Posted on February 16, 2012 by Rosanne Kay

FCC Approves Order to Tighten Regulatory Treatment of Robocalls Under the Telephone Consumer Protection Act

This post was written by Judith L. Harris and Amy S. Mushahwar.

The Federal Communications Commission (FCC) acted today to tighten its rules under the Telephone Consumer Protection Act (TCPA) and conform them, to the extent possible, with the more stringent rules already in place at the Federal Trade Commission (FTC) under the Telephone Sales Rule (TSR). This change will hit hardest entities such as banks which are not subject to FTC jurisdiction, and do not have more stringent compliance programs already in place. Although the FCC’s order has not been released and no information is available yet as to the details of how the revised rules will operate and exactly to what calls they will apply, the following four points are clear:

1. Prior express WRITTEN consent will now be required before making any telemarketing robocall (using an autodialer or a prerecorded message) to a consumer; electronic signatures will be acceptable as evidence of written consent and this change will not apply to purely informational calls (“such as those related to school closings and flight changes.”);

2. The “established business relationship” will be eliminated as an exception to the prior written consent requirement that currently applies in the case of wireline calls;

3. An automated opt-out mechanism will have to be included in each robocall to facilitate a consumer’s ability to withdraw prior consent; and

4. The rules governing abandoned or “dead air” calls will be tightened, including through stricter time limits and by changing those limits to apply to each separate marketing campaign, rather than allowing the limits to be averaged over different calling campaigns, as is currently the case.

We are awaiting further details on exactly how these rules will be applied and when they will become effective. In the interim, please contact the authors of this article or the Reed Smith attorney with whom you normally work.
 

Tags: , , , , , , , , , , ,
Posted on January 25, 2012 by Greg Jacobs

Federal Trade Commission Announces Adjusted HSR Thresholds for 2012

This post was written by Debra H. Dermody, Gavin P. Eastgate and Michelle Mantine.

On January 24, 2012, the Federal Trade Commission announced the annual threshold adjustments for premerger filings under the Hart-Scott-Rodino Antitrust Improvements Act of 1976 (15 U.S.C. § 18a) (“HSR”). The new thresholds have increased the dollar amount required to trigger HSR notification with respect to both the size-of-transaction and size-of-person tests.

The revised HSR thresholds will apply to all transactions that close on or after the effective date, which is 30 calendar days following publication of the adjusted thresholds in the Federal Register. Publication will occur shortly, and the effective date will be in late February.  Click here to learn more about the Adjusted HSR Thresholds for 2012.
 

Tags: , , , ,
Posted on November 14, 2011 by Greg Jacobs

FTC's Consent Order with ScanScout: The Latest Progression with 'Flash Cookies' and Privacy

This post was written by Mark S. Melodia, Christopher G. Cwalina, Steven B. Roosa and Frederick Lah.

Online advertising network ScanScout, Inc. has agreed to settle the FTC's charges that it deceptively represented that users could opt out of receiving targeted ads by changing their Web browser settings to block and delete cookies. The consent decree stems from the FTC's charges that ScanScout's privacy policy did not adequately inform users about the use and management of Flash local shared objects, otherwise known as "Flash cookies", from being placed on their computers. This news is just the latest progression with the Flash cookie issue. In addition to the ongoing threat of Flash cookie-related litigation, companies should now be put on notice that the failure to properly disclose the use of Flash cookies can result in FTC enforcement. The following client alert provides more detail about the consent decree itself and lists some steps that every company with an online presence should take with regard to their use of Flash cookies and other data collection technologies. Please feel free to pass this along to any client who may find it relevant.

To view the entire alert, please click here.

Tags: , ,
Posted on May 31, 2011 by Rosanne Kay

FTC Seeks Public Comment For Revising the "Dot Com Disclosures"

Careful Consideration is Advised, as FTC's Guidance May Inform Federal and/or State Enforcement Actions

Comments Deadline: July 11, 2011

This post was written by Christopher G. Cwalina, Amy S. Mushahwar, and Frederick Lah.

The Federal Trade Commission ("FTC") seeks public comment, as it considers updating and reissuing "Dot Com Disclosures: Information about Online Advertising", its business guidance document for online marketers on how to provide clear and conspicuous disclosures to consumers.

