5 24 11 Online Marketing Privacy Presentation


Published on

Presentation by Pillsbury Privacy Group attorneys on current issues related to advertising and marketing online.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

5 24 11 Online Marketing Privacy Presentation

  1. 1. Online and Mobile Marketing:What’s Legal and What’s Not – a Transatlantic ViewMay 24, 2011 Rafi Azim-Khan, Partner Catherine Meyer, Counsel John Nicholson, CounselPillsbury Winthrop Shaw Pittman LLP
  3. 3. Social Media – Key Themes Tom Cruise in Minority Report Advertisers’ Holy Grail Internationally becoming a complex area Within last few months - 3 new major developments in the UK/EU US regulators and legislatures focus on geo-location, tracking and behavioral advertising3 | Online and Mobile Marketing
  4. 4. Social Media – Key Questions to ask in 2011 Are you engaged in social media? Is your company looking to adopt or update a corporate Facebook page/Twitter account or other form of social media? Is your company looking to interact with its customer base? Has your company properly audited its social media activity in each key jurisdiction? Has your company updated its internal controls, training etc. Has your company updated its external policies, terms, notices and disclaimers?4 | Online and Mobile Marketing
  5. 5. The Basics – Alternative Marketing Methods “Old” Media Television and radio commercials Print ads Brochures Articles placed in publications Any other document or display that makes product claims, or displays a brand image, and that will be seen by customers “New” Media Internet ads, websites Blog posts Social network communications (Facebook, Twitter, etc.) Email messages Viral marketing, “street team” marketing5 | Online and Mobile Marketing
  6. 6. Ongoing Developments in Data Security and Marketing Regulations United States: Greater regulatory attention to tracking and targeting consumers, including new attention to geotracking New Do-Not-Track bills in the US Renewed enforcement against text message advertising, SPAM, and testimonials Children’s Online Privacy Protection Act under review; restrictions on marketing to children Greater specificity in the data security measures required by state and federal regulations 66 | Online and Mobile Marketing
  7. 7. Ongoing Developments in Data Security and Marketing Regulations United Kingdom: Important changes regarding use of cookies in Europe – 26 May 2011 New UK web sheriff remit extension – 1 March 2011 Unfair Commercial Practices Directive/Misleading and Comparative Advertising Directive – recently introduced US Company blind spot Increased “on the spot” fines for UK watchdog 77 | Online and Mobile Marketing
  8. 8. 26 May 2011 – Important Change –Using Cookies in Europe Pre 26 May 2011 – website operator must tell website users how they use cookies and tell them how they can “opt out” if they object From 26 May 2011 – cookies are “opt in” unless “strictly necessary” for a service requested by a user narrow exception – apply to “add to basket” cookies only? not to monitor user preferences Consent – likely to include (based on UK guidance): pop ups changes to terms and conditions which are notified but take care!8 | Online and Mobile Marketing
  9. 9. US Regulation of Advertising Remains Constant Federal Trade Commission—Federal law State Attorneys General—State laws on misrepresentation Challenges at the National Advertising Division of the Council of Better Business Bureaus, Inc. (“NAD”) Competitor or consumer litigation under Section 43(a) of the Lanham Act and state consumer protection statutes Pre-clearing of television ads by the U.S. networks and broadcast authorities in other countries (e.g., UK)9 | Online and Mobile Marketing
  10. 10. Policy Statements and Other Guidelines In the UK – Committee of Advertising Practice Code – need to be aware of Advertising Standard Authority’s remit extension The FTC has the most influence in establishing the “do’s and don’ts” in commercial advertising. Over the years, the FTC has issued “Guides”, “Policy Statements”, and other instructive guidelines.10 | Online and Mobile Marketing
  11. 11. FTC Guides, Policy Statements,and Other GuidelinesExamples of FTC Guides, Policy Statements, and other guidelines: FTC Guides Concerning Use of Endorsements and Testimonials FTC Guides Against Deceptive Pricing FTC Guides Against Bait Advertising FTC Guide Concerning Use of the Word “Free” FTC Guides for the Use of Environmental Market Claims (Green Guides) How to Comply With The Children’s Online Privacy Protection Rule11 | Online and Mobile Marketing
  12. 12. EU - Unfair Commercial Practices Directive Unfair commercial practices are prohibited 3 categories of unfair commercial practice 31 always unfair misleading action, omission or aggressive practice generally unfair – contrary to professional diligence and materially distorts economic behaviour Outside scope: puffery B to B legitimate product placement, brand differentiation taste and decency contract Criminal penalties – unlimited fines and 2 months imprisonment in the UK12 | Online and Mobile Marketing
