May 2012

The Electronic Frontier Foundation and the Immigration Policy Center last week released an interesting report on law enforcement’s increasing efforts to gather biometric data, and associated risks of data inaccuracy, racial profiling, erroneous deportations, security breaches, and privacy invasions.  The report calls for greater accountability in the biometrics context, including collection and retention limitations; clear rules for collection, use, and sharing; robust security; notice requirements; and independent oversight. 

In recent months, a number of policymakers have raised concerns about both public and private collection of biometric data.  For example,Continue Reading Biometric Data Under the Privacy Microscope

The afternoon panels at yesterday’s FTC workshop focused on mobile issues, with the first focusing on mobile advertising disclosures and the second focusing on mobile privacy disclosures.

Some themes were common to both panels.  In particular, panelists in both sessions identified the unique challenges of designing disclosures that will effectively communicate with consumers who often may be distracted because they are multitasking and who are using smaller screens than their desktop-using counterparts.

To address these challenges, panelists said mobile services need to consider consumer expectations in the context of the particular application or transaction. They said that application developers and advertisers must find ways to prioritize the most important disclosures, format them in a way that is meaningful for mobile users, and present the disclosures at a time when consumers are most likely to pay attention to the information — often right before a transaction is completed or before an application transmits personal information.Continue Reading What Happened at the FTC Advertising and Privacy Disclosures Workshop? (Part 2 of 2)

Yesterday, the FTC held a public workshop titled “In Short: Advertising & Privacy Disclosures in a Digital World.”  The workshop explored whether and how the FTC should revise its 2000 guidance concerning advertising and privacy disclosures in the new era of online and mobile technology.

 
This post will highlight the morning workshop sessions on usability research, cross-platform advertising disclosures, and social media advertising disclosures.  A second post will recap the afternoon’s discussions on mobile advertising and privacy disclosures.
 
Presentation on “Usability Research.”  After introductory remarks by Commissioner Ohlhausen, Jennifer King, a Ph.D. candidate at the University of California-Berkeley, briefly presented on “usability research,” an emerging body of research that examines the qualitative aspects of what disclosures users read—and what they ignore—in the online space.  One of the overarching findings she discussed is that Internet users are goal-oriented and will largely focus only on those items that are necessary for completing the task at hand.  Building upon this principle, King proposed that relevant disclosures should be part of the user’s task flow (for example, built into the checkout process) for maximum visibility.  King’s presentation can be viewed on her blog.
 
Panel 1:  Universal and Cross-Platform Advertising Disclosures.  After her presentation, King joined the first panel of the day on “Universal and Cross-Platform Advertising Disclosures,” at which moderator Michael Ostheimer asked questions aimed at determining whether — and how —  the 2000 Dot Com Disclosures guidance should be updated.  A large part of the discussion centered on the use of links to make disclosures in online advertisements and on e-commerce sites.  Three of the panelists — Sally Greenberg, Executive Director of the National Consumers League, Paul Singer, Office of the Texas Attorney General, and King — questioned whether generic links (titled “Disclosure,” for example) are sufficient to put consumers on notice that important terms and conditions attach to the use or purchase of a product.  
 
Other panelists more broadly questioned the utility of guidelines that focus on things like the use and formatting of hyperlinks and the design of banner ads.  Comments from Linda Goldstein,  Promotion Marketing Association, and Steve DelBianco, NetChoice, tended to suggest that the Dot Com Disclosures guidance is outdated and a more flexible approach is appropriate.  Singer, however, championed the guidance’s focus on clarity and prominence, saying these are valuable principles for companies hoping to avoid regulatory scrutiny.
 
Panel 2:  Social Media Advertising Disclosures.  The second panel addressed “Social Media Advertising Disclosures.”  The FTC’s blogger endorsement guidelines were discussed first, and the panelists were largely in agreement on Moderator Richard Cleland’s hypotheticals, concluding as a general matter that if a blogger receives an incentive to review or recommend a product, the blogger should disclose that connection at the same time and in the same space as the endorsement.  
 
