5 24 11 online marketing privacy presentation
DESCRIPTION
Presentation by Pillsbury Privacy Group attorneys on current issues related to advertising and marketing online.TRANSCRIPT
Pillsbury Winthrop Shaw Pittman LLP
Online and Mobile Marketing:What’s Legal and What’s Not – a Transatlantic View
May 24, 2011Rafi Azim-Khan, Partner
Catherine Meyer, CounselJohn Nicholson, Counsel
2 | Online and Mobile Marketing
Disclaimer
THIS PRESENTATION DOES NOT CONSTITUTE, AND SHOULD NOT BE RELIED UPON AS, LEGAL ADVICE. YOU SHOULD CONSULT YOUR OWN COUNSEL REGARDING THE APPLICATION OF ANY OF THE LAWS DISCUSSED IN THIS PRESENTATION (OR OTHER LAWS) TO YOUR COMPANY, YOUR CLIENT, OR YOUR SPECIFIC CIRCUMSTANCES.
THANK YOU.
3 | Online and Mobile Marketing
Social Media – Key Themes
Tom Cruise in Minority Report
Advertisers’ Holy Grail
Internationally becoming a complex area
Within last few months - 3 new major developments in the UK/EU
US regulators and legislatures focus on geo-location, tracking and behavioral advertising
4 | Online and Mobile Marketing
Social Media – Key Questions to ask in 2011
Are you engaged in social media?
Is your company looking to adopt or update a corporate Facebookpage/Twitter account or other form of social media?
Is your company looking to interact with its customer base?
Has your company properly audited its social media activity in each key jurisdiction?
Has your company updated its internal controls, training etc.
Has your company updated its external policies, terms, notices and disclaimers?
5 | Online and Mobile Marketing
The Basics – Alternative Marketing Methods
“Old” MediaTelevision and radio commercialsPrint adsBrochuresArticles placed in publicationsAny other document or display that makes product claims, or displays a brand image, and that will be seen by customers
“New” MediaInternet ads, websitesBlog postsSocial network communications (Facebook, Twitter, etc.)Email messagesViral marketing, “street team” marketing
6 | Online and Mobile Marketing
Ongoing Developments in Data Security and Marketing Regulations
United States:
Greater regulatory attention to tracking and targeting consumers, including new attention to geotracking
New Do-Not-Track bills in the US
Renewed enforcement against text message advertising, SPAM, and testimonials
Children’s Online Privacy Protection Act under review; restrictions on marketing to children
Greater specificity in the data security measures required by state and federal regulations
6
7 | Online and Mobile Marketing
Ongoing Developments in Data Security and Marketing Regulations
United Kingdom:
Important changes regarding use of cookies in Europe – 26 May 2011
New UK web sheriff remit extension – 1 March 2011
Unfair Commercial Practices Directive/Misleading and Comparative Advertising Directive – recently introduced
US Company blind spot
Increased “on the spot” fines for UK watchdog
7
8 | Online and Mobile Marketing
26 May 2011 – Important Change –Using Cookies in Europe
Pre 26 May 2011 – website operator must tell website users how they use cookies and tell them how they can “opt out” if they object
From 26 May 2011 – cookies are “opt in” unless “strictly necessary”for a service requested by a user
narrow exception – apply to “add to basket” cookies only?not to monitor user preferences
Consent – likely to include (based on UK guidance):pop upschanges to terms and conditions which are notifiedbut take care!
9 | Online and Mobile Marketing
US Regulation of Advertising Remains Constant
Federal Trade Commission—Federal law
State Attorneys General—State laws on misrepresentation
Challenges at the National Advertising Division of the Council of Better Business Bureaus, Inc. (“NAD”)
Competitor or consumer litigation under Section 43(a) of the Lanham Act and state consumer protection statutes
Pre-clearing of television ads by the U.S. networks and broadcast authorities in other countries (e.g., UK)
10 | Online and Mobile Marketing
Policy Statements and Other Guidelines
In the UK – Committee of Advertising Practice Code – need to be aware of Advertising Standard Authority’s remit extension
The FTC has the most influence in establishing the “do’s and don’ts”in commercial advertising.
Over the years, the FTC has issued “Guides”, “Policy Statements”, and other instructive guidelines.
