5 24 11 Online Marketing Privacy Presentation

Pillsbury Winthrop Shaw Pittman LLP

Online and Mobile Marketing:What’s Legal and What’s Not – a Transatlantic View

May 24, 2011Rafi Azim-Khan, Partner

Catherine Meyer, CounselJohn Nicholson, Counsel

2 | Online and Mobile Marketing

Disclaimer

THIS PRESENTATION DOES NOT CONSTITUTE, AND SHOULD NOT BE RELIED UPON AS, LEGAL ADVICE. YOU SHOULD CONSULT YOUR OWN COUNSEL REGARDING THE APPLICATION OF ANY OF THE LAWS DISCUSSED IN THIS PRESENTATION (OR OTHER LAWS) TO YOUR COMPANY, YOUR CLIENT, OR YOUR SPECIFIC CIRCUMSTANCES.

THANK YOU.


Social Media – Key Themes

Tom Cruise in Minority Report

Advertisers’ Holy Grail

Internationally becoming a complex area

Within last few months - 3 new major developments in the UK/EU

US regulators and legislatures focus on geo-location, tracking and behavioral advertising


Social Media – Key Questions to ask in 2011

Are you engaged in social media?

Is your company looking to adopt or update a corporate Facebookpage/Twitter account or other form of social media?

Is your company looking to interact with its customer base?

Has your company properly audited its social media activity in each key jurisdiction?

Has your company updated its internal controls, training etc.

Has your company updated its external policies, terms, notices and disclaimers?


The Basics – Alternative Marketing Methods

“Old” MediaTelevision and radio commercialsPrint adsBrochuresArticles placed in publicationsAny other document or display that makes product claims, or displays a brand image, and that will be seen by customers

“New” MediaInternet ads, websitesBlog postsSocial network communications (Facebook, Twitter, etc.)Email messagesViral marketing, “street team” marketing


Ongoing Developments in Data Security and Marketing Regulations

United States:

Greater regulatory attention to tracking and targeting consumers, including new attention to geotracking

New Do-Not-Track bills in the US

Renewed enforcement against text message advertising, SPAM, and testimonials

Children’s Online Privacy Protection Act under review; restrictions on marketing to children

Greater specificity in the data security measures required by state and federal regulations

6


Ongoing Developments in Data Security and Marketing Regulations

United Kingdom:

Important changes regarding use of cookies in Europe – 26 May 2011

New UK web sheriff remit extension – 1 March 2011

Unfair Commercial Practices Directive/Misleading and Comparative Advertising Directive – recently introduced

US Company blind spot

Increased “on the spot” fines for UK watchdog

7


26 May 2011 – Important Change –Using Cookies in Europe

Pre 26 May 2011 – website operator must tell website users how they use cookies and tell them how they can “opt out” if they object

From 26 May 2011 – cookies are “opt in” unless “strictly necessary”for a service requested by a user

narrow exception – apply to “add to basket” cookies only?not to monitor user preferences

Consent – likely to include (based on UK guidance):pop upschanges to terms and conditions which are notifiedbut take care!


US Regulation of Advertising Remains Constant

Federal Trade Commission—Federal law

State Attorneys General—State laws on misrepresentation

Challenges at the National Advertising Division of the Council of Better Business Bureaus, Inc. (“NAD”)

Competitor or consumer litigation under Section 43(a) of the Lanham Act and state consumer protection statutes

Pre-clearing of television ads by the U.S. networks and broadcast authorities in other countries (e.g., UK)


Policy Statements and Other Guidelines

In the UK – Committee of Advertising Practice Code – need to be aware of Advertising Standard Authority’s remit extension

The FTC has the most influence in establishing the “do’s and don’ts”in commercial advertising.

Over the years, the FTC has issued “Guides”, “Policy Statements”, and other instructive guidelines.


