CDAS Big Data & Privacy Bulletin 2/10/13

CDAS’s Digital Media Practice Group would like to share some key developments, articles and issues in the world of big data, targeted advertising and privacy law that we’ve been monitoring over the past couple of weeks:

F.T.C. Suggests Privacy Guidelines for Mobile Apps

The Federal Trade Commission has issued a non-binding staff report recommending ways to improve mobile privacy disclosures. The report, subtitled “Building Trust Through Transparency,” is designed to help address the “unique privacy challenges” presented by the rapid growth of the smartphone, mobile data, and app markets. The F.T.C. divides these challenges into three broad categories:

  1. Unprecedented amounts of data collection, which may be shared with third parties.
  2. The sprawling landscape in which a single mobile device can share data among many entities (wireless providers, mobile operating system providers, handset manufacturers, app developers, analytics companies and so on), leaving consumers confused.
  3. The ability of mobile devices to precisely track locations and track users’ movements over time.

In order to address these issues, the F.T.C. report makes a number of recommendations including the suggestion that the mobile industry should include do-not-track features in software and apps (perhaps through a “privacy dashboard” and easily recognizable icons indicating tracking) and take other steps to safeguard personal information. The report also emphasizes the importance of an accurate and easily accessible privacy policy.

It is likely that the F.T.C. will continue to step up enforcement of privacy violators across the marketing, web service and telecommunications industries. Social networking app Path recently settled with the F.T.C. over privacy violations related to COPPA, agreeing to pay a $800,000 fine.

You can read the report on the F.T.C. Website, or take a look at the New York Times’ coverage.

United States and E.U. Privacy Approaches Diverging

The New York Times recently published an article on the widening gulf between privacy laws and regulations in the United States and European Union. The E.U. has instituted a common directive enumerating certain fundamental rights (including the ability to retrieve records held by companies) not available to Americans. Proposed new rules would broaden privacy rights for Europeans further, and increase the burden on companies operating in the E.U. As the N.Y. Times piece states:

European Union members already have data protection laws in place, based on a directive from 1995 that laid out principles for the collection of personal information. The proposed new rules would strengthen some existing provisions. They would standardize data protections across the 27 member states. They would also provide some new rights, such as “data portability” – the right of consumers to easily transfer their text files, photographs and videos from one social network, or e-mail or cloud storage service, to another. And they would subject companies that violate the rules to penalties of up to 2 percent of their annual global revenue.

It is critical for all businesses operating in Europe, including U.S.-based web services providers and tech startups, to closely monitor these developments to ensure future compliance.

Facebook To Incorporate AdChoices Logo

After months of discussion with regulators and the advertising agency, Ad Age is reporting that Facebook will shortly begin displaying the blue AdChoices icon on its display ads served through its FBX ad exchange. The AdChoices icon, designed to help the targeted marketing industry self-regulate, is intended to provide enhanced notice to users of behavioral targeting and allow users to opt-out.

However, Facebook’s initiative may come under further scrutiny because the AdChoices logo will only appear when users mouse over the gray “x” displayed about the ads. This may not satisfy F.T.C. guidelines calling for “clear and prominent notice” when an advertisement is behaviorally targeted.

For further coverage, take a look at Peter Kafka’s piece, “Facebook Will Come Clean(er) About Its Retarged Ads,” on All Things Digital.

F.T.C. Amends COPPA, Revisions Effective July 1, 2013

As a reminder, the F.T.C. recently amended the Children’s Online Privacy Protection Act. The revisions broaden COPPA’s definition of “personal information” (which companies need explicit parental consent to capture) to include persistent identifiers (including cookies) that can recognize a user across different websites, in addition to user screen names, personal images, and geolocation data.

The revisions also create strict liability for sites that allow third parties to collect personal information from children under 13. This revision is of particular concern to sites that partner with third party ad networks to monetize user activity or place behavioral advertising. The F.T.C. has clarified, however, that the revisions do not extend liability to platforms such as Google Play or the Apple App Store.

The COPPA revisions become effective on July 1, 2013.

If you have any questions about this bulletin, please contact an attorney in the CDAS Digital Media Practice Group. CDAS Partners Eleanor M. Lackman and Joshua B. Sessler will present on Trending Topics in Data Collection and Targeted Marketing during Social Media Week. For more info, click here.