11 | Online and Mobile Marketing
FTC Guides, Policy Statements, and Other Guidelines
Examples of FTC Guides, Policy Statements, and other guidelines:
FTC Guides Concerning Use of Endorsements and Testimonials
FTC Guides Against Deceptive Pricing
FTC Guides Against Bait Advertising
FTC Guide Concerning Use of the Word “Free”
FTC Guides for the Use of Environmental Market Claims (Green Guides)
How to Comply With The Children’s Online Privacy Protection Rule
12 | Online and Mobile Marketing
EU - Unfair Commercial Practices Directive
Unfair commercial practices are prohibited3 categories of unfair commercial practice
31 always unfairmisleading action, omission or aggressive practicegenerally unfair – contrary to professional diligence and materially distorts economic behaviour
Outside scope:pufferyB to Blegitimate product placement, brand differentiationtaste and decencycontract
Criminal penalties – unlimited fines and 2 months imprisonment in the UK
13 | Online and Mobile Marketing
EU – Comparative and Misleading Advertising Directive
Rules much tougher than US approach
Particular pre-emptive substantiation requirements
Major recent shift in law EU-wide regarding claims for products/services where explicit or implied comparison made with a competitor
Numerous EU cases - gives competitors something to attack you with
14 | Online and Mobile Marketing
EU - Comparative Advertising
Take care when:naming your competitorsmaking price comparisonsmaking product comparisons
Potential for trade mark infringement, passing off, copyright infringement, defamation etc.
The Comparative Advertising Directivehonest practice?taking unfair advantage?detrimental?
Risks of fines and imprisonment
15 | Online and Mobile Marketing
1 March 2011 – Important Change –New Web Sheriff for Websites Targeting the UK
Pre-March 2011 – remit included ads in paid for spaceNow – Committee of Advertising Practice Code governs all marketing communications online
advertising must be legal, honest, decent, truthful etc
Applies to:company websitessocial media marketing communications in non-paid for space e.g. Facebook and Twitter
Advertising Standard Authority will take action against:.co.uk websites or if a company is registered in the UKany website which targets UK consumers which are not subject to regulation by an international equivalent of the ASA
Being a .com or a US based website will not save you!
16 | Online and Mobile Marketing
1 March 2011 – Important Change – ASA Policing All Marketing On Websites and Social Media
User Generated Content and Social Media – take care!will be caught if incorporated within an organisation’s own marketing communications (e.g. posted on homepage)message board moderated for harmful and offensive language only – maybe not?
Sanctionsusual ASA sanctions – uphold complaints (like an injunction), pre-vettingnaming and shaming on ASA websiteplacing of ads highlighting non compliancesearch engines agreed to remove ads which link to offending adsreference to the Office of Fair Trading - fines, injunctions
17 | Online and Mobile Marketing
US - Key Advertising Rules of Thumb
An advertiser must be able to support all reasonable interpretations of an ad—even ones that the advertiser did not intend to communicate.
The advertiser’s intent does not matter. What matters is what people reasonably heard or understood.
If market research determines that at least 20 percent of the viewers of an ad saw or heard a certain claim, the advertiser must be able to substantiate that claim.
18 | Online and Mobile Marketing
US Basics – Endorsements and Testimonials
An “endorsement” or “testimonial” purports to present the opinions, beliefs, findings or experience of someone other than the advertiser.
The product performance or results presented in a testimonial must be representative of the product performance that a typical customer would experience. “Results may vary” disclaimer likely no longer to be sufficient.
Any claim made by the endorser must be supportable by the advertiser with “reasonable basis” substantiation, as if made by the advertiser.
Any “material connection” between the advertiser and the endorser (not reasonably expected by the audience) must be disclosed.
If the endorser is a celebrity, no such disclosure is required because the public is assumed to know that celebrities are usually paid for their endorsements.
19 | Online and Mobile Marketing
US - Endorsements on social networks and blogs –FTC Guides apply
October 5, 2009 - FTC Guides on endorsements and testimonials have been updated to make clear that the requirements apply to advertising through third parties on social networks and blogs. 16 C.F.R. Part 255
When a blogger mentions a company or product in a blog, the blogger must disclose receiving any form of payment from the company.
This includes direct payment, “free” products, reimbursed travel expenses, etc. in exchange for the review.
Statements by a sponsored blogger must be supportable by the sponsoring company with “reasonable basis” substantiation.
Practice Point: Monitor comments posted on any sponsored blogs, social networks, etc., and take steps to stop incorrect comments.
20 | Online and Mobile Marketing
US - Behavioral Marketing, Targeted Ads
The practice of tracking consumers’ activities online—including searches a consumer has conducted, web pages visited, and content viewed—to facilitate advertising targeted to particular consumers.
The FTC is studying the practice closely. It is not happy with the current regime—lengthy and complex privacy policies, insufficient opt outs, etc. More regulation is expected by next summer.
