlement is significant for four reasons:
- The FTC reinforces the position it has taken in other actions that the collection and use of information in a way that would surprise the consumer requires just-in-time notice and choice in order to avoid a charge of deception and/or unfairness under Section 5 of the FTC Act.
- The FTC takes the position that television viewing activity constitutes sensitive data. This marks a departure from its approach of limiting sensitive data to information that, for example, can facilitate identity theft, precisely locate an individual, is collected online from young children or relates to matters generally considered delicate (such as health information).
- The settlement includes a payment of $1.5 million to the FTC (as well as payment of civil penalties to New Jersey), but the legal basis for the FTC payment is not stated. This could suggest that the FTC will more aggressively seek to obtain injunctive monetary relief in Section 5 cases.
- Acting Chairwoman Maureen Ohlhausen explicitly noted in a concurring statement her skepticism regarding both the allegation that TV viewing data is “sensitive” and that the FTC’s complaint adequately established that the practices at issue constitute “substantial injury” under the unfairness prong of Section 5.
Leaving aside what the chairwoman’s concurrence may portend for future enforcement efforts, the FTC again seems to be using allegedly bad facts about privacy practices to push the envelope of its authority. Accordingly, with the Internet of Things boom fueling a dramatic increase in the number of Internet-connected devices, companies that either collect information via such devices or make use of such collected information should consider the implications of this enforcement action.
Well over a year after holding a workshop addressing privacy issues associated with cross-device tracking, Federal Trade Commission (FTC) staff have issued a report. The report sets the stage by describing how cross-device tracking works, noting its “benefits and challenges,” and reviewing (and largely commending) current industry self-regulatory efforts.
The report also makes recommendations, which—while building upon the staff’s traditional themes of transparency and choice—do not introduce any materially new suggestions for compliance.
The staff’s recommendations do not have the force of law, but they do indicate the steps that the staff believes a company should take in order to avoid a charge of unfairness or deception under Section 5 of the FTC Act.
A Quick Review of Cross-Device Tracking
As more consumers utilize multiple devices in their daily lives, more and more companies are using new technologies to attempt to ascertain that multiple devices are connected to the same person. This is generally done through the use of either deterministic information (e.g., by recognizing a user through the log-in credentials he or she uses across different devices) or probabilistic information (i.e., by inferring that multiple devices are used by the same person based on information about the devices, such as IP address, location, and activities on the devices).
Recent enforcement decisions within the digital advertising industry indicate a shift in—and a clarification of—the required disclosures for companies engaged in interest-based advertising (IBA).
Social media is all about innovation, so it is no surprise that social media marketers are always looking for innovative ways—such as courting social media “influencers” and using native advertising—to promote products and services to customers and potential customers. But, as the retailer Lord & Taylor recently learned, the legal rules that govern traditional…
In a new report, the Federal Trade Commission (FTC) declines to call for new laws but makes clear that it will continue to use its existing tools it to aggressively police unfair, deceptive—or otherwise illegal—uses of big data. Businesses that conduct big data analytics, or that use the results of such analysis, should familiarize themselves with the report to help ensure that their practices do not raise issues.
The report, titled “Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues” grew out of a 2014 FTC workshop that brought together stakeholders to discuss big data’s potential to both create opportunities for consumers and discriminate against them. The Report aims to educate businesses on key laws, and also outlines concrete steps that businesses can take to maximize the benefits of big data while avoiding potentially exclusionary or discriminatory outcomes.
What Is “Big Data”?
The Report explains that “big data” arises from a confluence of factors, including the nearly ubiquitous collection of consumer data from a variety of sources, the plummeting cost of data storage, and powerful new capabilities of drawing connections and making inferences and predictions from collected data. The Report describes the life cycle of big data as involving four phases:
- Collection: Little bits of data are collected about individual consumers from a variety of sources, such as online shopping, cross-device tracking, online cookies or the Internet of Things (i.e., connected products or services).
- Compilation and Consolidation: The “little” data is compiled and consolidated into “big” data, often by data brokers who build profiles about individual consumers.
- Data Mining and Analytics: The “big” data is analyzed to uncover patterns of past consumer behavior or predict future consumer behavior.
- Use: Once analyzed, big data is used by companies to enhance the development of new products, individualize their marketing, and target potential consumers.
The Report focuses on the final phase of the life cycle: the use of big data. It explores how consumers may be both helped and harmed by companies’ use of big data.
Benefits and Risks of Big Data
The Report emphasizes that, from a policy perspective, big data can provide significant opportunities for social improvements: big data can help target educational, credit, health care, and employment opportunities to low-income and underserved communities. For instance, the Report notes that big data is already being used to benefit underserved communities, such as by providing access to credit using nontraditional methods to establish creditworthiness, tailoring health care to individual patients’ characteristics, and increasing equal access to employment to hire more diverse workforces.…