FTC Guides, Policy Statements, and Other Guidelines

Examples of FTC Guides, Policy Statements, and other guidelines:

FTC Guides Concerning Use of Endorsements and Testimonials

FTC Guides Against Deceptive Pricing

FTC Guides Against Bait Advertising

FTC Guide Concerning Use of the Word “Free”

FTC Guides for the Use of Environmental Market Claims (Green Guides)

How to Comply With The Children’s Online Privacy Protection Rule


EU - Unfair Commercial Practices Directive

Unfair commercial practices are prohibited3 categories of unfair commercial practice

31 always unfairmisleading action, omission or aggressive practicegenerally unfair – contrary to professional diligence and materially distorts economic behaviour

Outside scope:pufferyB to Blegitimate product placement, brand differentiationtaste and decencycontract

Criminal penalties – unlimited fines and 2 months imprisonment in the UK


EU – Comparative and Misleading Advertising Directive

Rules much tougher than US approach

Particular pre-emptive substantiation requirements

Major recent shift in law EU-wide regarding claims for products/services where explicit or implied comparison made with a competitor

Numerous EU cases - gives competitors something to attack you with


EU - Comparative Advertising

Take care when:naming your competitorsmaking price comparisonsmaking product comparisons

Potential for trade mark infringement, passing off, copyright infringement, defamation etc.

The Comparative Advertising Directivehonest practice?taking unfair advantage?detrimental?

Risks of fines and imprisonment


1 March 2011 – Important Change –New Web Sheriff for Websites Targeting the UK

Pre-March 2011 – remit included ads in paid for spaceNow – Committee of Advertising Practice Code governs all marketing communications online

advertising must be legal, honest, decent, truthful etc

Applies to:company websitessocial media marketing communications in non-paid for space e.g. Facebook and Twitter

Advertising Standard Authority will take action against:.co.uk websites or if a company is registered in the UKany website which targets UK consumers which are not subject to regulation by an international equivalent of the ASA

Being a .com or a US based website will not save you!


1 March 2011 – Important Change – ASA Policing All Marketing On Websites and Social Media

User Generated Content and Social Media – take care!will be caught if incorporated within an organisation’s own marketing communications (e.g. posted on homepage)message board moderated for harmful and offensive language only – maybe not?

Sanctionsusual ASA sanctions – uphold complaints (like an injunction), pre-vettingnaming and shaming on ASA websiteplacing of ads highlighting non compliancesearch engines agreed to remove ads which link to offending adsreference to the Office of Fair Trading - fines, injunctions


US - Key Advertising Rules of Thumb

An advertiser must be able to support all reasonable interpretations of an ad—even ones that the advertiser did not intend to communicate.

The advertiser’s intent does not matter. What matters is what people reasonably heard or understood.

If market research determines that at least 20 percent of the viewers of an ad saw or heard a certain claim, the advertiser must be able to substantiate that claim.


US Basics – Endorsements and Testimonials

An “endorsement” or “testimonial” purports to present the opinions, beliefs, findings or experience of someone other than the advertiser.

The product performance or results presented in a testimonial must be representative of the product performance that a typical customer would experience. “Results may vary” disclaimer likely no longer to be sufficient.

Any claim made by the endorser must be supportable by the advertiser with “reasonable basis” substantiation, as if made by the advertiser.

Any “material connection” between the advertiser and the endorser (not reasonably expected by the audience) must be disclosed.

If the endorser is a celebrity, no such disclosure is required because the public is assumed to know that celebrities are usually paid for their endorsements.


US - Endorsements on social networks and blogs –FTC Guides apply

October 5, 2009 - FTC Guides on endorsements and testimonials have been updated to make clear that the requirements apply to advertising through third parties on social networks and blogs. 16 C.F.R. Part 255

When a blogger mentions a company or product in a blog, the blogger must disclose receiving any form of payment from the company.

This includes direct payment, “free” products, reimbursed travel expenses, etc. in exchange for the review.

Statements by a sponsored blogger must be supportable by the sponsoring company with “reasonable basis” substantiation.

Practice Point: Monitor comments posted on any sponsored blogs, social networks, etc., and take steps to stop incorrect comments.


US - Behavioral Marketing, Targeted Ads

The practice of tracking consumers’ activities online—including searches a consumer has conducted, web pages visited, and content viewed—to facilitate advertising targeted to particular consumers.

The FTC is studying the practice closely. It is not happy with the current regime—lengthy and complex privacy policies, insufficient opt outs, etc. More regulation is expected by next summer.

The distinction between personally identifiable and non-personally identifiable information is no longer “a tenable distinction”.*

Possible requirement: A clickable icon that will show what data are being collected about a consumer, and who will be allowed to use that data, plus option to opt out from website collecting information for targeted advertising.