When the conversation turned to advertising disclosures on social media platforms like Twitter, the panelist views varied.  A debated issue was how an endorser using Twitter should disclose an arrangement with a company within the platform’s space constraints.  Robert Weissman, President of Public Citizen, said the use of the #spon hashtag — a convention in the Twitter sphere — was not enough, because average consumers do not understand its significance.  Stacey Ferguson, a representative of the blogging community, agreed that a plain language approach is the solution, even at the cost of valuable real estate.  But Malcolm Faulds, a member of the Word of Mouth Marketing Association (but speaking on behalf of BzzAgent, Inc.), disagreed, noting that WOMMA recommends the use of Twitter hashtags like #spon to its members.
 
Ferguson then suggested that the platform itself should be responsible for enabling users to make ad disclosures in a meaningful and clear way.  For example, she noted that Twitter could change the color of tweets that featured advertising.  Other panelists, however, disagreed.  Susan Cooper, Advertising and Product Counsel at Facebook, pointed out the near-impossibility of the Facebook platform to distinguish when a user “likes” a product on her own, and when a user “likes” a product because she has an incentive to do so.  Weissman echoed this sentiment, noting that the “duty lies with the advertiser, not with the platform.”
 
Although the discussion was based largely on hypotheticals, larger themes developed.  Weissman took the position that advertising disclosure guidelines should not cater to the constraints of a specific platform.  “Advertising has to adapt to the existing law, not the other way around,” he argued.  Cooper, however, emphasized that social media advertising disclosures cannot be one-size-fits-all.  “Social media is an umbrella term used broadly to identify several different types of platforms.”  Cooper cautioned that despite the use of a single term to describe the platforms, “the way that users are consuming social media is very different.”  
 
Susan Shook, counsel at Procter & Gamble, suggested that a more flexible approach to advertising disclosures be considered, one that would permit endorsements in an individual’s own words and would allow advertisers to transition easily to new media outlets

This post will highlight the morning workshop sessions on usability research, cross-platform advertising disclosures, and social media advertising disclosures.  A second post will recap the afternoon’s discussions on mobile advertising and privacy disclosures.Continue Reading What Happened at the FTC Advertising and Privacy Workshop? (Part 1 of 2)

According to court documents filed last week, Netflix has agreed to change its data storage practices and pay about $9 million to settle allegations that it unlawfully retained and disclosed customers’ video-viewing histories.  Specifically, Netflix agreed to decouple viewing history from identification information once users have been inactive for a year; to pay $30,000 to the class representatives; to pay up to $2.25 million to class counsel; and to give the remaining funds to nonprofit organizations that provide privacy-related education.  The proposed settlement agreement has been submitted to the court for preliminary approval. 

The injunctive remedies, cy pres relief, and sizable award to class counsel in In re Netflix Privacy Litigation are consistent with settlements reached in earlier privacy-related lawsuits.  For example:Continue Reading Netflix to Settle Video Privacy Suit

The Federal Communications Commission (“FCC”) has released a Public Notice seeking comments on the steps wireless phone carriers are taking to protect the privacy and data security of customer information that is stored on consumers’ mobile devices and on how existing laws apply to the carriers’ information practices. 

Section 222 of the Communications Act and the

Judge Feess of the Central District of California recently rejected Carrier IQ’s attempt to litigate in federal court a class action concerning whether Carrier IQ’s software, installed on a wide range of smart phone devices from many different manufacturers running on various wireless networks, violated California law.  Judge Feess remanded the case to state court

Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers.  Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the company’s information-sharing practices.  While anything is possible in Washington, particularly in a Presidential election year, the expectation is that this bill is unlikely to progress to enactment.

Under H.R. 5817, a financial institution would not be obligated to provide customers with an annual privacy notice so long as the company shares information only in certain limited respects (that are more narrow than those permitted under federal law) and provided that the company has not changed its privacy policies or practices from those disclosed in its most recent privacy notice.   Specifically, the carve-out would only be available to those financial institutions that do not share information in either of the following respects:Continue Reading Proposed Bill Would Limit Annual Privacy Notice Requirement Under GLBA

Last week, the U.S. Supreme Court declined to hear an appeal of a Third Circuit Court of Appeals decision that put an end to a proposed class action lawsuit stemming from a data breach.  The suit, Reilly v. Ceridian Corp., was brought by two individuals who were among approximately 27,000 employees at 1,900 companies whose personal and

Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers.  The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority.  Payment card readers that can be attached to a smartphone or