The Federal Trade Commission’s (“FTC”) announcement last week of settlements with 13 separate companies for charges of falsely advertising certification with the U.S.-EU and/or U.S.-Swiss Safe Harbor Frameworks (“Safe Harbors”) – some of which never existed but several of which had simply lapsed – serves as a reminder that businesses should periodically and often review their online privacy policies (“PP”). During this review, businesses should ensure that: (i) they are following all of the stated provisions of the PP; (ii) the PP accurately reflects current business practices, technologies used on the applications, websites or other online services (“Online Services”), and business arrangements with third parties; and (iii) the PP remains current with regard to applicable laws, regulations and self-regulatory programs for which the Online Services are subject. A look at recent FTC actions illustrate the importance of this review. Continue Reading
A purported class action lawsuit was recently filed against meal-delivery service Blue Apron based on its alleged failure to satisfy the requirements of California’s law regulating automatic-renewal provisions in consumer contracts (Cal. Bus. & Prof. Code § 17600 et seq.). The case, C.D. Cal. No. 2:15-cv-05521, was filed in June 2015 and removed to federal court last month. California’s law, which went into effect in December 2010, has in recent months been the basis for a spate of similar lawsuits – Blue Apron being the latest entry in a trend that we anticipate will continue.
InfoLawGroup is happy to announce that McLean B. Sieverding has joined the firm as Senior Counsel. Most recently, McLean served as Assistant General Counsel for Int’l Data Protection & Regulatory Compliance at Verizon and prior to that, he spent more than a decade practicing in the Communications, Media & Privacy group at Willkie Farr & Gallagher LLP.
McLean’s practice focuses on identifying and managing state, federal, and international privacy and data security issues and risks for a broad range of clients in the software, financial services, healthcare, IT, new media, telecommunications and retail sectors. He is also a seasoned contract negotiator and data breach law attorney, having managed more than 500 data breach remediations.
McLean is a frequent speaker and writer on privacy and data security law and policy issues, and he regularly develops and conducts tailored privacy and data security compliance/training programs for clients. We are thrilled to have him on board!
The Federal Communications Commission (“FCC”) released its TCPA Omnibus Declaratory Ruling and Order (“Order”) regarding the Telephone Consumer Protection Act (“TCPA”) on July 10, 2015, which Chairman Tom Wheeler announced via a blog post and FAQ’s in late May. InfoLawGroup previously discussed the potential impact on businesses based on the initial announcement. The FCC has now released the Order and statements from the Commission, including dissents by certain Commissioners. Below are key points that your business should know about the Order.
- In almost all cases, the equipment being used is likely an “audodialer” as currently defined by the FCC .
InfoLawGroup congratulates partner Justine Young Gottshall for being recognized by SC Magazine as one of the 5 Women in IT Security: Women to Watch. It is an honor to be named, particularly given the other accomplished and successful women on the list, and those profiled throughout the Women in IT Security issue. Ms. Gottshall is the sole lawyer included on the “Women to Watch” list.
The Federal Communications Commission (“FCC”) adopted a package of declaratory rulings regarding the Telephone Consumer Protection Act of 1991 (“TCPA”), which the dissenting Commissioners warn could cause issues for businesses that communicate with their customers via phone or text messages. InfoLawGroup discussed this vote and issue in a previous post. Last week the rulings passed 3 to 2, but the order has not yet been released. However, the FCC has issued a press release. The press release, states that,
“Autodialer” is defined in the Act as any technology with the capacity to dial random or sequential numbers. This definition ensures that robocallers cannot skirt consumer consent requirements through changes in calling technology design or by calling from a list of numbers.”
As we identified in our previous post, this broad definition will impact certain calls and text messages. Statements from dissenting Commissioners give us insight into the rulings and potential issues. In his dissent, Commissioner Ajit Pai stated that, “After this Order, each and every smartphone, tablet, VoIP phone, calling app, texting app—pretty much any phone that’s not a “rotary-dial phone” will be an automatic telephone dialing system.” He gives an example of how this could potentially subject innocent actors to a TCPA lawsuit.
“Jim meets Jane at a party. The next day, he wants to follow up on their conversation and ask her out for lunch. He gets her cellphone number from a mutual friend and calls her from his smartphone. Pursuant to the Order, Jim has violated the TCPA, and Jane could sue him for $500 in statutory damages. If he follows up with a text, that’s another $500 violation.” Continue Reading
The FTC recently updated its published guidance on the use of endorsements in advertising. In 2009, the FTC revised its Guides Concerning the Use of Endorsements and Testimonials in Advertising (“Endorsement Guides”). Following the release of the Endorsement Guides, the FTC issued an informal FAQ in June 2010 to answer some of the most frequently asked questions it had then received. Now, the FTC has revised those FAQs, “The FTC’s Endorsement Guides: What People Are Asking,” in order to expand on topics broached the first time around and to address new communication media and other issues not previously covered.