  13. 13. EU – Comparative and MisleadingAdvertising Directive Rules much tougher than US approach Particular pre-emptive substantiation requirements Major recent shift in law EU-wide regarding claims for products/services where explicit or implied comparison made with a competitor Numerous EU cases - gives competitors something to attack you with13 | Online and Mobile Marketing
  14. 14. EU - Comparative Advertising Take care when: naming your competitors making price comparisons making product comparisons Potential for trade mark infringement, passing off, copyright infringement, defamation etc. The Comparative Advertising Directive honest practice? taking unfair advantage? detrimental? Risks of fines and imprisonment14 | Online and Mobile Marketing
  15. 15. 1 March 2011 – Important Change –New Web Sheriff for Websites Targeting the UK Pre-March 2011 – remit included ads in paid for space Now – Committee of Advertising Practice Code governs all marketing communications online advertising must be legal, honest, decent, truthful etc Applies to: company websites social media marketing communications in non-paid for space e.g. Facebook and Twitter Advertising Standard Authority will take action against: .co.uk websites or if a company is registered in the UK any website which targets UK consumers which are not subject to regulation by an international equivalent of the ASA Being a .com or a US based website will not save you!15 | Online and Mobile Marketing
  16. 16. 1 March 2011 – Important Change – ASA PolicingAll Marketing On Websites and Social Media User Generated Content and Social Media – take care! will be caught if incorporated within an organisation’s own marketing communications (e.g. posted on homepage) message board moderated for harmful and offensive language only – maybe not? Sanctions usual ASA sanctions – uphold complaints (like an injunction), pre-vetting naming and shaming on ASA website placing of ads highlighting non compliance search engines agreed to remove ads which link to offending ads reference to the Office of Fair Trading - fines, injunctions16 | Online and Mobile Marketing
  17. 17. US - Key Advertising Rules of Thumb An advertiser must be able to support all reasonable interpretations of an ad—even ones that the advertiser did not intend to communicate. The advertiser’s intent does not matter. What matters is what people reasonably heard or understood. If market research determines that at least 20 percent of the viewers of an ad saw or heard a certain claim, the advertiser must be able to substantiate that claim.17 | Online and Mobile Marketing
  18. 18. US Basics – Endorsements and Testimonials An “endorsement” or “testimonial” purports to present the opinions, beliefs, findings or experience of someone other than the advertiser. The product performance or results presented in a testimonial must be representative of the product performance that a typical customer would experience. “Results may vary” disclaimer likely no longer to be sufficient. Any claim made by the endorser must be supportable by the advertiser with “reasonable basis” substantiation, as if made by the advertiser. Any “material connection” between the advertiser and the endorser (not reasonably expected by the audience) must be disclosed. If the endorser is a celebrity, no such disclosure is required because the public is assumed to know that celebrities are usually paid for their endorsements.18 | Online and Mobile Marketing
  19. 19. US - Endorsements on social networks and blogs –FTC Guides apply October 5, 2009 - FTC Guides on endorsements and testimonials have been updated to make clear that the requirements apply to advertising through third parties on social networks and blogs. 16 C.F.R. Part 255 When a blogger mentions a company or product in a blog, the blogger must disclose receiving any form of payment from the company. This includes direct payment, “free” products, reimbursed travel expenses, etc. in exchange for the review. Statements by a sponsored blogger must be supportable by the sponsoring company with “reasonable basis” substantiation. Practice Point: Monitor comments posted on any sponsored blogs, social networks, etc., and take steps to stop incorrect comments.19 | Online and Mobile Marketing
  20. 20. US - Behavioral Marketing, Targeted Ads The practice of tracking consumers’ activities online—including searches a consumer has conducted, web pages visited, and content viewed—to facilitate advertising targeted to particular consumers. The FTC is studying the practice closely. It is not happy with the current regime—lengthy and complex privacy policies, insufficient opt outs, etc. More regulation is expected by next summer. The distinction between personally identifiable and non-personally identifiable information is no longer “a tenable distinction”.* Possible requirement: A clickable icon that will show what data are being collected about a consumer, and who will be allowed to use that data, plus option to opt out from website collecting information for targeted advertising. However, clickable icon may be impractical in mobile environment.* David Vladeck, FTC’s new head of consumer protection (as quoted in the New York Times, August 5, 2009).20 | Online and Mobile Marketing
