5 24 11 Online Marketing Privacy Presentation

Online and Mobile Marketing:
What’s Legal and What’s Not – a Transatlantic View

May 24, 2011
Rafi Azim-Khan, Partner
Catherine Meyer, Counsel
John Nicholson, Counsel

Pillsbury Winthrop Shaw Pittman LLP

Disclaimer

THIS PRESENTATION DOES NOT CONSTITUTE, AND SHOULD NOT
BE RELIED UPON AS, LEGAL ADVICE. YOU SHOULD CONSULT
YOUR OWN COUNSEL REGARDING THE APPLICATION OF ANY OF
THE LAWS DISCUSSED IN THIS PRESENTATION (OR OTHER
LAWS) TO YOUR COMPANY, YOUR CLIENT, OR YOUR SPECIFIC
CIRCUMSTANCES.

THANK YOU.

2 | Online and Mobile Marketing

Social Media – Key Themes

Tom Cruise in Minority Report
Advertisers’ Holy Grail
Internationally becoming a complex area
Within last few months - 3 new major developments in the UK/EU
US regulators and legislatures focus on geo-location, tracking and
behavioral advertising


Social Media – Key Questions to ask in 2011

Are you engaged in social media?
Is your company looking to adopt or update a corporate Facebook
page/Twitter account or other form of social media?
Is your company looking to interact with its customer base?
Has your company properly audited its social media activity in each
key jurisdiction?
Has your company updated its internal controls, training etc.
Has your company updated its external policies, terms, notices and
disclaimers?


The Basics – Alternative Marketing Methods

“Old” Media
Television and radio commercials
Print ads
Brochures
Articles placed in publications
Any other document or display that makes product claims, or displays a brand image,
and that will be seen by customers

“New” Media
Internet ads, websites
Blog posts
Social network communications (Facebook, Twitter, etc.)
Email messages
Viral marketing, “street team” marketing


Ongoing Developments in Data Security and
Marketing Regulations

United States:

Greater regulatory attention to tracking and targeting
consumers, including new attention to geotracking

New Do-Not-Track bills in the US

Renewed enforcement against text message advertising,
SPAM, and testimonials

Children’s Online Privacy Protection Act under review;
restrictions on marketing to children

Greater specificity in the data security measures required by
state and federal regulations

6

Ongoing Developments in Data Security and
Marketing Regulations

United Kingdom:

Important changes regarding use of cookies in Europe – 26 May
2011

New UK web sheriff remit extension – 1 March 2011

Unfair Commercial Practices Directive/Misleading and
Comparative Advertising Directive – recently introduced

US Company blind spot

Increased “on the spot” fines for UK watchdog

7

26 May 2011 – Important Change –
Using Cookies in Europe

Pre 26 May 2011 – website operator must tell website users how they
use cookies and tell them how they can “opt out” if they object
From 26 May 2011 – cookies are “opt in” unless “strictly necessary”
for a service requested by a user
narrow exception – apply to “add to basket” cookies only?
not to monitor user preferences

Consent – likely to include (based on UK guidance):
pop ups
changes to terms and conditions which are notified
but take care!


US Regulation of Advertising Remains Constant

Federal Trade Commission—Federal law

State Attorneys General—State laws on misrepresentation

Challenges at the National Advertising Division of the Council of
Better Business Bureaus, Inc. (“NAD”)

Competitor or consumer litigation under Section 43(a) of the Lanham
Act and state consumer protection statutes

Pre-clearing of television ads by the U.S. networks and broadcast
authorities in other countries (e.g., UK)


Policy Statements and Other Guidelines

In the UK – Committee of Advertising Practice Code – need to be
aware of Advertising Standard Authority’s remit extension

The FTC has the most influence in establishing the “do’s and don’ts”
in commercial advertising.

Over the years, the FTC has issued “Guides”, “Policy Statements”,
and other instructive guidelines.