In its request for comment, the FTC cites the dramatic changes in the online world since the guidance was originally published in 2000, particularly the emergence of mobile marketing, the "App" economy, the use of "pop-up blockers," and online social networking. (This recognition of mobile is particularly important in light of last week's letter by Senator Al Franken (D-MN) to Google (maker of the Android) and Apple (maker of the iPhone and iPad) asking that all mobile apps for their devices provide "clear and understandable privacy policies.")

Even though the "Dot Com Disclosures" are considered guidance and not formal regulations, the FTC has used its Dot Com Disclosures to inform Section 5 enforcement actions. For example, in a consent order with Advertising.com, Inc., the FTC required that Advertising.com's representations about its advertisements be made "clearly and prominently." The definition of "clearly and prominently" was cited almost verbatim to the definition of the term as it appears in the guidance. The FTC also cited to the guidance back in 2002 in response to a complaint brought by Commercial Alert against search engines like AOL and Microsoft for their allegedly misleading disclosures about the advertisements placed on search result lists. State courts have also cited the guidance. In 2009, a Texas court stated that in determining what constitutes deceptive conduct under Texas' Unfair Trade Practices Act, "they are to be guided by the interpretations of that term in the guidelines of the FTC" and found that those guidelines require that disclosures must be “clear and conspicuous” based on the placement of the disclosure on the webpage and its proximity to the other relevant information.

The FTC seeks comment from the industry on a number of issues. In the request for comment, the FTC provides a series of questions to help companies consider what type of revisions need to be made, such as:

  • What issues have been raised by new online technologies, Internet activities, or features that have emerged since the business guide was issued (e.g., mobile marketing, including screen size) that should be addressed in a revised guidance document?
  • What issues raised by new laws or regulations should be addressed in a revised guidance document?
  • What research or other information regarding the online marketplace, online advertising techniques, consumer online behavior, or the effectiveness of online disclosures should be considered in a revised guidance document?
  • What specific types of online disclosures, if any, raise unique issues that should be considered separately from general disclosure requirements?
  • What guidance in the original “Dot Com Disclosures” document is outdated or unnecessary?
  • What guidance in “Dot Com Disclosures” should be clarified, expanded, strengthened, or limited?
  • What issues relating to disclosures have arisen from multi-party selling arrangements in Internet commerce, such as (1) established online sellers providing a platform for other firms to market and sell their products online, (2) website operators being compensated for referring consumers to other Internet sites that offer products and services, and (3) other affiliate marketing arrangements?

Regardless of how the guidance is ultimately revised, the FTC will certainly continue to use this sort of guidance to inform its enforcement efforts. We recommend that companies carefully review the Dot Com Disclosure guidance and questions posed in the request for comment. Companies should analyze how any new guidance might affect their advertising practices and consider whether they should provide comments. July may seem like several weeks away, but because these issues are likely to impact advertising for multiple product lines within your company, we encourage you to begin an internal dialogue on this proceeding immediately.
Tags: , , , ,
Posted on May 26, 2011 by Greg Jacobs

Commissioner Brill Introduces Competition Analysis to Privacy Debate

This post was written by Paul Bond and Chris Cwalina.

In her new article, "The Intersection of Consumer Protection and Competition in the New World of Privacy," Federal Trade Commissioner Julie Brill cautions that the pursuit of privacy may conflict with the pursuit of a competitive market. Commissioner Brill's article, published in the Spring Edition of Competition Policy International, notes that the Federal Trade Commission's role is to protect consumers from many types of market failures. The FTC strives to protect consumers from unfair and deceptive information collection and use practices. But, at the same time, the FTC protects consumers from collusive and other anti-competitive behaviors. Commissioner Brill identifies a potentially problematic range of privacy enhancements which could, paradoxically, harm consumers by stifling competition. In this position, Commissioner Brill goes further than the FTC's preliminary white paper, "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers" (2010 Privacy Report).

For example, Commissioner Brill asserts that self-regulation to date has been "slow and inadequate". This mirrors criticisms in the 2010 Privacy Report. But Commissioner Brill goes on to posit that dominant companies can misuse privacy self-regulation to stifle market entry by new competitors. The Commissioner does not describe in any detail the manner in which such an anti-competitive plan would be carried out. Presumably, the cost in money or time of complying with the industry's self-regulation would prove prohibitive for fledgling businesses, while just a "cost of doing business" for better capitalized industry leaders. There may also be a concern that existing businesses, which already hold stockpiles of consumer information, would erect barriers to data collection which would affect new enterprises disproportionately.