  21. 21. US – Behavioral Marketing – Deep Packet InspectionWhat is Deep Packet Inspection?Advertiser places a cookie or text file placed on an individual’s computer.The cookie monitors the computer user’s internet movement, productssearched, compared, reviewed, purchased as well as sites visited, creditcard usage, bank account usage, etc. The advertiser then “reads” thecookie to learn all the collected information which is used to targetadvertising to that computer.21 | Online and Mobile Marketing
  22. 22. Deep Packet Inspection US Statutes potentially violated by Deep Packet Inspection Electronic Communications Privacy Act, 18 U.S.C. § 2510 Computer Fraud and Abuse Act, 18 U.S.C. § 1030 California’s Invasion of Privacy Act, California Penal Code § 630 California’s Computer Crime Law, California Penal Code § 50222 | Online and Mobile Marketing
  23. 23. Proposed Do-Not-Track Legislation - State California Senate Bill 761 Introduced February 2011; first of its kind to pass out of committee “Covered Entity” cannot use “Covered Information” without disclosure of information collection, use, and storing practices and an opt-out “Covered Entity” is one doing business in California that collects, uses, or stores online data containing covered information from a consumer in California, but not government or person storing information on fewer than 15,000 or collect from fewer than 10,000 in 12 months “Covered Information” includes online activity or history, geolocation or computer identity, unique identifiers (e.g., IP address), personal information and sensitive (health, biometric) information, but excludes business information. Prohibits selling, sharing or transferring covered information Penalty for willful violation: civil damages not less than $100 or greater than $1,000 per individual plus punitive damages, costs and attorneys fees. Creates potential for state-level “do not track” framework like current data breach notification framework23 | Online and Mobile Marketing
  24. 24. Proposed Do-Not-Track Legislation - Federal Rep. Speier (D-CA) proposes creating do-not-track registry similar to do-not- call list Sen. Rockefeller (D-WV) proposes creating obligation for companies to honor users’ opt-out requests on Internet and mobile devices and giving FTC enforcement powers After opt-out request, companies could only collect information on customer if absolutely necessary for site or service to function Must be anonymized or destroyed after usefulness expires Still subject to user consent Reps. Markey (D-MA) and Barton (R-TX) propose amending COPPA to include: Expansion of COPPA building on “verifiable parental consent” model “Digital Marketing Bill of Rights” for teens Limits on collection of geolocation info about both children and teens Internet “Eraser Button” similar to EU concept of “right to be forgotten”24 | Online and Mobile Marketing
  25. 25. US - Email Marketing CAN-SPAM restricts transmission of unsolicited commercial emails (UCEs) “emails” has been interpreted broadly to include postings within social media environments Obligates “sender” compliance “Sender” includes transmitter and advertiser Non-deceptive subject line and email body “ADV:” in subject line Physical address for contact Link for “unsubscribe” Honor “unsubscribes” within 10 days25 | Online and Mobile Marketing
  26. 26. Unsolicited marketing messages to Europeans -Beware of E-Privacy Regulations Consent required to send unsolicited electronic marketing message to individuals Must be free, specific and informed Can rely on “soft opt in” but beware: in the course of the sale or negotiations similar products/services simple means of opting out Telephone individuals have the right to opt out of unsolicited calls beware of automated calling systems – always opt in Relevant enforcer in the UK can issue “on the spot” fines of up to £500K for serious breaches26 | Online and Mobile Marketing
  27. 27. US - Unsolicited Text Message or Mobile TelephoneAdvertisements – Still Unlawful without Consent Telephone Consumer Protection Act “ It shall be unlawful for any person within the United States, or any person outside the United States if therecipient is within the United States—(A) to make any call (other than a call made for emergency purposes or made with the prior expressconsent of the called party) using any automatic telephone dialing system or an artificial orprerecorded voice—. . .(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobileradio service, or other radio common carrier service, or any service for which the called party is charged forthe call”47 U.S.C. § 227(b)(1)(A)(iii) (emphasis added). 2003: FCC states that the TCPA’s prohibition “encompasses both voice calls and text calls to wireless numbers including, for example, short message service (SMS) calls . . . .” In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003) 2009: Ninth Circuit holds that text messages are “calls” under the TCPA. Satterfield v. Simon & Shuster27 | Online and Mobile Marketing
