On February 1, 2012, “smart journal” application provider, Path, Inc. (“Path”) agreed to settle Federal Trade Commission (“FTC”) charges that it deceived consumers and improperly collected personal information in violation of the FTC Act and the Children’s Online Privacy Protection Act (“COPPA”). Mobile platforms and application providers should take note of this settlement and the underlying charges in order to avoid potentially onerous fines associated with such privacy violations.Continue Reading...
By Gina Ilardi
The Children's Online Privacy Protection Act (“COPPA”) was enacted to place parents in control over what information is collected, used and disclosed from young children online. COPPA applies to operators of commercial websites and online services directed to children under the age of thirteen that collect, use, or disclose personal information from children, and to operators of general audience websites or online services with actual knowledge that they are collecting, using or disclosing personal information from children under thirteen. On December 19, 2012, The FTC announced the adoption of its long-awaited amendments to COPPA. The updates are primarily aimed at mobile privacy, but are intended to reflect the FTC’s commitment to “helping to create a safer, more secure online experience for children” in the face of rapid technological change. The amended rule will be effective July 1, 2013.Continue Reading...
On January 5, 2011, the Third Circuit issued its decision in New Jersey Retail Merchants Association v. Sidamon-Eristoff, Case No. 10-4551 (3d Cir. Jan. 5, 2012). The appellate court affirmed the decision of the District Court partially granting and partially denying a motion for a preliminary injunction of enforcement of New Jersey's unclaimed property law as applied to gift cards or stored value cards ("SVCs").Continue Reading...
On January 1, 2012, the California Transparency in Supply Chains Act of 2010 will become effective. This legislation will require every large retailer and manufacturer doing business in California to publicly disclose whether it has taken specified actions to eliminate slavery and human trafficking from its product supply chain. The Act does not require a company to make any effort to eliminate slavery or human trafficking, but only to disclose the extent, if any, to which it has taken the actions listed in the Act. The impact of the Act ultimately will depend on whether consumers, investors and activists use the required disclosure to pressure companies to monitor and eliminate abuses in their supply chains. California Civil Code Section 1714.43(a).
Advertisers are constantly looking for new ways to obtain more information from and about online consumers in an effort to provide a more enriching and satisfying online experience for the consumer. At the same time, consumers are becoming more and more knowledgeable about the online collection of their information and are finding new ways to prevent it. As technology evolves, advertisers are seeking to strike a balance between their business objectives and the rights and desires of the modern consumer. What if an advertiser were able to collect weeks, or even months of personal data, including a consumer’s location, time zone, photographs, text from blogs, shopping cart contents, emails and a history of web pages visited, all without the consumer giving consent? Would the collection of such information merely provide for a significantly enriched user experience, or does it present a substantial invasion of privacy? The World Privacy Forum fears the latter, and along with various class action plaintiffs’ lawyers, points to the increasing use of HTML5 as a data collection vehicle as the source of grave concern.
This article by Ben Mulcahy and Gina Ilardi was originally published in the Metropolitan Corporate Counsel. To read the article please click here, or visit the Metropolitan Corporate Counsel website.
This week the Governor of California vetoed what would have been a landmark law on data breach notification. The law sought to strengthen the notification required when databases of personal information are compromised. California’s existing data breach law, which will continue unamended, requires companies and state government agencies to notify individuals when their personal information has been compromised.
In what began as an innovative way to improve advertising efficiency, online behavioral advertising has spawned “Big Brother”-type fear among watch-dog groups worried about consumer privacy. According to the advertising industry’s “Self-Regulatory Principles For Online Behavioral Advertising,” online behavioral advertising is “the collection of data from a particular computer or device regarding Web viewing behaviors over time . . . for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors.” In a recent Annenberg study, 66 percent of American adults indicated they did not want websites or networks targeting advertisements to them. Representing the other side of the spectrum, a representative of the American Association of Advertising Agencies has explained, “[M]arketers want their messages delivered to the customer most likely to buy—that is both economically efficient and completely sustainable in a consumer-driven, competitive marketplace.” The dilemma is thus presented: how to balance the privacy concerns surrounding the collection of personal information with the need to subsidize the availability of online content through effective and cost-efficient advertising. This is the dilemma that will eventually be addressed one way or another, either through continued industry self-regulation, or through actual regulation.