FTC Guides, Policy Statements,
and Other Guidelines

Examples of FTC Guides, Policy Statements, and other guidelines:

FTC Guides Concerning Use of Endorsements and Testimonials

FTC Guides Against Deceptive Pricing

FTC Guides Against Bait Advertising

FTC Guide Concerning Use of the Word “Free”

FTC Guides for the Use of Environmental Market Claims (Green Guides)

How to Comply With The Children’s Online Privacy Protection Rule


EU - Unfair Commercial Practices Directive

Unfair commercial practices are prohibited
3 categories of unfair commercial practice
31 always unfair
misleading action, omission or aggressive practice
generally unfair – contrary to professional diligence and materially distorts
economic behaviour
Outside scope:
puffery
B to B
legitimate product placement, brand differentiation
taste and decency
contract
Criminal penalties – unlimited fines and 2 months imprisonment in the
UK


EU – Comparative and Misleading
Advertising Directive

Rules much tougher than US approach
Particular pre-emptive substantiation requirements
Major recent shift in law EU-wide regarding claims for
products/services where explicit or implied comparison made with a
competitor
Numerous EU cases - gives competitors something to attack you with


EU - Comparative Advertising

Take care when:
naming your competitors
making price comparisons
making product comparisons

Potential for trade mark infringement, passing off, copyright
infringement, defamation etc.
The Comparative Advertising Directive
honest practice?
taking unfair advantage?
detrimental?

Risks of fines and imprisonment


1 March 2011 – Important Change –
New Web Sheriff for Websites Targeting the UK

Pre-March 2011 – remit included ads in paid for space
Now – Committee of Advertising Practice Code governs all marketing
communications online
advertising must be legal, honest, decent, truthful etc
Applies to:
company websites
social media marketing communications in non-paid for space e.g. Facebook and
Twitter
Advertising Standard Authority will take action against:
.co.uk websites or if a company is registered in the UK
any website which targets UK consumers which are not subject to regulation by an
international equivalent of the ASA
Being a .com or a US based website will not save you!


1 March 2011 – Important Change – ASA Policing
All Marketing On Websites and Social Media

User Generated Content and Social Media – take care!
will be caught if incorporated within an organisation’s own marketing
communications (e.g. posted on homepage)
message board moderated for harmful and offensive language only – maybe not?

Sanctions
usual ASA sanctions – uphold complaints (like an injunction), pre-vetting
naming and shaming on ASA website
placing of ads highlighting non compliance
search engines agreed to remove ads which link to offending ads
reference to the Office of Fair Trading - fines, injunctions


US - Key Advertising Rules of Thumb

An advertiser must be able to support all reasonable interpretations of
an ad—even ones that the advertiser did not intend to communicate.

The advertiser’s intent does not matter. What matters is what people
reasonably heard or understood.

If market research determines that at least 20 percent of the viewers
of an ad saw or heard a certain claim, the advertiser must be able to
substantiate that claim.


US Basics – Endorsements and Testimonials

An “endorsement” or “testimonial” purports to present the opinions,
beliefs, findings or experience of someone other than the advertiser.
The product performance or results presented in a testimonial must
be representative of the product performance that a typical customer
would experience. “Results may vary” disclaimer likely no longer to
be sufficient.
Any claim made by the endorser must be supportable by the
advertiser with “reasonable basis” substantiation, as if made by the
advertiser.
Any “material connection” between the advertiser and the endorser
(not reasonably expected by the audience) must be disclosed.
If the endorser is a celebrity, no such disclosure is required because the
public is assumed to know that celebrities are usually paid for their
endorsements.


US - Endorsements on social networks and blogs –
FTC Guides apply

October 5, 2009 - FTC Guides on endorsements and testimonials
have been updated to make clear that the requirements apply to
advertising through third parties on social networks and blogs. 16
C.F.R. Part 255

When a blogger mentions a company or product in a blog, the blogger
must disclose receiving any form of payment from the company.
This includes direct payment, “free” products, reimbursed travel
expenses, etc. in exchange for the review.

Statements by a sponsored blogger must be supportable by the
sponsoring company with “reasonable basis” substantiation.
Practice Point: Monitor comments posted on any sponsored blogs, social
networks, etc., and take steps to stop incorrect comments.


US - Behavioral Marketing, Targeted Ads

The practice of tracking consumers’ activities online—including searches a
consumer has conducted, web pages visited, and content viewed—to
facilitate advertising targeted to particular consumers.

The FTC is studying the practice closely. It is not happy with the current
regime—lengthy and complex privacy policies, insufficient opt outs, etc. More
regulation is expected by next summer.

The distinction between personally identifiable and non-personally identifiable
information is no longer “a tenable distinction”.*

Possible requirement: A clickable icon that will show what data are being
collected about a consumer, and who will be allowed to use that data, plus
option to opt out from website collecting information for targeted advertising.

However, clickable icon may be impractical in mobile environment.
* David Vladeck, FTC’s new head of consumer protection (as quoted in the New York Times, August 5, 2009).