The revised FAQs contain a lot of very valuable information regarding how the FTC staff interprets the Endorsement Guides. If your company uses endorsements in any of its advertising – from employment of a celebrity spokesperson to incentivizing discussion of your brand online through the use of a sweepstakes or contest – you will want to review the new FAQs in their entirety. For now, here are a few highlights:
(1) The Need for Disclosure, Generally. One of the fundamental principles of the Endorsement Guides is that any material connection between the endorser and the advertiser that would affect how people evaluate the endorsement and would not be reasonably expected by the audience must be disclosed. As the FTC notes, “[u]nder the law, an act or practice is deceptive if it misleads ‘a significant minority’ of consumers.” So, even if a majority of the audience would understand the connection between endorser and advertiser without a disclosure, if a significant minority of the audience would not, a disclosure is required in order to avoid deception.
There are many articles circulating the web about new live-streaming video technologies like Meerkat. These tremendous apps make it possible for users to stream real time video from their phone to the internet for all to view, turning every individual into a real-time video-journalist. Brands and entertainment properties have also jumped into the fray with these technologies. For example, Jimmy Fallon live-streams some of his show practices on his Periscope channel and, in late March, Mountain Dew live-streamed a hang out for fans to view and get rewarded with Mountain Dew swag. Of course, most legal articles about live-steaming apps focus on the intellectual property and piracy issues raised by use of these apps. Indeed, sports franchises, which make a huge portion of their income from selling exclusive rights to broadcast their events in real time, are already noodling on these issues. Sports franchises typically protect their broadcast interests by restricting who can bring live broadcasting equipment into their facilities. However, that becomes more challenging when the only necessary equipment is an ordinary cell phone.
Less talked about, but equally important, is how these technologies may increase the real-time risk of exposure of a wide range of sensitive or private information in the workplace. Companies’ potentially controversial business practices, legally-sensitive situations like employee firings, or internal programs and trade secrets could be revealed to the public instantly. The apps could also create risks for individual employees privacy, as everyday workplace activity could be streamed to the general public in real-time.
Of course, some of these risks have existed since the advent of built-in cell phone video cameras. But these new apps eliminate the delay between when the video is filmed and when it becomes available to the global public. By the time someone is seen filming, the video is already streaming, and rather than preventing exposure, the company may have to focus on cleaning up the mess. Even the most devoted employees could inadvertently expose corporate secrets without the ability to screen and edit videos before publication.
I contend that these technologies may re-raise BYOD (bring your own device) issues for the workplace. Should these technologies be forbidden on workplace devices? Should all devices containing these technologies be forbidden at work? Would the NLRB agree with these types of workplace restrictions? At the very least, employers may need to implement training programs to make their employees aware of these risks. Though individual businesses’ needs will vary and by no means will all use of these apps be problematic, the advent of this technology highlights the importance of companies having, and regularly updating, a clear internet and social media policy.
On Thursday, a bankruptcy judge granted final approval of the sale of RadioShack Corporation (“RadioShack”) assets to General Wireless Operations Inc. (“General Wireless”), which included customers’ personal information. In the order, the Delaware bankruptcy judge stated “ . . . no showing was made that the sale of personally identifiable information (the “PII”)(as defined in Section 101(41A) of the Bankruptcy Code), subject to the terms of this Order, would violate applicable nonbankruptcy law.” During the bankruptcy proceeding, the sale of personal information was a contentious issue with the Federal Trade Commission Consumer Protection Director Jessica Rich, multiple states’ Attorneys General, and certain corporations raising concerns. This serves as a reminder for companies big or small, starting up or established, and acquiring or being acquired, that consumers’ personal information has value. In order to protect that value, companies should consider privacy in all stages of business and technological development.
Last week, FCC Chairman Wheeler put forth a proposal that will address more than 20 pending petitions before the Agency. The FCC will vote on the proposal June 18, 2015. Chairman Wheeler has posted both a set of FAQs and a blog post providing more information.
Chairman Wheeler has made clear that the intent is to expand consumer protection with regard to calls and texts, stating that he wants to send a clear message that “consumers have the right to control the calls and texts they receive, and the FCC is moving to enforce those rights and protect consumers against robocalls, spam texts, and telemarketing.”
If approved, and based upon Chairman Wheeler’s blog post and FAQs, the proposal would address at least the following:
- Allow for the adoption of robocall-blocking technology;
- Clarify the issue of a “reassigned number,” such that callers could not call a reassigned number after one call (applies at least to robocalls);
- Allow consumers to opt-out of robocalls in any “reasonable” manner;
- Allow for certain limited and specific exceptions, such as for fraud alerts. There would be no exceptions for marketing purposes; and
- Defining “autodialers” as “any technology with the potential to dial random or sequential numbers” (emphasis added).
The final point, above, may be of significant interested to many companies, as it is a broad definition and will impact text messages as well as certain calls.
If approved by the Commission, the declaratory rulings in the proposal would become effective immediately upon release.
This blog post has been updated, please refer to The FCC TCPA Order: What Does My Business Need To Know?