Your SlideShare is downloading. ×
0
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mobile Privacy & Litigation presented by Sedgwick at the #MobiU2013 Summit, 9/26 in Chicago

254

Published on

Privacy, particularly on location, is a huge area of concern for all major brands. The opportunity is so big that it’s hard to pass up use of consumer mobile data. But with so much at stake, you don’t …

Privacy, particularly on location, is a huge area of concern for all major brands. The opportunity is so big that it’s hard to pass up use of consumer mobile data. But with so much at stake, you don’t want to overplay your hand and get into a legal quagmire. Matthew will cover the latest in the every-changing legal landscape of mobile marketing. This information session covers (a) an overview of the legal framework affecting mobile marketing, (b) federal and state enforcement measures and expectations, (c) emerging issues in mobile privacy expectations, including location-based ads, (d) recent rulings and implications relative to the TCPA.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
254
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Produced by the Heartland Mobile Council MOBILE PRIVACY Rules of the Road Matthew Fischer, Partner, Sedgwick LLP @maf2190; @sedgwickllp Event hashtag #MobiU2013
  • 2. #MobiU2013, @maf2190 @sedgwickllp Mobile Legal Liability Issues Will Continue to Grow • 61% of local searches on a mobile phone result in a phone call. (Google, 2012) • 52% of all mobile ads result in a phone call. (xAd, 2012) • 9 out of 10 mobile searches lead to action, over half leading to purchase. (Search Engine Land, 2012) • Mobile coupons get 10x the redemption rate of traditional coupons. (Mobile Marketer, 2012) • Mobile marketing will account for 15.2% of global online ad spend by 2016. (Berg Insight, 2012)
  • 3. #MobiU2013, @maf2190 @sedgwickllp THE LEGAL LANDSCAPE • Myriad laws either explicitly or implicitly regulate particular channels of mobile marketing: • The FTC Act (Section 5) • State Unfair and Deceptive Practices Acts • State Privacy Laws • CAN-SPAM • TCPA and FCC regulations • Children’s Online Privacy Protection Act • HIPAA / HITECH • Computer Fraud and Abuse Act • Video Privacy Protection Act
  • 4. #MobiU2013, @maf2190 @sedgwickllp ENFORCEMENT
  • 5. #MobiU2013, @maf2190 @sedgwickllp THE SPOTLIGHT IS ON MOBILE PRIVACY • [Bullet1] • [Bullet2]
  • 6. #MobiU2013, @maf2190 @sedgwickllp FTC Act – Applies to Internet and Mobile • Section 5 of the FTC Act prohibits unfair or deceptive advertising in any medium. • Advertising is deceptive if likely to: • Mislead consumers (including omissions) and • Affect consumers’ behavior or decisions about the product or service
  • 7. #MobiU2013, @maf2190 @sedgwickllp FTC Framework • Privacy By Design • Build privacy protection into products and services at the outset • Don’t collect more data than needed or retain longer than needed • Ensure accuracy of data and provide reasonable security • Simplified Consumer Choice • Easy-to-use choice mechanisms that allow consumers to control whether their data is collected and how it is used. • The choice should occur immediately before or at time of collection • Reiterates support of a “Do-not-track” mechanism • Greater Transparency • Shorter standardized privacy policies that can be easily prepared • Reasonable access to data for consumers
  • 8. #MobiU2013, @maf2190 @sedgwickllp FTC Mobile Reports and Guidelines • FTC Guide: Marketing Your Mobile App (Sept. 5, 2012) • 3 Privacy Principles - mobile market is no different from the Internet • Disclose clearly and conspicuously • Comply with your privacy policy • FTC Report: Mobile Privacy Disclosures (Feb. 1, 2013) • Just-in-Time Disclosures • Privacy Dashboard • Icons • FTC report: .Com Disclosures (March 12, 2013) • Frame disclosures for mobile devices • Hyperlink disclosures • Limited ad space
  • 9. #MobiU2013, @maf2190 @sedgwickllp California at Forefront of Mobile Privacy • California Online Privacy Protection Act (Cal. OPPA) – July 2004 • Joint Statement of Principles (Feb. 2012) • California Mobile Privacy Protection Unit • AG Issues Non-Compliance Letters (Oct. 2012) • People of the State of California v. Delta Air Lines, Inc. (Dec. 2012) • Privacy On The Go (Jan. 2013)