Commissioner Brill also raises the competitive concern that privacy regulation not unfairly benefit new entrants. "Indeed," she recognizes, "some more established data brokers and other information firms believe it is much easier for their newer competitors to design privacy protections into their new business models and new forms of communications than it is to retrofit old systems to meet the realities of today's privacy concerns."

Until now, a strategic analysis of the competitive impact of privacy regulation has not been an FTC priority. Indeed, in her Article, Commissioner Brill notes that she writes only for herself, and is not reflecting the views of the Commission or the other Commissioners. Still, taken in conjunction with Commissioner Roach's recent opinion that the Google Buzz settlement may have been a strategic ploy by Google to create insurmountable regulatory barriers to entry, it is safe to say the FTC is increasingly wary of privacy regulation being misused for private ends. Advocates of self-regulation, as well as those seeking to advance or defeat governmental regulation, must be prepared to explain why their privacy regulation or self-regulation proposals are consistent with a vigorous free market. Advocates of industry self-regulation already know that the FTC has criticized efforts to date and here is another hurdle that must be addressed before self-regulation is deemed by the FTC to be robust enough and workable.

Given how extremely easy it is to transfer information as an asset between corporate forms, and from one area of the world to another, the prospect for strategic resistance to or abuse of privacy regulation by companies around the world is substantial. Commissioner Brill performs a service by injecting a note of economic realism into the ongoing debate about how information can and should be regulated in the 21st century.
 

Tags: , , , ,
Posted on May 6, 2011 by Rosanne Kay

Rep. Markey Releases a Kids Do Not Track Discussion Draft Bill

This post is written by John Feldman and Amy Mushahwar.

Bill Adds to the Web of Proposed Privacy Legislation and Contains Much More Than Kids Do Not Track

Today, Rep. Ed Markey (D-Mass.) circulated a discussion draft of his kids online do-not-track bill, co-sponsored by Joe Barton (R-Tex.) that proposes to make it illegal to use kids' or teens' information for targeted marketing and require parental consent for online tracking of the info. Both Congressmen co-chair the House Privacy Caucus and their kids' privacy bill will join other more generally-applicable privacy legislation pending in the 112th Congress by Representatives Cliff Stearns (R-Fl.), Fred Upton (R-Mich.), Jackie Speier (D-Calf.) and Bobby Rush (D-Ill.) and Senators John Kerry (D-Mass.) and John McCain (R.-Ariz.) with Senator Jay Rockefeller (D-W.Va.) promising to release a generally-applicable privacy bill containing Do Not Track provisions next week.

But, members of the privacy community were expecting this piece of proposed legislation. Markey had promised since late 2010 that the bill was coming. Specifically, the bill would update the Childrens' Online Privacy Protection Act of 1998 ("COPPA") provisions relating to the collection, use and disclosure of children's personal information. Further, it would establish protections for personal information of teens who were previously not addressed in COPPA at all.

Key provisions of the bill include:
Scope Updates: The bill would expand the scope of the definition of covered Internet operators to include online applications and the mobile web. The Federal Trade Commission ("FTC") would also be empowered with rulemaking authority to create more flexible definitions of operators that account for the development of new technology. The also expands the personal information protected to include IP Addresses, mobile SIMs or any other computer or other device identifying numbers.

Privacy Policies/Disclosure: The bill would require online companies to explain the types of personal information collected, how that information is used and disclosed, and the policies for collection of personal information.

Further Parental Choice: In addition to keeping the existing requirements for online companies to obtain parental consent for collection of childrens' personal information, the bill also includes provisions requiring companies to provide parents access to the information collected about their child and the opportunity to opt-out of further use of maintenance of their child's data.

Targeted Marketing Prohibitions for Kids & Minors: Website operators and other online providers would be prohibited from knowingly collecting personal information for behavioral marketing purposes from children and minors. The FTC would be required to issue regulations within one year of the bill's passage.

