As localities order people to stay at home and non-essential businesses to close, consumers are turning to online options. Although you might welcome the traffic, you might also be facing unexpected challenges like a reduced work force, supply chain disruptions, manufacturing shifts from regular inventory to medical necessities, and other hurdles that can cause shipping
- On Monday, the President signed an executive order to prevent hoarding and price gouging of crucial medical supplies. It authorizes criminal prosecution of
Vermont Attorney General Thomas Donovan Jr. has ratcheted up ongoing scrutiny of facial recognition technology. On March 10, the Vermont AG sued facial recognition technology provider Clearview AI and moved for a preliminary injunction against the company. Clearview drew wide attention in January following the publication of a New York Times story that detailed how…
This post updates an earlier post relating to marketing around the coronavirus.
We noted a couple news items this week that help add context to the pervasiveness of and risks related to price gouging enforcement. In this story, the New York Times reported on a merchant who was selling hand sanitizer and related protective…
Until recently, most consumers likely associated anything starting with “Corona” with a sunny beach and a lime wedge.
The public is rightly concerned about coronavirus and how to avoid catching it. And where the public has questions, marketers will have answers. Here are a couple things to think about before rushing that next…
On January 30th, 24 State Attorneys General*, led by Kwame Raoul (D) of Illinois, submitted an amici curiae brief in support of the Federal Trade Commission’s position in FTC v. Credit Bureau Center LLC.
These State AGs are in agreement with the FTC, which has argued that the district court’s authority to…
The CFPB announced today a policy statement outlining three new principles that it intends to apply when evaluating whether practices are “abusive” under the Dodd-Frank Act. The Dodd-Frank Act marked the first time that a federal or state regulator was granted the authority to regulate broadly “abusive” acts and practices. While Dodd-Frank provided a general…
At the end of 2019, Governor Andrew M. Cuomo released the 10th proposal of his 2020 State of the State Agenda, which aims to eliminate the so-called “pink tax,” a gender-based pricing phenomenon that allegedly results in higher prices for good and services marketed towards women as compared to substantially similar alternatives marketed…
While Attorney General Xavier Becerra has indicated his office will prioritize enforcement relating to the sale of minors’ personal information, will direct enforcement efforts at companies that are not showing a willingness to comply, and will not make major changes before finalizing the proposed regulations, the Attorney General has not fielded specific questions about how to implement the law. This state of affairs has left companies scrambling to benchmark their compliance practices against competitors and the industry at large.
In this post, we provide some insights on common questions we are hearing about how to comply with the CCPA in the absence of clear guidance or precedent. Of course, every company is different and companies should always consult with a privacy attorney before deciding on the best way to comply with the CCPA.
- Why are so many companies posting a “Do Not Sell My Info” (DNSMI) button on their website if they do not sell personal information in exchange for money?
- When can a business claim that its ad tech partner and purchased ad tech services are exempt from the “sale” provisions of the CCPA?
- What are the IAB and DAA options for ad tech compliance?
- How do privacy technology vendor tools factor into CCPA Do Not Sell compliance?
- What best practices can companies adopt when verifying a consumer request before providing personal information to the requestor?
- Where are companies posting their DNSMI links?
- What should we do when a consumer clicks on our DNSMI link?
- What does the B2B exemption mean?
- We’re a business, and we sell personal information. Do we have to pass through consumer requests to entities to which we sold data?
- Is there a potential for a private right of action for privacy issues?
- What’s happening with California’s new privacy ballot initiative?
Why are so many companies posting a “Do Not Sell My Info” (DNSMI) button on their website if they do not sell personal information in exchange for money?
Companies that post a DNSMI button but do not sell personal information for money likely have determined that their provision of personal information to ad tech companies in connection with interest-based advertising is a “sale.” Accordingly, they post the DNSMI button to enable consumers to opt out of these “sales.”
The question of whether, and under what circumstances, the use of third-party cookies, pixels, tags, etc. constitutes a “sale” and how to provide DNSMI choices is a flashpoint in the debate over how to interpret the CCPA (as discussed here, here, and here). There is a growing consensus that only a lawsuit or a government enforcement action will resolve this matter.
For now, two ways of analyzing this question are emerging. One position concludes that data collected via a third-party cookie, tag, or pixel may be a potential “sale” because the company adding that cookie, tag, or pixel to its website sends, makes available, or otherwise shares personal information to an ad tech provider in exchange for services, and, critically, where that provider does not restrict its use or sharing of that personal information for the provider’s or other entities’ commercial benefit (other than for a limited number of exempted purposes).
The other position is that the third party directly collects personal information via the cookie, tag, or pixel placed on a publisher’s website, and the publisher is not selling that personal information to the third party responsible for the tracker.
When can a business claim that its ad tech partner and purchased ad tech services are exempt from the “sale” provisions of the CCPA?
The CCPA provides an exemption from the definition of a “sale” when a business uses or shares with a “service provider” personal information of a consumer that is necessary and proportionate to perform a “business purpose.” As a result, companies may want to determine (1) whether an ad tech vendor is a “service provider” and (2) whether that vendor performs its ad tech service for a “business purpose.” Examining specific arrangements with each advertising partner is the best way to address this question and for each of the relevant services provided by the vendor.
Some of the major players in online advertising have laid down public markers that can be helpful in classifying interest-based advertising activities. Examples include:…
Continue Reading CCPA Implementation: An Early Map
The year ended with a flurry of activity related to the FTC’s ability to obtain permanent injunctions and restitution under Section 13(b) of the FTC Act. As we head into 2020, a level-set is in order.
To File or Not File is No Longer the Question
On December 19, 2019, the FTC filed a petition…