US – Behavioral Marketing – Deep Packet Inspection

What is Deep Packet Inspection?
Advertiser places a cookie or text file placed on an individual’s computer.
The cookie monitors the computer user’s internet movement, products
searched, compared, reviewed, purchased as well as sites visited, credit
card usage, bank account usage, etc. The advertiser then “reads” the
cookie to learn all the collected information which is used to target
advertising to that computer.


Deep Packet Inspection

US Statutes potentially violated by Deep Packet Inspection

Electronic Communications Privacy Act, 18 U.S.C. § 2510
Computer Fraud and Abuse Act, 18 U.S.C. § 1030
California’s Invasion of Privacy Act, California Penal Code § 630
California’s Computer Crime Law, California Penal Code § 502


Proposed Do-Not-Track Legislation - State

California Senate Bill 761
Introduced February 2011; first of its kind to pass out of committee
“Covered Entity” cannot use “Covered Information” without disclosure of information
collection, use, and storing practices and an opt-out
“Covered Entity” is one doing business in California that collects, uses, or stores online
data containing covered information from a consumer in California, but not government
or person storing information on fewer than 15,000 or collect from fewer than 10,000 in
12 months
“Covered Information” includes online activity or history, geolocation or computer
identity, unique identifiers (e.g., IP address), personal information and sensitive (health,
biometric) information, but excludes business information.
Prohibits selling, sharing or transferring covered information
Penalty for willful violation: civil damages not less than $100 or greater than $1,000 per
individual plus punitive damages, costs and attorneys fees.
Creates potential for state-level “do not track” framework like current data breach
notification framework


Proposed Do-Not-Track Legislation - Federal

Rep. Speier (D-CA) proposes creating do-not-track registry similar to do-not-
call list
Sen. Rockefeller (D-WV) proposes creating obligation for companies to honor
users’ opt-out requests on Internet and mobile devices and giving FTC
enforcement powers
After opt-out request, companies could only collect information on customer if absolutely
necessary for site or service to function
Must be anonymized or destroyed after usefulness expires
Still subject to user consent

Reps. Markey (D-MA) and Barton (R-TX) propose amending COPPA to
include:
Expansion of COPPA building on “verifiable parental consent” model
“Digital Marketing Bill of Rights” for teens
Limits on collection of geolocation info about both children and teens
Internet “Eraser Button” similar to EU concept of “right to be forgotten”


US - Email Marketing

CAN-SPAM restricts transmission of unsolicited commercial emails (UCEs)

“emails” has been interpreted broadly to include postings within social
media environments

Obligates “sender” compliance

“Sender” includes transmitter and advertiser

Non-deceptive subject line and email body

“ADV:” in subject line

Physical address for contact

Link for “unsubscribe”

Honor “unsubscribes” within 10 days


Unsolicited marketing messages to Europeans -
Beware of E-Privacy Regulations

Consent required to send unsolicited electronic marketing message to
individuals
Must be free, specific and informed
Can rely on “soft opt in” but beware:
in the course of the sale or negotiations
similar products/services
simple means of opting out

Telephone
individuals have the right to opt out of unsolicited calls
beware of automated calling systems – always opt in

Relevant enforcer in the UK can issue “on the spot” fines of up to
£500K for serious breaches


US - Unsolicited Text Message or Mobile Telephone
Advertisements – Still Unlawful without Consent
Telephone Consumer Protection Act
“ It shall be unlawful for any person within the United States, or any person outside the United States if the
recipient is within the United States—
(A) to make any call (other than a call made for emergency purposes or made with the prior express
consent of the called party) using any automatic telephone dialing system or an artificial or
prerecorded voice—
. . .(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile
radio service, or other radio common carrier service, or any service for which the called party is charged for
the call”
47 U.S.C. § 227(b)(1)(A)(iii) (emphasis added).

2003: FCC states that the TCPA’s prohibition “encompasses both voice calls and text
calls to wireless numbers including, for example, short message service (SMS) calls .
. . .” In re Rules and Regulations Implementing the Telephone Consumer Protection
Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003)

2009: Ninth Circuit holds that text messages are “calls” under the TCPA. Satterfield
v. Simon & Shuster


Mobile Marketing – What Rules Apply?

Is it SPAM because it’s an email?
OR
Is it a text message because it is received on a mobile phone?

