Facebook Marketing Legal and Regulatory ComplianceSocialize Toronto: Monetizing Social Media January 27, 2012 Presenters: Fazila Nurani, PrivaTech Consulting David M. Adler, Leavens Strand, Glover & Adler, LLC
Objectives• Understanding the legal framework and regulator outlook on Facebook in Canada and the U.S.• Key questions from participants.• New developments in Canada and the U.S.
Context • Facebook boasts over 800 million active users. • About 17 million Canadian and 150 million American “monthly active users” • Default privacy settings only changed by 15- 20% of users.
Canada’s Privacy Laws• Privacy laws apply to personal information collected, used and disclosed in the course of commercial activities.• Mix of federal and provincial laws: • Personal Information Protection and Electronic Documents Act, 2001– federally regulated businesses, and provinces without their own private sector privacy law. • B.C. Personal Information Protection Act, 2004 • Alberta Personal Information Protection Act, 2004 • Quebec Act Respecting the Protection of Personal Information in the Private Sector, 1994 • Health privacy laws: Alberta, Saskatchewan, Manitoba, Ontario, New Brunswick, Newfoundland
Social Media Court Cases in CanadaGeneral Trends:• Blurring the divide between public and private life.• The more friends/fans you have, the less the “expectation of privacy”.• Stretching the law to fit the social media context.• Focus on fairness.• Courts are turning to international cases for guidance.
Privacy in The United StatesGeneral Observations:• US: No Privacy Framework in place• FTC: Federal Agency Safeguarding Consumer Privacy• Internet’s “Implicit Bargain” = “Free” Content in exchange for Marketing• Online Behavioral Advertising (OBA)• Industry Self Regulation / “Do Not Track”
Social Media CasesConsumer Deception/Privacy Risks • Twitter (2010-2011) • First FTC Social Media Case • Charges: hackers gained unauthorized admin control • Result: • 20 yr ban on misleading consumers • Info Security Program subject to audit for 10 yrs
Social Media Cases, Cont.Consumer Deception/Privacy Risks • Facebook (2011) • Charges: deceived consumers about public availability of private info • Result: • Bar on misrepresenting privacy and security • Affirmative Consent Required for Privacy Overrides • 30 Day access limit for deleted accounts • Create & maintain comprehensive privacy program • Third-party audits every 2 yrs for next 20 yrs
Social Media Cases, Cont.Consumer Deception/Privacy Risks • Data Breach Notification Laws • Federal: Data Accountability and Trust Act (DATA) • State: • www.ncsl.org provides a comprehensive state-by-state list of data breach notification statutes • CA: Consumers can request copy of a Web Site’s Data Breach Notification Policy
New Developments and Path Forward• Ongoing class action lawsuit against Facebook launched in a Manitoba court claiming the social media site misled users into letting their personal information be sold for a profit.• December 6, 2011 – OPCC released Guidelines for online behavioural advertising.• Coming into force soon – Canada’s new anti-spam law, the Fighting Internet and Wireless Spam Act (“FISA”) • Opt-in model for commercial electronic messages. • New definitions for “family” and “personal” relationships may pose cost implications for social media marketers.
Privacy Trends in the U.S.• Federal Privacy Legislation • “Do Not Track” bill from Sen. John D Rockefeller (D-W.Va.) • “privacy bill of rights” from Sens. John McCain (R-Ariz.) and John Kerry (D-Mass.)• FTC Guidelines • Online Behavioral Advertising Principals • www.ftc.gov/os/2009/02/P085400behavadreport.pdf• Industry Initiatives • WOMMA http://womma.org/ethics/disclosure/
Questions…? Fazila Nurani, B.A.Sc.(E.Eng.), LL.B, CIPP/C Senior Counsel and Lead Trainer PrivaTech Consulting Phone: 1-905-886-0751 Fax: 1-905-886-9974 _____________David M. Adler | Leavens, Strand, Glover & Adler, LLC 203 North LaSalle Street, Suite 2550 Chicago, Illinois 60601 Direct: (866) 734-2568 Fax: (312) 275-7534 www.ecommerceattorney.com @adlerlaw firstname.lastname@example.org