Digital Marketing Bill of Rights for Teens & Fair Information Practices Principles: This section incorporates the Fair Information Practice Principles ("FIPPs") concept that was in the Department of Commerce's Privacy Green Paper. Under this proposed bill, website operators and other online providers are prohibited from collecting personal information from any minors, unless they adopt a Digital Marketing Bill of Rights for Teens. Such a bill of rights or FIPPs must include provisions regarding data: collection, quality, purpose specification, use limitations, security, use transparency, access and correction.

Geolocation Information Collection of Kids and Minors: Website operators and service providers must establish procedures for notice and choice regarding geolocation information. In the case of information collection from children, an operator/provider must obtain verifiable parental consent before this information would be collected, in most cases.

Eraser Button: Website operators must create an "Erase Button" for parents and children by requiring companies to permit users to eliminate publicly available personal information content when technologically feasible. (Such a provision, however, could lead parents and children into a false sense of security on the web. With multiple outlets for data cashing, it is difficult to wholly erase data on the web.)

Expansion of FTC Jurisdiction to Telecom: In keeping with the Kerry bill, the Markey bill also seeks to expand FTC jurisdiction to telecommunications carriers.

We will be carefully evaluating these provisions while this bill pends, but we can readily identify that complications are likely to arise for marketing to young adults. For example, teens are far more likely to lie when faced with traditional age screens. So, even though the statute contains a 'knowing' information collection requirement, to what degree would marketers be required 'fortify' their existing age screens to account for teens? If more stringent age screens must be employed, will the more tedious screens reduce marketing to adults, too?

If this bill advances on the Hill, please lookout for upcoming privacy bill updates from our team.
 
Tags: , , ,
Posted on May 3, 2011 by Rosanne Kay

Reed Smith Attorney Talks McCain-Kerry Bill

Reed Smith Attorney Amy Mushahwar was recently interviewed by IT Business Edge on the McCain-Kerry Bill. According to Amy, "if enacted, the bill would expand the Federal Trade Commission’s jurisdiction to include telecommunications companies for privacy matters. Typically, telecom companies would not be within the FTC’s jurisdiction." To see the complete interview, please click here.

Tags: , , , ,
Posted on April 1, 2011 by Rosanne Kay

FTC and Google - Proposed Settlement Over "Buzz"

This post was written by Christopher G. Cwalina, Amy S. Mushahwar, and Frederick Lah.

Google, Inc. agreed to a proposed consent order over charges that it used deceptive tactics and violated its privacy promises to consumers when it launched its social network, Google Buzz. The Agency alleged in its Complaint that Google's information practices violated Section 5 of the FTC Act.

As background, in February 2010, Google launched Buzz, a social networking service within Gmail, its web-based email product. Google used the information of Gmail users, including first and last name and email contacts, to populate the social network. Gmail users were, in many instances, automatically set up with “followers” (people that followed the user or people that the user followed). According to the FTC's Complaint, even if a user did not enroll in Buzz, the user's information was shared in a number of ways (e.g., a user who did not enroll in Buzz could still be followed by other Gmail users who enrolled in Buzz). The FTC also alleges that the setup process for Gmail users who enrolled in Buzz did not adequately communicate that certain previously private information would be shared publicly by default. Further, the FTC alleges that certain personal information of Gmail users was shared without consumers' permission through Buzz (e.g., some information was searchable on the Internet and could be indexed by Internet search engines).

Part I of the proposed consent order prohibits Google from misrepresenting the privacy and confidentiality of any “covered information,” as well as the company’s compliance with its other any privacy and security program, including the U.S.-EU Safe Harbor Framework. The term "covered information" is defined very broadly to include an individual's first and last name, physical address, email address, screen name, persistent identifier (e.g., IP address), list of contacts, and physical location. The FTC noted in its press release [http://www.ftc.gov/opa/2011/03/google.shtm] that this is the first time it has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework.

Part II of the proposed consent order requires Google to give its users a "clear and prominent" notice and choice. Under the terms of the proposed consent order, Google must obtain express affirmative consent before sharing any user's covered information with a third party in connection with: (1) a change, addition or enhancement to any product or service, (2) where such sharing is contrary to stated sharing practices in effect at the time the information was collected. The proposed opt-in disclosure must appear separately from any end user license agreement, privacy policy, website terms of use or similar document and prominently disclose: (1) that the Google user’s information will be disclosed to one or more third parties, (2) the identity or specific categories of such third parties, and (3) the purpose(s) for Google’s sharing of the information.