(Answer: both! Congress intended that CAN-SPAM would include
messages sent to mobile devices. 15 USC §7712(b). FCC rules on
TCPA encompass text messages and SMS transmissions. 18 FCC
Rcd. 14014,14115)


US - Marketing to Children

Updates to the Children’s Online Privacy Protection Act (COPPA)

FTC has held round-table workshops and solicited comments re:
updating COPPA
5/19/11 – FTC Director Bureau Consumer Protection testimony before
Senate Committee on Commerce, Science and Transportation
Says little other than that FTC is reviewing COPPA and that additional
legislation is not required (FTC’s existing authority is broad enough)
Complexity of online environment makes COPPA challenging


UK - Marketing to Children

CAP Code 5: The way in which children perceive and react to
marketing communications is influenced by their age, experience and
the context in which the message is delivered. Marketing
communications that are acceptable for young teenagers will not
necessarily be acceptable for younger children. The ASA will take
those factors into account when assessing whether a marketing
communication complies with the Code
Child is someone under 16
Rules relate to:
harm
credulity and unfair pressure
direct exhortation and parental authority
promotions


US – State Restrictions on Marketing to Children

Child Registry Statutes
Utah and Michigan statutes (U.C.A. 1953 § 13-39-201 and M.C.L.A. 752.1065)

Established registries for minors

Unlawful to market to registered minors 30 days after registry

Michigan: email marketing

Utah: email, instant messaging or telephone

Covers marketing of any product or service that is illegal for a minor to buy, use, view,
participate in, receive or possess, or which may be harmful to the minor

Emails with links to websites advertising alcohol may violate statutes


US – Data Security Requirements

Federal State

Fair and Accurate Credit Massachusetts
Transactions Act (FACTA) Data security plan
Encryption of data in transit
Identity Theft Red Flags and on portable devices
Program Nevada
Written Plan Encryption of data in transit
Still pending for “creditors”
Connecticut
FACTA data destruction Published Social Security
Social Security Number Number Policy
and Consumer Report
information must be Data Security and
shredded, burned or Destruction
rendered unreadable

32

US – Data Requiring Protection

Name and Social Security, Taxpayer ID number or driver’s license
number

Name and financial account number

Consumer report information (Information that would be used for
determining eligibility for credit, employment or insurance including
mode of living, creditworthiness, credit standing, credit capacity,
character, general reputation or personal characteristics)

Health/Medical information

33

US - Data Security and Destruction

State Statutes:
obligation to protect personal information of state residents against unauthorized
access, destruction or misuse (9 states currently)
obligation to destroy documents or data containing personal information of state
residents (25 states currently)
prohibition against public display or disclosure of Social Security Numbers (27
states currently)

Federal (FACTA):
Consumer report information must be disposed of in a manner that renders it
unreadable
Includes name and Social Security or Taxpayer ID number, financial account
number
May include other information to the extent that it indicates creditworthiness,
mode of living, etc.

34

EU - Data Security and Destruction

When building up databases of customer profiles important that you
don’t overlook getting the basics on data handling/storage correct
Particularly important given there is a relatively new Information
Commissioner with increased powers in place in the UK
High fine levels in other EU states (e.g. France)


Key Take-Away Messages

Consider the legal landscape – including new 2011 rules and
sanctions for non-compliance
Review websites and online and social media activities and
campaigns
check which territories websites are aimed at
check for compliance with EU Cookie Directive, UCPD, etc.

Consider marketing materials, activity and campaigns
Be able to substantiate any claim – need for due diligence
Consider competitor activity– any opportunity to object?
Consider internal controls and audit external policies/directives
Consult with expert counsel


Presented by

Rafi Azim-Khan, Partner
25 Old Broad Street, London, United Kingdom, EC2N 1HQ
+44.20.7847.9519
email: rafi.azimkhan@pillsburylaw.com

Catherine Meyer, Counsel
725 South Figueroa Street, Suit 2800, Los Angeles, CA 90017-5406
+1.213.488.7362
email: catherine.meyer@pillsburylaw.com

John Nicholson, Counsel
2300 N Street, NW Washington, DC 20037-1122
+1.202.663.8269
email: john.nicholson@pillsburylaw.com


5 24 11 Online Marketing Privacy Presentation

Recomendados

Recomendados

Mais conteúdo relacionado

Semelhante a 5 24 11 Online Marketing Privacy Presentation

Semelhante a 5 24 11 Online Marketing Privacy Presentation (20)

Último

Último (20)

5 24 11 Online Marketing Privacy Presentation