Ad Law Access : Washington D.C. Advertising Lawyer & Attorney : Kelley Drye & Warren Law Firm : New York, Chicago, Connecticut, New Jersey, Brussels

Facebook has agreed to settle Federal Trade Commission (“FTC”) charges alleging that the social network company engaged in deceptive practices that enabled third-party access to Facebook users’ private information, including personal history, photos, videos, and Friend Lists, without providing users with adequate notice or obtaining their prior consent.

The proposed settlement, which would impose privacy requirements that are similar to those in the FTC’s settlement with Google that became final in October 2011, follows complaints over Facebook’s privacy practices that were filed with the FTC in December 2009 by the Electronic Privacy Information Center (“EPIC”) and a coalition of consumer groups.

The FTC Complaint

The FTC’s administrative complaint alleges a number of violations of Section 5(a) of the FTC Act, which prohibits deceptive or unfair acts or practices in or affecting commerce, including allegations that (1) Facebook users’ personal information was made publicly-available despite repeated representations by Facebook that such information would remain private; (2) applications (“Apps”) available through the Facebook platform could access personal information without Facebook users’ knowledge or consent; and (3) Facebook falsely stated that it complied with the United States – European Union (“EU”) Safe Harbor Framework:

• Personal Information Available to Third-Parties following Unilateral Changes to Privacy Settings: The FTC alleged that Facebook users were not given adequate notice that certain private information would become publicly-available following changes to Facebook’s privacy settings, and were not given meaningful choice about whether they agreed to the public status of their information. Further, the FTC alleged that, despite statements by Facebook that personal information was not shared with advertisers, users’ User ID information became available to an advertiser whenever a user clicked on an advertisement. The FTC also alleged that personal photos and videos remained available on Facebook even after such content was deleted by a user or the user deactivated his or her Facebook account.

• Apps Access to Private Information: The FTC alleged that Apps available on the Facebook platform could access users’ personal information even when the information was unrelated to the operation of the app or when certain information was designated by users as “Friends Only.” The FTC also alleged that Facebook’s “Verified Applications” program was deceptive as it did not employ verification procedures or security safeguards that exceeded the level of protection applied to any other App on the Facebook platform.

• Noncompliance with U.S.–EU Safe Harbor Framework: The FTC alleged that, despite representations within Facebook’s privacy policy that the company complied with the U.S.-EU Safe Harbor Framework, Facebook’s privacy practices violated the U.S. Safe Harbor Privacy Principles of Notice and Choice.

Terms of the Proposed Settlement

The proposed settlement, which is subject to public comment through December 30, 2011, imposes robust requirements on Facebook, including the following:

• Before sharing user information with a third party in a manner that materially exceeds the restrictions imposed by a users’ privacy settings, Facebook must:
  • Disclose (1) the information that will be shared, (2) the identity or categories of the third parties that will receive the information, and (3) that such sharing exceeds the restrictions imposed by the users’ privacy settings. Notably, this disclosure must be separate from any “end user license agreement,” “privacy policy,” or “terms of use;” and
  • Obtain express affirmative consent to the sharing from the user.
     
• Facebook must ensure that personal information cannot be accessed by a third-party within 30 days after a user deletes such information or terminates his or her Facebook account.

• Facebook must develop, implement, and maintain a written comprehensive privacy program including designated employees responsible for the program; identification of reasonably foreseeable risks and safeguards used to mitigate risks; and establishing steps to select and retain service providers.

• Facebook must hire a third party privacy and data security professional to conduct assessments of Facebook’s practices every two years for the next twenty years.

What this Means for Business

This FTC action is the latest reminder to businesses that handle consumer information that they must carefully evaluate whether their privacy practices are consistent with promises made in their policies and whether they provide adequate disclosures and obtain meaningful consent from customers when these practices change. With this high-profile settlement, the FTC has signaled that it will continue its aggressive privacy-related enforcement activity regarding the handling of consumers’ personal information.

This post was written by Dana Rosenfeld, Alysa Z. Hutnik, and Matthew Sullivan.
 

• Email This
• Print
• Share Link

ICANN made its move to launch the new generic Top Level Domains (gTLDs), the biggest change to the structure of the Domain Name System since its inception 25 years ago. (A gTLD is the name to the right of the dot in a domain name address -- not to be confused with domain names, which are to the left of the dot). Now, whether your organization plans to adopt a gTLD or not, it needs to move to devise a winning strategy.

Join Kelley Drye on December 7th at the Tower Club in Vienna, VA, for a free seminar that will explore what opportunities may be exploited, by whom, and when, and discuss what may be done to protect your organization's interest in this vastly changing Internet environment.

We will:

• Explain the new gTLD system and application process, including highlighting important myths and misconceptions.
• Discuss the marketing and branding opportunities for owners of gTLDs, but the game is open to more than simply those players. Understand this new way of doing business and what types of consulting, technology, management, and other moneymaking opportunities new gTLDs may create.
• Outline some key rules and regulations that will govern how your organization will play.
• Assess the risks in joining or not joining the game at this time. Don't be a simple pawn, move to preserve your position for the future - especially if your competitors are in the first round of new gTLD applicants. If nothing more, act now to get the authorities in your organization to make an informed decision as to what they need to do.