  28. 28. Mobile Marketing – What Rules Apply? Is it SPAM because it’s an email? OR Is it a text message because it is received on a mobile phone? (Answer: both! Congress intended that CAN-SPAM would include messages sent to mobile devices. 15 USC §7712(b). FCC rules on TCPA encompass text messages and SMS transmissions. 18 FCC Rcd. 14014,14115)28 | Online and Mobile Marketing
  29. 29. US - Marketing to Children Updates to the Children’s Online Privacy Protection Act (COPPA) FTC has held round-table workshops and solicited comments re: updating COPPA 5/19/11 – FTC Director Bureau Consumer Protection testimony before Senate Committee on Commerce, Science and Transportation Says little other than that FTC is reviewing COPPA and that additional legislation is not required (FTC’s existing authority is broad enough) Complexity of online environment makes COPPA challenging29 | Online and Mobile Marketing
  30. 30. UK - Marketing to Children CAP Code 5: The way in which children perceive and react to marketing communications is influenced by their age, experience and the context in which the message is delivered. Marketing communications that are acceptable for young teenagers will not necessarily be acceptable for younger children. The ASA will take those factors into account when assessing whether a marketing communication complies with the Code Child is someone under 16 Rules relate to: harm credulity and unfair pressure direct exhortation and parental authority promotions30 | Online and Mobile Marketing
  31. 31. US – State Restrictions on Marketing to Children Child Registry Statutes Utah and Michigan statutes (U.C.A. 1953 § 13-39-201 and M.C.L.A. 752.1065) Established registries for minors Unlawful to market to registered minors 30 days after registry Michigan: email marketing Utah: email, instant messaging or telephone Covers marketing of any product or service that is illegal for a minor to buy, use, view, participate in, receive or possess, or which may be harmful to the minor Emails with links to websites advertising alcohol may violate statutes31 | Online and Mobile Marketing
  32. 32. US – Data Security Requirements Federal State Fair and Accurate Credit Massachusetts Transactions Act (FACTA) Data security plan Encryption of data in transit Identity Theft Red Flags and on portable devices Program Nevada Written Plan Encryption of data in transit Still pending for “creditors” Connecticut FACTA data destruction Published Social Security Social Security Number Number Policy and Consumer Report information must be Data Security and shredded, burned or Destruction rendered unreadable 3232 | Online and Mobile Marketing
  33. 33. US – Data Requiring Protection Name and Social Security, Taxpayer ID number or driver’s license number Name and financial account number Consumer report information (Information that would be used for determining eligibility for credit, employment or insurance including mode of living, creditworthiness, credit standing, credit capacity, character, general reputation or personal characteristics) Health/Medical information 3333 | Online and Mobile Marketing
  34. 34. US - Data Security and Destruction State Statutes: obligation to protect personal information of state residents against unauthorized access, destruction or misuse (9 states currently) obligation to destroy documents or data containing personal information of state residents (25 states currently) prohibition against public display or disclosure of Social Security Numbers (27 states currently) Federal (FACTA): Consumer report information must be disposed of in a manner that renders it unreadable Includes name and Social Security or Taxpayer ID number, financial account number May include other information to the extent that it indicates creditworthiness, mode of living, etc. 3434 | Online and Mobile Marketing
  35. 35. EU - Data Security and Destruction When building up databases of customer profiles important that you don’t overlook getting the basics on data handling/storage correct Particularly important given there is a relatively new Information Commissioner with increased powers in place in the UK High fine levels in other EU states (e.g. France)35 | Online and Mobile Marketing
  36. 36. Key Take-Away Messages Consider the legal landscape – including new 2011 rules and sanctions for non-compliance Review websites and online and social media activities and campaigns check which territories websites are aimed at check for compliance with EU Cookie Directive, UCPD, etc. Consider marketing materials, activity and campaigns Be able to substantiate any claim – need for due diligence Consider competitor activity– any opportunity to object? Consider internal controls and audit external policies/directives Consult with expert counsel36 | Online and Mobile Marketing
  37. 37. Presented by Rafi Azim-Khan, Partner 25 Old Broad Street, London, United Kingdom, EC2N 1HQ +44.20.7847.9519 email: rafi.azimkhan@pillsburylaw.com Catherine Meyer, Counsel 725 South Figueroa Street, Suit 2800, Los Angeles, CA 90017-5406 +1.213.488.7362 email: catherine.meyer@pillsburylaw.com John Nicholson, Counsel 2300 N Street, NW Washington, DC 20037-1122 +1.202.663.8269 email: john.nicholson@pillsburylaw.com37 | Online and Mobile Marketing