However, clickable icon may be impractical in mobile environment.* David Vladeck, FTC’s new head of consumer protection (as quoted in the New York Times, August 5, 2009).


US – Behavioral Marketing – Deep Packet Inspection

What is Deep Packet Inspection?

Advertiser places a cookie or text file placed on an individual’s computer. The cookie monitors the computer user’s internet movement, products searched, compared, reviewed, purchased as well as sites visited, credit card usage, bank account usage, etc. The advertiser then “reads” the cookie to learn all the collected information which is used to target advertising to that computer.


Deep Packet Inspection

US Statutes potentially violated by Deep Packet Inspection

Electronic Communications Privacy Act, 18 U.S.C. § 2510

Computer Fraud and Abuse Act, 18 U.S.C. § 1030

California’s Invasion of Privacy Act, California Penal Code § 630

California’s Computer Crime Law, California Penal Code § 502


Proposed Do-Not-Track Legislation - State

California Senate Bill 761Introduced February 2011; first of its kind to pass out of committee“Covered Entity” cannot use “Covered Information” without disclosure of information collection, use, and storing practices and an opt-out“Covered Entity” is one doing business in California that collects, uses, or stores online data containing covered information from a consumer in California, but not government or person storing information on fewer than 15,000 or collect from fewer than 10,000 in 12 months“Covered Information” includes online activity or history, geolocation or computer identity, unique identifiers (e.g., IP address), personal information and sensitive (health, biometric) information, but excludes business information.Prohibits selling, sharing or transferring covered informationPenalty for willful violation: civil damages not less than $100 or greater than $1,000 per individual plus punitive damages, costs and attorneys fees. Creates potential for state-level “do not track” framework like current data breach notification framework


Proposed Do-Not-Track Legislation - Federal

Rep. Speier (D-CA) proposes creating do-not-track registry similar to do-not-call list

Sen. Rockefeller (D-WV) proposes creating obligation for companies to honor users’ opt-out requests on Internet and mobile devices and giving FTC enforcement powers

After opt-out request, companies could only collect information on customer if absolutely necessary for site or service to functionMust be anonymized or destroyed after usefulness expiresStill subject to user consent

Reps. Markey (D-MA) and Barton (R-TX) propose amending COPPA to include:

Expansion of COPPA building on “verifiable parental consent” model“Digital Marketing Bill of Rights” for teensLimits on collection of geolocation info about both children and teensInternet “Eraser Button” similar to EU concept of “right to be forgotten”


US - Email Marketing

CAN-SPAM restricts transmission of unsolicited commercial emails (UCEs)

“emails” has been interpreted broadly to include postings within social media environments

Obligates “sender” compliance

“Sender” includes transmitter and advertiser

Non-deceptive subject line and email body

“ADV:” in subject line

Physical address for contact

Link for “unsubscribe”

Honor “unsubscribes” within 10 days


Unsolicited marketing messages to Europeans -Beware of E-Privacy Regulations

Consent required to send unsolicited electronic marketing message to individuals

Must be free, specific and informed

Can rely on “soft opt in” but beware:in the course of the sale or negotiationssimilar products/servicessimple means of opting out

Telephoneindividuals have the right to opt out of unsolicited callsbeware of automated calling systems – always opt in

Relevant enforcer in the UK can issue “on the spot” fines of up to £500K for serious breaches


US - Unsolicited Text Message or Mobile Telephone Advertisements – Still Unlawful without Consent

Telephone Consumer Protection Act“ It shall be unlawful for any person within the United States, or any person outside the United States if the

recipient is within the United States—

(A) to make any call (other than a call made for emergency purposes or made with the prior expressconsent of the called party) using any automatic telephone dialing system or an artificial orprerecorded voice—

. . .(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call”

47 U.S.C. § 227(b)(1)(A)(iii) (emphasis added).

2003: FCC states that the TCPA’s prohibition “encompasses both voice calls and text calls to wireless numbers including, for example, short message service (SMS) calls . . . .” In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003)

2009: Ninth Circuit holds that text messages are “calls” under the TCPA. Satterfield v. Simon & Shuster


Mobile Marketing – What Rules Apply?

