The Digital Advertising Alliance (DAA), a consortium of the nation’s largest media and marketing associations that has established self-regulatory standards for online behavioral advertising, announced on May 7 that the Council of Better Business Bureaus and the Direct Marketing Association will begin enforcement of the Application of Self-Regulatory Principles to the Mobile Environment (DAA Mobile

As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and industries. Our sense is that it would be uphill battle for this sort of sweeping privacy legislation to gain traction in Congress over the next two years.

We have answered your key questions about this proposed legislation below, including:

Who would the bill apply to?

How is “personal data” defined under the bill?

What are the substantive obligations?

Are there any safe harbors?

How would the bill be enforced?

Does the bill preempt state laws?

Continue Reading White House Privacy Bill: A Deeper Dive

The White House’s much anticipated draft privacy legislation has now been released.   We are digesting its content now and will post an update with some additional comments shortly.

The draft appears to include an expansive definition of “personal data.”  In addition, early press reports note that the draft bill would require companies to inform consumers

Making good on its warnings that mobile apps will be an enforcement priority under the revised Children’s Online Privacy Protection Act (“COPPA”) Rule, the FTC has announced two settlements with mobile app developers:

  1. TinyCo., the developer of several child-directed mobile apps, will pay $300,000 to settle charges that it violated COPPA by collecting children’s email

Last week, the Online Interest-Based Advertising Accountability Program released a compliance warning to clarify that its Self-Regulatory Principles for Online Behavioral Advertising (OBA Principles) apply―not just to traditional HTTP cookies―but to other types of tracking technologies that enable the tracking of consumers across different platforms and devices.  

The compliance warning admonished companies developing and implementing

Last Friday, the FTC announced an agenda for its upcoming workshop, “Big Data: A Tool for Inclusion or Exclusion?” which will take place on Monday, Sept. 15, starting at 8:00 a.m.  As we’ve previously reported, the workshop will build on recent efforts by the FTC and other government agencies to understand how new technologies affect the economy, government, and society, and the implications on individual privacy.  In particular, while there has been much recognition for the value of big data in revolutionizing consumer services and generally enabling “non‐obvious, unexpectedly powerful uses” of information, there has been parallel focus on the extent to which practices and outcomes facilitated by big-data analytics could have discriminatory effects on protected communities.

The workshop will explore the use of big data and its impact on consumers, including low-income and underserved consumers, and will host the following panel discussions:

  • Assessing the Current Environment.  Examine current uses of big data in various contexts and how these uses impact consumers.
  • What’s on the Horizon with Big Data?  Explore potential uses of big data and possible benefits and harms for particular populations of consumers.
  • Surveying the Legal Landscape.  Review anti-discrimination and consumer-protection laws and discuss how they may apply to the use of big data, and whether there may be gaps in the law.
  • Mapping the Path Forward.  Consider best practices for the use of big data to protect consumers.

The FTC hopes that the workshop will build on the dialogue raised in its Spring Privacy Seminar Series held from February through May, which addressed mobile-device tracking, data brokers and predictive scoring, and consumer generated and controlled health data.  The workshop will convene academic experts, business representatives, industry leaders, and consumer advocates, and will be open to the general public. In advance of the workshop, the FTC has invited the public to file comments, reports, and original research on the proposed topics. The deadline to submit pre-workshop comments is August 15. Following the workshop on September 15, the comment period will remain open until October 15.

The workshop comes on the heels of the White House’s anticipated report on big data released in May, which outlined the administration’s priorities in protecting privacy and data security in an era of big data.  With an entire section dedicated to “Big Data and Discrimination,” the report warned that big data “could enable new forms of discrimination and predatory practices.”  Chiefly focusing on the use of information, the report showed concern about using data to discriminate against vulnerable groups.  Specifically, the report stated that “the ability to segment the population and to stratify consumer experiences so seamlessly as to be almost undetectable demands greater review, especially when it comes to the practice of differential pricing and other potentially discriminatory practices.” 
Continue Reading The FTC’s Agenda to Tackle Big Data and Discrimination

On May 14, a judge in the Northern District of California granted in part and dismissed in part four motions to dismiss filed by defendants in the consolidated class action, Opperman v. Path (No. 3:13-CV-00453-JST). The plaintiffs alleged that apps offered by a number of developers (“App Defendants”) accessed and uploaded information from plaintiffs’ mobile devices—including contact information—without plaintiffs’ knowledge or consent. The plaintiffs further alleged that, among other things, Apple had control over these apps, failed to exclude the apps from its App Store, and misrepresented that private information could not be accessed by third-party apps without the user’s express consent. The FTC made similar allegations last year when it claiming that Path deceived customers by collecting contact information from users’ mobile address books without notice and consent. Path settled these charges by entering into a consent decree in February 2013. 

Continue Reading Court Dismisses CFAA, ECPA, and Other Claims in Privacy Class Action Opperman v. Path

Last Thursday, the United States Court of Appeals for the Ninth Circuit affirmed dismissal of claims for violations of the Electronic Communications Privacy Act (“ECPA”), holding that the plaintiffs had failed to allege Facebook and Zynga disclosed the “contents” of a communication, a necessary element under the Act.

The court’s ruling applies to the consolidated cases In re Zynga Privacy Litig. and In re Facebook Privacy Litig., in which plaintiffs alleged that the social network and popular gaming company disclosed personally identifiable information to third parties.  

Continue Reading Ninth Circuit Holds Facebook IDs and URLS Not “Content” under ECPA

On Thursday, mobile messaging application Snapchat agreed to settle Federal Trade Commission (“FTC”) charges that it made false or misleading representations about the ephemeral nature of its messages, the collection of user information, and the nature of its security practices. The FTC Complaint alleges six counts, many of which demonstrate the Commission’s aggressive enforcement of the FTC Act in the mobile space.

According to the Complaint, the Snapchat app allows users to send and receive photo and video messages, or “snaps,” for a limited period of time. In marketing its app, Snapchat has stated that its snaps “disappear forever” after the limited time expires. The company has also said that it will notify senders in the event that a recipient manages to take a screenshot of the message prior to its disappearance. 

Continue Reading Snapchat Settles FTC Charges