The distinction between personally identifiable and non-personally identifiable information is no longer “a tenable distinction”.*
Possible requirement: A clickable icon that will show what data are being collected about a consumer, and who will be allowed to use that data, plus option to opt out from website collecting information for targeted advertising.
However, clickable icon may be impractical in mobile environment.* David Vladeck, FTC’s new head of consumer protection (as quoted in the New York Times, August 5, 2009).
21 | Online and Mobile Marketing
US – Behavioral Marketing – Deep Packet Inspection
What is Deep Packet Inspection?
Advertiser places a cookie or text file placed on an individual’s computer. The cookie monitors the computer user’s internet movement, products searched, compared, reviewed, purchased as well as sites visited, credit card usage, bank account usage, etc. The advertiser then “reads” the cookie to learn all the collected information which is used to target advertising to that computer.
22 | Online and Mobile Marketing
Deep Packet Inspection
US Statutes potentially violated by Deep Packet Inspection
Electronic Communications Privacy Act, 18 U.S.C. § 2510
Computer Fraud and Abuse Act, 18 U.S.C. § 1030
California’s Invasion of Privacy Act, California Penal Code § 630
California’s Computer Crime Law, California Penal Code § 502
23 | Online and Mobile Marketing
Proposed Do-Not-Track Legislation - State
California Senate Bill 761Introduced February 2011; first of its kind to pass out of committee“Covered Entity” cannot use “Covered Information” without disclosure of information collection, use, and storing practices and an opt-out“Covered Entity” is one doing business in California that collects, uses, or stores online data containing covered information from a consumer in California, but not government or person storing information on fewer than 15,000 or collect from fewer than 10,000 in 12 months“Covered Information” includes online activity or history, geolocation or computer identity, unique identifiers (e.g., IP address), personal information and sensitive (health, biometric) information, but excludes business information.Prohibits selling, sharing or transferring covered informationPenalty for willful violation: civil damages not less than $100 or greater than $1,000 per individual plus punitive damages, costs and attorneys fees. Creates potential for state-level “do not track” framework like current data breach notification framework
24 | Online and Mobile Marketing
Proposed Do-Not-Track Legislation - Federal
Rep. Speier (D-CA) proposes creating do-not-track registry similar to do-not-call list
Sen. Rockefeller (D-WV) proposes creating obligation for companies to honor users’ opt-out requests on Internet and mobile devices and giving FTC enforcement powers
After opt-out request, companies could only collect information on customer if absolutely necessary for site or service to functionMust be anonymized or destroyed after usefulness expiresStill subject to user consent
Reps. Markey (D-MA) and Barton (R-TX) propose amending COPPA to include:
Expansion of COPPA building on “verifiable parental consent” model“Digital Marketing Bill of Rights” for teensLimits on collection of geolocation info about both children and teensInternet “Eraser Button” similar to EU concept of “right to be forgotten”
25 | Online and Mobile Marketing
US - Email Marketing
CAN-SPAM restricts transmission of unsolicited commercial emails (UCEs)
“emails” has been interpreted broadly to include postings within social media environments
Obligates “sender” compliance
“Sender” includes transmitter and advertiser
Non-deceptive subject line and email body
“ADV:” in subject line
Physical address for contact
Link for “unsubscribe”
Honor “unsubscribes” within 10 days
26 | Online and Mobile Marketing
Unsolicited marketing messages to Europeans -Beware of E-Privacy Regulations
Consent required to send unsolicited electronic marketing message to individuals
Must be free, specific and informed
Can rely on “soft opt in” but beware:in the course of the sale or negotiationssimilar products/servicessimple means of opting out
Telephoneindividuals have the right to opt out of unsolicited callsbeware of automated calling systems – always opt in
Relevant enforcer in the UK can issue “on the spot” fines of up to £500K for serious breaches
27 | Online and Mobile Marketing
US - Unsolicited Text Message or Mobile Telephone Advertisements – Still Unlawful without Consent
Telephone Consumer Protection Act“ It shall be unlawful for any person within the United States, or any person outside the United States if the
recipient is within the United States—
(A) to make any call (other than a call made for emergency purposes or made with the prior expressconsent of the called party) using any automatic telephone dialing system or an artificial orprerecorded voice—
. . .(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call”
47 U.S.C. § 227(b)(1)(A)(iii) (emphasis added).
2003: FCC states that the TCPA’s prohibition “encompasses both voice calls and text calls to wireless numbers including, for example, short message service (SMS) calls . . . .” In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003)
2009: Ninth Circuit holds that text messages are “calls” under the TCPA. Satterfield v. Simon & Shuster
28 | Online and Mobile Marketing
Mobile Marketing – What Rules Apply?