Is it SPAM because it’s an email?

OR

Is it a text message because it is received on a mobile phone?

(Answer: both! Congress intended that CAN-SPAM would include messages sent to mobile devices. 15 USC §7712(b). FCC rules on TCPA encompass text messages and SMS transmissions. 18 FCC Rcd. 14014,14115)


US - Marketing to Children

Updates to the Children’s Online Privacy Protection Act (COPPA)

FTC has held round-table workshops and solicited comments re: updating COPPA5/19/11 – FTC Director Bureau Consumer Protection testimony before Senate Committee on Commerce, Science and Transportation

Says little other than that FTC is reviewing COPPA and that additional legislation is not required (FTC’s existing authority is broad enough)Complexity of online environment makes COPPA challenging


UK - Marketing to Children

CAP Code 5: The way in which children perceive and react to marketing communications is influenced by their age, experience and the context in which the message is delivered. Marketing communications that are acceptable for young teenagers will not necessarily be acceptable for younger children. The ASA will take those factors into account when assessing whether a marketing communication complies with the Code

Child is someone under 16

Rules relate to:harmcredulity and unfair pressuredirect exhortation and parental authoritypromotions


US – State Restrictions on Marketing to Children

Child Registry Statutes

Utah and Michigan statutes (U.C.A. 1953 § 13-39-201 and M.C.L.A. 752.1065)

Established registries for minors

Unlawful to market to registered minors 30 days after registry

Michigan: email marketing

Utah: email, instant messaging or telephone

Covers marketing of any product or service that is illegal for a minor to buy, use, view, participate in, receive or possess, or which may be harmful to the minor

Emails with links to websites advertising alcohol may violate statutes


US – Data Security Requirements

Federal

Fair and Accurate Credit Transactions Act (FACTA)

Identity Theft Red Flags Program

Written PlanStill pending for “creditors”

FACTA data destructionSocial Security Number and Consumer Report information must be shredded, burned or rendered unreadable

State

MassachusettsData security planEncryption of data in transit and on portable devices

NevadaEncryption of data in transit

ConnecticutPublished Social Security Number Policy

Data Security and Destruction

32


US – Data Requiring Protection

Name and Social Security, Taxpayer ID number or driver’s license number

Name and financial account number

Consumer report information (Information that would be used for determining eligibility for credit, employment or insurance including mode of living, creditworthiness, credit standing, credit capacity, character, general reputation or personal characteristics)

Health/Medical information

33


US - Data Security and Destruction

State Statutes: obligation to protect personal information of state residents against unauthorized access, destruction or misuse (9 states currently)obligation to destroy documents or data containing personal information of state residents (25 states currently)prohibition against public display or disclosure of Social Security Numbers (27 states currently)

Federal (FACTA):Consumer report information must be disposed of in a manner that renders it unreadableIncludes name and Social Security or Taxpayer ID number, financial account numberMay include other information to the extent that it indicates creditworthiness, mode of living, etc.

34


EU - Data Security and Destruction

When building up databases of customer profiles important that you don’t overlook getting the basics on data handling/storage correct

Particularly important given there is a relatively new Information Commissioner with increased powers in place in the UK

High fine levels in other EU states (e.g. France)


Key Take-Away Messages

Consider the legal landscape – including new 2011 rules and sanctions for non-compliance

Review websites and online and social media activities and campaigns

check which territories websites are aimed atcheck for compliance with EU Cookie Directive, UCPD, etc.

Consider marketing materials, activity and campaigns

Be able to substantiate any claim – need for due diligence

Consider competitor activity– any opportunity to object?

Consider internal controls and audit external policies/directives

Consult with expert counsel


Presented by

Rafi Azim-Khan, Partner25 Old Broad Street, London, United Kingdom, EC2N 1HQ

+44.20.7847.9519

email: [email protected]

Catherine Meyer, Counsel725 South Figueroa Street, Suit 2800, Los Angeles, CA 90017-5406

+1.213.488.7362


John Nicholson, Counsel2300 N Street, NW Washington, DC 20037-1122

+1.202.663.8269


mailto:[email protected]



Date post:	14-May-2015
Category:	Business
Upload:	jnicholson
View:	849 times
Download:	0 times