This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
www.khlaw.comWashington, D.C. ● Brussels ● San Francisco ● Shanghai
PresentersSheila A. Millar is a Partner at Keller and Heckman and counsels corporate and association clients on a range of consumer protection regulatory and public policy matters. Ms. Millar advises clients on privacy and security policies and programs, data breach responses, data transfers and cloud computing. She also counsels clients on privacy and regulatory compliance aspects of promotions, social media policies, website terms and online sales. Noted for her expertise on children's issues, Ms. Millar has participated in Federal Trade Commission (FTC) workshops on children's privacy and advertising literacy.
Tracy P. Marshall is a Partner at Keller and Heckman LLP. She assists for-profit and non-profit clients with a range of business and regulatory matters. In the Internet, privacy, and advertising areas, Ms. Marshall provides counsel on e-commerce transactions and online promotions, privacy and data security policies and programs, and data breach management.
This presentation provides information about the law. Legal information is not the same as legal advice, which involves the application of law to an individual's specific circumstances. The interpretation and application of the law to an individual’s specific circumstance depend on many factors. This presentation is not intended to provide legal advice. The information provided in this presentation is drawn entirely from public information. The views expressed in this presentation are the authors’ alone and not those of the authors’clients.
Balancing benefits of online advertising and social media against privacy implications of collection, use, and sharing of data Managing legal obligations stemming from global privacy laws and best practices
Overview of Telemarketing Laws• Can’t abandon > 3% of calls answered by a person• Must transmit caller ID information when available• No autodialer or artificial or prerecorded voice calls to cell
phone, pager, etc. where party is charged • No prerecorded voice calls to residences without prior
express consent• No solicitations to residences before 8 a.m. or after 9
National Do-Not-Call registry jointly established by FCC and FTCCovers residential and personal wireless phone numbers; registration valid for five yearsProhibits telephone solicitations to numbers on the Do-Not-Call list, except • With prior express permission• By or on behalf of a tax-exempt non-profit• With an established business relationship (EBR)
47 U.S.C. § 227FCC enforcesPrivate Right of Action –numerous class action lawsuitsUp to $16,000 per violation/ messageUp to $500 per violation/ message for civil action
16 CFR Part 310FTC enforces, maintains “Do Not Call” registryNo Private Right of ActionUp to $16,000 in fines perviolation/message
TCPA - No fax ads without prior written consentEBR exception (unless recipient opted out)Covers both business and consumer linesFax must include• ID & phone number of originator• ID of fax broadcaster (if applicable)• Legal name of originator• Date & time sent• Opt-out mechanism and honor
Clear and conspicuous identification that the message is an advertisementAccurate and non-misleading header/subjectValid postal address for the “sender”• Who is a Sender? Any person who initiates a
commercial email message and whose product, service, or Internet web site is advertised or promoted by the message
Working online opt-out mechanism Honor opt-out requests within 10 business days
Communicate with customers about ordersConduct market research surveysCommunicate with employees/ former employees/ retirees about benefits, accounts, employee discounts, etc.Send press releases, etc. to shareholders
• In all cases, whether an email qualifies as transactional/ relationship depends on satisfaction of “primary purpose” test
“Refer-a-Friend” CampaignsRefer-a-friend emails sent with consideration or inducement are subject to CAN-SPAM Act• Consideration/ inducement includes money, coupons,
discounts, awards, additional sweepstakes entries
If email is sent by automatic technical process to an address provided by the forwarder, then it is a “routine conveyance” exempt from the Act
Cannot use child’s name as “sender” for refer-a-friend campaigns at kids sites
CAN-SPAM permits unsolicited communications as long as the basic requirements are followedElectronic Communications Privacy Directive (Directive 2002/58/EC) only permits electronic communications with the recipient’s consent• Consent can be obtained through website tick boxes,
but not pre-checked boxes• Established business relationship excepted• Affiliates treated like third parties• Opt-out mechanism required
Facebook, Inc. v. MaxBounty, Inc.(March 28, 2011)• Company used fake Facebook pages,
accounts, and applications to offer non-existent products/services
• Caused Facebook users to SPAM friends and/or use the data to sign-up for a host of subscription services
• Court found that messages sent by Facebook users to their friends’ walls, news feeds or home pages are “electronic mail messages” under the CAN-SPAM Act
FTC Self-Regulatory Principles for Online Behavioral Advertising• Coalition of major ad organizations• 7 Principles:
– Consumer education– Transparency– Consumer choice– Data security/ limited data retention– Consent for material changes to OBA practices– Limited collection of sensitive data– Accountability (enforcement/compliance)
Company misrepresented consumers’ability to opt-out of OBAAfter 10 days, company would place tracking cookies back on browsers and continue to serve targeted ads FTC alleged that opt-out mechanism was deceptive and violated FTC Act Section 5
Children’s Online Privacy Protection Act of 1998 (COPPA); FTC COPPA RuleApplies to the online collection of personal information from children under 13
Verifiable Parental ConsentOperator may not require a child to disclose more information than is reasonably necessary to participatePreempts inconsistent state laws
Can interface online directly with kids under some exceptions; permitted data collection very limited• One-time use – prompt deletion required• Multiple e-mails with notice to parents
Use care in refer-a-friend e-mailsVerifiable parental consent• Can use “e-mail plus” for internal marketing• No public postings
FCC and FTC to hold a forum this month on the use of smartphone location data for targeted ads and other purposesU.S. Senate held hearings on consumer privacy and the treatment of location data, focusing on Apple, Google, and Facebook
Alleged violations of privacy of iPhone, iPad and iTouch users by transmitting the devices’ unique identifiers to application developersAlleged that application developers Pandora, The New York Times Co., WebMD, Yelp, and Groupon illegally transmitted users’ personal data, including application use, to third party advertisers without consent
Social Media uses tools such as blogs, wikis, and social networking sites to connect people and build relationships with consumers “Getting to know” consumers has privacy implications
FTC Endorsement GuidesSubstantiate claimsEndorsement should reflect personal opinion, beliefs of endorserDisclose payments where necessaryDisclose “material connection” between advertiser and endorserDisclose expected results• “Results not typical” no longer
Social networking site users must opt in before the site can display information other than user's name and city of residence Social networking sites must permit users to set privacy settings as part of registration process and explain options in plain languageSocial networking sites must remove a user’s personal identifying information upon request (or upon a parent’s request, for users under age 18)
Website operators must get informed consentbefore using cookies and other technologies to store and retrieve information on users’computers• Previously companies had to disclose how cookies
were used and provide opt-out• ICO suggests obtaining consent through browser
settings, pop ups, terms and conditions
Exception: If “strictly necessary”for a service requested by the user
“Flash cookies,” or local shared objects, are ‘super cookies’ that never expire and are protected from deletion• Class action lawsuits in 2010 against Disney, Hulu,
Jib-Jab, and others“History sniffing” peeks into a user’s Internet visitation history to create a profile of the user• Several lawsuits in 2010 against Interclick,