Facebook Marketing Legal and Regulatory ComplianceSocialize Toronto: Monetizing Social Media January 27, 2012 Presenters: Fazila Nurani, PrivaTech Consulting David M. Adler, Leavens Strand, Glover & Adler, LLC
Objectives• Understanding the legal framework and regulator outlook on Facebook in Canada and the U.S.• Key questions from participants.• New developments in Canada and the U.S. Empowering Organizations to Minimize Privacy Risks
Context • Facebook boasts over 800 million active users. • About 17 million Canadian and 150 million American “monthly active users” • Default privacy settings only changed by 15- 20% of users.Empowering Organizations to Minimize Privacy Risks
Canada’s Privacy Laws• Privacy laws apply to personal information collected, used and disclosed in the course of commercial activities.• Mix of federal and provincial laws: • Personal Information Protection and Electronic Documents Act, 2001– federally regulated businesses, and provinces without their own private sector privacy law. • B.C. Personal Information Protection Act, 2004 • Alberta Personal Information Protection Act, 2004 • Quebec Act Respecting the Protection of Personal Information in the Private Sector, 1994 • Health privacy laws: Alberta, Saskatchewan, Manitoba, Ontario, New Brunswick, NewfoundlandEmpowering Organizations to Minimize Privacy Risks
Social Media Court Cases in CanadaGeneral Trends:• Blurring the divide between public and private life.• The more friends/fans you have, the less the “expectation of privacy”.• Stretching the law to fit the social media context.• Focus on fairness.• Courts are turning to international cases for guidance. Empowering Organizations to Minimize Privacy Risks
Privacy in The United StatesGeneral Observations:• US: No Privacy Framework in place• FTC: Federal Agency Safeguarding Consumer Privacy• Internet’s “Implicit Bargain” = “Free” Content in exchange for Marketing• Online Behavioral Advertising (OBA)• Industry Self Regulation / “Do Not Track” Empowering Organizations to Minimize Privacy Risks
Social Media CasesConsumer Deception/Privacy Risks • Twitter (2010-2011) • First FTC Social Media Case • Charges: hackers gained unauthorized admin control • Result: • 20 yr ban on misleading consumers • Info Security Program subject to audit for 10 yrs Empowering Organizations to Minimize Privacy Risks
Social Media Cases, Cont.Consumer Deception/Privacy Risks • Facebook (2011) • Charges: deceived consumers about public availability of private info • Result: • Bar on misrepresenting privacy and security • Affirmative Consent Required for Privacy Overrides • 30 Day access limit for deleted accounts • Create & maintain comprehensive privacy program • Third-party audits every 2 yrs for next 20 yrs Empowering Organizations to Minimize Privacy Risks
Social Media Cases, Cont.Consumer Deception/Privacy Risks • Data Breach Notification Laws • Federal: Data Accountability and Trust Act (DATA) • State: • www.ncsl.org • CA: Consumers can request copy of a Web Site’s Data Breach Notification Polcy Empowering Organizations to Minimize Privacy Risks
Participants – Top 3 QuestionsEmpowering Organizations to Minimize Privacy Risks
New Developments and Path Forward• Ongoing class action lawsuit against Facebook launched in a Manitoba court claiming the social media site misled users into letting their personal information be sold for a profit.• December 6, 2011 – OPCC released Guidelines for online behavioural advertising.• Coming into force soon – Canada’s new anti-spam law, the Fighting Internet and Wireless Spam Act (“FISA”) • Opt-in model for commercial electronic messages. • New definitions for “family” and “personal” relationships may pose cost implications for social media marketers.Empowering Organizations to Minimize Privacy Risks
Privacy Trends in the U.S.• Federal Privacy Legislation • “Do Not Track” bill from Sen. John D Rockefeller (D-W.Va.) • “privacy bill of rights” from Sens. John McCain (R- Ariz.) and John Kerry (D-Mass.)• FTC Guidelines • Online Behavioral Advertising Principals• Industry InitiativesEmpowering Organizations to Minimize Privacy Risks
Questions…? Fazila Nurani, B.A.Sc.(E.Eng.), LL.B, CIPP/C Senior Counsel and Lead Trainer PrivaTech Consulting Phone: 1-905-886-0751 Fax: 1-905-886-9974 _____________ David M. Adler Leavens, Strand, Glover & Adler, LLC 203 North LaSalle Street, Suite 2550 Chicago, Illinois 60601 Direct: (866) 734-2568 Fax: (312) 275-7534 www.ecommerceattorney.comEmpowering Organizations to Minimize Privacy Risks
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.