Is it SPAM because it’s an email?
OR
Is it a text message because it is received on a mobile phone?
(Answer: both! Congress intended that CAN-SPAM would include messages sent to mobile devices. 15 USC §7712(b). FCC rules on TCPA encompass text messages and SMS transmissions. 18 FCC Rcd. 14014,14115)
29 | Online and Mobile Marketing
US - Marketing to Children
Updates to the Children’s Online Privacy Protection Act (COPPA)
FTC has held round-table workshops and solicited comments re: updating COPPA5/19/11 – FTC Director Bureau Consumer Protection testimony before Senate Committee on Commerce, Science and Transportation
Says little other than that FTC is reviewing COPPA and that additional legislation is not required (FTC’s existing authority is broad enough)Complexity of online environment makes COPPA challenging
30 | Online and Mobile Marketing
UK - Marketing to Children
CAP Code 5: The way in which children perceive and react to marketing communications is influenced by their age, experience and the context in which the message is delivered. Marketing communications that are acceptable for young teenagers will not necessarily be acceptable for younger children. The ASA will take those factors into account when assessing whether a marketing communication complies with the Code
Child is someone under 16
Rules relate to:harmcredulity and unfair pressuredirect exhortation and parental authoritypromotions
31 | Online and Mobile Marketing
US – State Restrictions on Marketing to Children
Child Registry Statutes
Utah and Michigan statutes (U.C.A. 1953 § 13-39-201 and M.C.L.A. 752.1065)
Established registries for minors
Unlawful to market to registered minors 30 days after registry
Michigan: email marketing
Utah: email, instant messaging or telephone
Covers marketing of any product or service that is illegal for a minor to buy, use, view, participate in, receive or possess, or which may be harmful to the minor
Emails with links to websites advertising alcohol may violate statutes
32 | Online and Mobile Marketing
US – Data Security Requirements
Federal
Fair and Accurate Credit Transactions Act (FACTA)
Identity Theft Red Flags Program
Written PlanStill pending for “creditors”
FACTA data destructionSocial Security Number and Consumer Report information must be shredded, burned or rendered unreadable
State
MassachusettsData security planEncryption of data in transit and on portable devices
NevadaEncryption of data in transit
ConnecticutPublished Social Security Number Policy
Data Security and Destruction
32
33 | Online and Mobile Marketing
US – Data Requiring Protection
Name and Social Security, Taxpayer ID number or driver’s license number
Name and financial account number
Consumer report information (Information that would be used for determining eligibility for credit, employment or insurance including mode of living, creditworthiness, credit standing, credit capacity, character, general reputation or personal characteristics)
Health/Medical information
33
34 | Online and Mobile Marketing
US - Data Security and Destruction
State Statutes: obligation to protect personal information of state residents against unauthorized access, destruction or misuse (9 states currently)obligation to destroy documents or data containing personal information of state residents (25 states currently)prohibition against public display or disclosure of Social Security Numbers (27 states currently)
Federal (FACTA):Consumer report information must be disposed of in a manner that renders it unreadableIncludes name and Social Security or Taxpayer ID number, financial account numberMay include other information to the extent that it indicates creditworthiness, mode of living, etc.
34
35 | Online and Mobile Marketing
EU - Data Security and Destruction
When building up databases of customer profiles important that you don’t overlook getting the basics on data handling/storage correct
Particularly important given there is a relatively new Information Commissioner with increased powers in place in the UK
High fine levels in other EU states (e.g. France)
36 | Online and Mobile Marketing
Key Take-Away Messages
Consider the legal landscape – including new 2011 rules and sanctions for non-compliance
Review websites and online and social media activities and campaigns
check which territories websites are aimed atcheck for compliance with EU Cookie Directive, UCPD, etc.
Consider marketing materials, activity and campaigns
Be able to substantiate any claim – need for due diligence
Consider competitor activity– any opportunity to object?
Consider internal controls and audit external policies/directives
Consult with expert counsel
37 | Online and Mobile Marketing
Presented by
Rafi Azim-Khan, Partner25 Old Broad Street, London, United Kingdom, EC2N 1HQ
+44.20.7847.9519
email: [email protected]
Catherine Meyer, Counsel725 South Figueroa Street, Suit 2800, Los Angeles, CA 90017-5406
+1.213.488.7362
email: [email protected]
John Nicholson, Counsel2300 N Street, NW Washington, DC 20037-1122
+1.202.663.8269
email: [email protected]