Part III of the proposed order requires Google to establish and maintain a comprehensive privacy program that is reasonably designed to address privacy risks related to the development and management of new and existing products and services. The program must be documented in writing and must contain privacy controls appropriate to Google’s size and complexity, the nature and scope of its activities, and the sensitivity of covered information. Part IV through IX of the proposed order contain reporting and compliance provisions, including obtaining ongoing biennial assessments from a qualified third-party professional about Google's privacy practices, requiring that Google retain consumer complaints for a period of six months, and mandating that Google submit an initial compliance report to the FTC and make available to the FTC subsequent reports. If finalized, the proposed consent order would remain in effect (with ongoing compliance requirements) for twenty years.

Commissioner Rosch, in a concurring statement, expressed "substantial reservations" about Part II. He said that Google never intended in its original Privacy Policy that the consent it would seek would was "opt-in" (as opposed to "opt-out"), and that such a requirement was "brand new". Also, Commissioner Rosch made note of the fact that the proposed consent order seems to apply to "any" new or additional sharing of previously collected personal information, not just any "material" new or additional sharing of information.

The proposed consent order will be placed on the public record for thirty days until May 2, 2011 for public comment. After thirty days, the Commission will consider comments and decide whether to make the proposed consent order final. Bottom line, this case should serve as a reminder that companies must align their business practices with the promises contained in their Privacy Policies.
Tags: , , , , , , , ,
Posted on March 10, 2011 by Rosanne Kay

FTC Brings Enforcement Action against Text Messaging Spammer

This post was written by Kevin Xu and John Hines.

On February 22, 2011, the Federal Trade Commission (“FTC”) filed a complaint against Phillip A. Flora (“Flora”) for an operation that allegedly blasted consumers with millions of illegal spam text messages, including many messages that deceptively advertised a mortgage modification website called “Loanmod-gov.net.” The FTC is asking the court to shut down Flora’s operation and freeze his assets.

According to the FTC complaint, beginning on or about August 22, 2009, Flora transmitted or arranged for the transmission of at least 5 million spam text messages to random consumers. The text messages promoted products and services, including, but not limited to, loan modification programs and debt relief services. The text messages offered to help consumers obtain mortgage loan modifications and many of the messages state: “Homeowners, we can lower your mortgage payment by doing a Loan Modification. Late on payments OK. No equity OK. May we please give you a call? Loanmod-gov.net.” Consumers who visited this web address arrived at a website that touted itself as the “Official Home Loan Modification and Audit Assistance Information” beneath a picture of the U.S. flag. This website, although it included the term “gov” in its address, was not operated by or affiliated with any governmental entity. Additionally, Flora allegedly collected information from consumers who responded to text messages – even those asking him to stop sending messages – and sold their contact information to marketers claiming they were “debt settlement leads.”

The FTC charges that Flora violated the Section 5(a) of the FTC Act, which prohibits unfair or deceptive acts or practices in or affecting commerce, by sending unsolicited commercial text messages to consumers, and by misrepresenting that he was affiliated with a government agency. In addition, the FTC charges that Flora violated the CAN-SPAM Act by sending consumers spam text messages that failed to include a way for consumers to “opt-out” of future messages and failed to include the physical mailing address of the sender, as required by the CAN-SPAM Act.

The outcome of this case, which we note is being brought by the FTC and not the FCC, may have a significant impact on consumer data privacy rights in the mobile communications sector, and may serve as a watershed case for consumers’ potential recourses in future privacy violation situations arising from mobile communications.

Tags: , , , ,
Posted on December 21, 2010 by Rosanne Kay

Department of Commerce Privacy Green Paper -- Detailed Digest

This post was written by Amy Mushahwar.

As promised in our teleseminar last week, we have digested the Department of Commerce Privacy green paper, entitled, "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework". The green paper will kick start an ongoing discussion of privacy and we encourage organizations to undertake some cost-benefit analysis now for the best outcome in 2011. Time is of the essence and comments to this green paper are due on January 28, 2011. To learn more about this important release, please read our recent client alert.

Tags: , , , , , ,