  • 10. #MobiU2013, @maf2190 @sedgwickllp California Online Privacy Protection Act (Cal. Bus. & Prof. Code §§ 22575 -22579) • Applies to any company operating a web site or online service that collects PII through the Internet from a California resident • Nationwide in scope • Requires conspicuous posting of a “reasonably accessible” privacy policy • Privacy policy must detail • Kinds of information gathered • How the information may be shared with other parties • Process for user to review and change information (if such a process exists) • 30-day cure period after notice of non-compliance • Proposed amendment (Feb. 2013) - brevity and clarity
  • 11. #MobiU2013, @maf2190 @sedgwickllp Cal OPPA and Mobile Privacy • California AG announces “Joint Statement” of principles (Feb. 22, 2012) • Statement joined by 7 leading mobile platforms • Establishes 4 core privacy principles for mobile applications • Specific privacy notice and consent requirements • Adoption of privacy by design principles for app development • Process for reporting to app publishers’ non-compliance with privacy policies, terms of service or other applicable laws • Process for app publishers to respond to reports of non-compliance • Goals of fostering innovation, promoting transparency, and facilitating compliance with applicable privacy laws • Does not impose “legally binding obligations” on the Participants
  • 12. #MobiU2013, @maf2190 @sedgwickllp Cal Privacy Enforcement & Protection Unit • Cal AG forms new Privacy Enforcement & Protection Unit (July 19, 2012). Organized under the State’s new eCrime Unit • Charged with enforcement of laws relating to online privacy, health privacy, financial privacy, identity theft, government records, and data breaches • The eCrime Unit has six dedicated Prosecutors • Signals AG’s intent to prosecute data privacy violations • Non-compliance letters sent to 100 mobile app developers (Oct. 30, 2012) • Asserted mobile applications were not compliant with Cal OPPA • “An operator of a mobile application … that uses the Internet to collect PII is an ‘online service’ within the meaning of Cal OPPA” • Issued 30-day notice to comply
  • 13. #MobiU2013, @maf2190 @sedgwickllp State of California v. Delta Air Lines, Inc. • First enforcement action under Cal OPPA • “Fly Delta" app collects user's PII: full name, telephone #, email address, frequent flyer # and PIN code, photos, geo-location info • Contains no in-app privacy policy • Web site privacy policy does not cover app • Not reasonably accessible from the app • Does not disclose collection of geo-location info • AG alleges app downloaded “millions of times” at $2,500 per violation • Dismissed with prejudice (May 9, 2013)
  • 14. #MobiU2013, @maf2190 @sedgwickllp Children’s Online Privacy Protection Act • COPPA Amendments (July 1, 2013) Target Mobile Devices • Changes definition of PII • FTC offers companies a streamlined, voluntary and transparent approval process for new ways of getting parental consent • No disclosing data to third parties without parental consent • Applicability of COPPA to some third parties • Persistent identifiers now included
  • 15. #MobiU2013, @maf2190 @sedgwickllp CAN-SPAM Act (FCC Rules) • Under FCC Rules (47 C.F.R. § 64.3100), the Act applies to “mobile service commercial messages” (MSCMs) sent to wireless domain email addresses (e.g., mattfischer@verizonwireless.com) • Applies if sent to address that includes a domain name posted on the FCC’s wireless domain list available at http://www.fcc.gov. • FCC Rules differ from general opt-out requirements under CAN-SPAM • Recipient must provide prior express authorization (verbal or oral) • Authorization request must disclose that recipient may be charged by wireless service provider for receipt • Must provide users a means of opting out • Opt-out requests must be processed in 10 bus. days • FTC rules for standard emails apply to wireless emails
  • 16. “The conclusion is inescapable that these class actions exist for the benefit of the attorneys who are bringing them and not for the benefit of individuals who are truly aggrieved as a result of receiving the faxes.” West Concord 5–10 –1.00 Store, Inc. v. Interstate Mat Corp., 2013 WL 988621, *6 (Mass. Super. Ct. March 5, 2013) “Because plaintiffs may enforce the statute via class action and because a single advertisement is often faxed to hundreds—if not thousands—of phone numbers, suits under the Act present lucrative opportunities for plaintiffs’ firms.” Reliable Money Order, Inc. v. McKnight Sales Co., 704 F.3d 489, 491 (7th Cir. 2013) #MobiU2013, @maf2190 @sedgwickllp Do the Math