SPEAKERS:
Nancy Lutz, Partner, Kelley Drye & Warren LLP
Sarah Langstone, Director of Product Management, VeriSign, Inc.
Alexa Raad, Founder, Architelos Inc.

DATE:
December 7, 2011 8:00 AM -10:00 AM ET

LOCATION:
The Tower Club
8000 Towers Crescent Drive
17th Floor
Vienna, Virginia 22182

Email dcevents@kelleydrye.com to register.

• Email This
• Print
• Share Link

On November 18, 2011, President Obama signed into law H.R. 2112, the Consolidated and Further Continuing Appropriations Act (Pub. L. 112-055), which, among other things, provides funding for the U.S. Department of Agriculture (“USDA”) for Fiscal Year 2012. The law includes policy “riders” blocking funding for key provisions of a rule proposed by USDA that is intended to improve the dietary habits of school children. Published in January 2011, the USDA’s proposed rule would enact more stringent nutrition quality standards for the National School Lunch Program (“NSLP”) and the School Breakfast Program (“SBP”), which applies to school children in grades K-12. Specifically, the rule would adopt recommendations from the Institute of Medicine (“IOM”) that call for increased servings of fruits, vegetables, and whole grain-rich foods, establish new minimum and maximum calories levels for meals, minimize consumption of trans fats, and substantially reduce the amount of sodium in kids’ meals over the next 10 years.

The law prohibits USDA from implementing several prominent provisions from the proposed rule, including the proposed limits on servings of starchy vegetables such as potatoes, the long-term sodium reduction requirements, the increase in servings of whole grain foods for breakfast and lunch, and certain proposed vegetable serving requirements.

The USDA proposal would represent a substantial shift in the nutritional composition and quantity of a number of food items and would have far-reaching implications for companies that make or market food products for use in school breakfast or lunch programs. Please see Kelley Drye’s February 2, 2011 Client Advisory for more information on the USDA proposal.

This blog post was written by Sarah Roller and Matt Sullivan.

• Email This
• Print
• Share Link

On November 9, 2011, the Committee for the Right to Know, a consumer advocacy group that focuses on consumer, public health, environmental, and food issues, submitted the California Right to Know Genetically Engineered Food Act to the California state attorney general for title and summary--a necessary step needed to place citizen-created initiatives on the California state ballot. The Committee is preparing the Act for California voter consideration in the November 2012 election. For the Act to qualify for the November 2012 ballot, the Committee must circulate a petition regarding the Act and gather over 500,000 signatures of registered, California voters within 150 days of receiving title and summary from the California state attorney general.

The Act would require genetically engineered or modified foods or foods containing genetically engineered ingredients to be clearly labeled as containing genetically engineered material in a manner similar to nutrition information labeling. The Committee describes genetically engineered food as "[a] plant or meat product that has had its DNA artificially altered in a lab with genes from other plants, animals, viruses, or bacteria, in order to produce foreign compounds in that food." The FDA currently does not require genetically engineered foods or foods that contain genetically engineered ingredients to bear labeling regarding genetic modification.

The full text of the Act, as submitted to the California Attorney General on November 9, 2011 is available here.

This blog post was written by Sarah Roller and Megan Olsen. 

• Email This
• Print
• Share Link

This week, Google launched Google+ Pages, a place where companies can post content and interact with consumers. In many ways, Google+ Pages is similar to Facebook Pages, but it also includes some unique functionality and integrations with Google’s search engine. Companies that are considering establishing a presence on Google+ should note, however, that Google imposes at least one limitation that Facebook does not: Google prohibits companies from offering various types of promotions on the site.

The Google+ Pages Contest and Promotion Policies states, in part: “You may not run contests, sweepstakes, offers, coupons or other such promotions (“Promotion”) directly on your Google+ Page. You may display a link on your Google+ Page to a separate site where your Promotion is hosted so long as you (and not Google) are solely responsible for your Promotion and for compliance with all applicable federal, state and local laws, rules and regulations . . . .”

Google reserves the right to block or remove pages that violate the Policies, so companies should be careful to ensure they comply.

• Email This
• Print
• Share Link

Earlier this year, the FTC and the Colorado Attorney General filed a lawsuit against a company that sells a wealth-building program. The company’s infomercials included testimonials from consumers who purportedly made money through the program and fine print disclosures stating that results would vary. The regulators recently announced they had obtained a court order that, among other things, requires the company to highlight the low success rate of its customers.

As we’ve mentioned in previous posts, two years ago, the FTC updated their guidelines on endorsements and testimonials. Under the new guidelines, a company can no longer feature testimonials with atypically good results and simply use a “Results Not Typical” disclaimer. Instead, a company must either feature testimonials that show typical results or include a disclosure that clearly explains the results that a typical consumer can expect to achieve.

As part of the court order, the infomercial company is forced to “clearly and prominently” include the following statement in all ads and infomercials: “Most of our customers will earn little or no money.” The order includes detailed requirements about how, when, and how often the disclosure must be made in various types of ads. In addition, the company is prohibited from representing that consumers are likely to quickly and easily make a lot of money.

This case serves as a reminder that advertisers need to ensure that all claims in their ads -- including claims that are made by consumers -- are truthful and not misleading. And companies need to be particularly careful that claims made by consumers are either representative of typical results or that the ads otherwise clearly disclose the typical results. Otherwise, a much more onerous disclosure may be forced on them by a court.

• Email This
• Print
• Share Link