  • 17. #MobiU2013, @maf2190 @sedgwickllp Telephone Consumer Protection Act (TCPA) • 47 USC §227 and 47 CFR §64.1200 • Prohibits autodialed and prerecorded calls/text messages to cell phones • Judicially expanded to apply to texts • Satterfield v. Simon & Schuster, 569 F.3d 946 (9th Cir. 2009) • The Act does not restrict live, manually dialed calls • Established Business Relationship (EBR) for voice calls to residential numbers but not to wireless devices or for pre-recorded calls • Implemented and interpreted by the FCC • Enforced by the FCC, state Attorneys General, and private litigants
  • 18. #MobiU2013, @maf2190 @sedgwickllp TCPA Private Actions (§ 227(c)(3) & (c)(5)) • $500 per violation (per call, text message or fax) • Can be increased up to $1,500 for knowing or willful calls • No cap on the amount of damages • Strict liability statute • Lack of knowledge or intent is not a defense • For do-not-call violations only, defendant can avoid liability if it “has established and implemented, with due care, reasonable practices and procedures to effectively prevent telephone solicitations in violation of the regulations” • 14 cases filed in 2008 vs. 1,100 filed in 2012
  • 19. #MobiU2013, @maf2190 @sedgwickllp United States v. Dish Network (FCC-13-54A1 (May 9, 2013 Dec. Ruling)) • Sellers may be vicariously liable under federal common law agency principles for violations by telemarketers who initiate calls to market sellers’ products or services • A company can avoid TCPA liability for its “agent” by adequately supervising and controlling the conduct of the vendor • Under ruling, the only safe paths are: • being absolutely clean of any facts that might show an agency relationship, or • successfully policing the vendor
  • 20. #MobiU2013, @maf2190 @sedgwickllp TCPA Defenses • Prior express consent • What constitutes consent? • Recent cases: providing a cell phone number is consent to receive texts • Must the text relate to the reason for which the cell phone number was provided? • Must the text come from the company that obtained the number, not an affiliate? • Can consent be revoked? • No vicarious liability • Not an “automatic telephone dialing system” • Constitutional defenses • Class certification
  • 21. #MobiU2013, @maf2190 @sedgwickllp Protecting Against TCPA Liability • Add consent provisions to customer agreements • Later customer interactions • Online consent, automated phone systems, customer service scripts • Law unclear on how express the consent must be • Cell scrubbing services • Scrubbing programs can move cell numbers to non-autodialed queues • Definition of “manual dialing” is unclear • Actually dialing the number one digit at a time is manual • Preview dialing (where number appears on screen and representative clicks on number) is less clear • Add arbitration provisions to customer agreements
  • 22. #MobiU2013, @maf2190 @sedgwickllp TCPA Changes on the Horizon • Starting Oct. 16, 2013, telemarketers must obtain prior express written consent from consumers before calling their wireless phones with prerecorded telemarketing messages and before using an autodialer to call or text their wireless numbers with telemarketing messages
  • 23. #MobiU2013, @maf2190 @sedgwickllp Location Based Marketing • Generally, must get prior express consent to collect, use, store, and disclose location-based information. • Can’t contract away liability for noncompliance with the law. • Type of location info collected (with express opt-in) • Disclose how info is used • Updated disclosure if info will be used for a purpose other than for which it was collected and how to exercise choice about that use • Disclose with whom info is shared (third party service providers, affiliates, advertisers, social media networks, other third parties)
  • 24. #MobiU2013, @maf2190 @sedgwickllp What Does The Future Hold? • Mobile market is now treated no different from the Internet • Expect more state activity • Particular focus on mobile apps directed at children • Continued emergence of “guidelines” or “principles” for mobile app platforms and developers • Increased coordination between states, FTC, FCC and industry self-regulatory efforts • Federal legislation?
  • 25. #MobiU2013, @maf2190 @sedgwickllp Managing Your Mobile Marketing Liability • Provide clear and conspicuous notice • Choice • Do what you say and say what you do • Procure indemnity agreements from vendors • Customer Agreements • Be careful with your representations (FTEU) • Understand the medium being used to send text messages • Keep records of all opt-in and opt-out transmissions • Keep the consumer happy
  • 26. #MobiU2013, @maf2190 @sedgwickllp

×