Falcon Invoice Discounting: The best investment platform in india for investors
5 24 11 Online Marketing Privacy Presentation
1. Online and Mobile Marketing:
What’s Legal and What’s Not – a Transatlantic View
May 24, 2011
Rafi Azim-Khan, Partner
Catherine Meyer, Counsel
John Nicholson, Counsel
Pillsbury Winthrop Shaw Pittman LLP
2. Disclaimer
THIS PRESENTATION DOES NOT CONSTITUTE, AND SHOULD NOT
BE RELIED UPON AS, LEGAL ADVICE. YOU SHOULD CONSULT
YOUR OWN COUNSEL REGARDING THE APPLICATION OF ANY OF
THE LAWS DISCUSSED IN THIS PRESENTATION (OR OTHER
LAWS) TO YOUR COMPANY, YOUR CLIENT, OR YOUR SPECIFIC
CIRCUMSTANCES.
THANK YOU.
2 | Online and Mobile Marketing
3. Social Media – Key Themes
Tom Cruise in Minority Report
Advertisers’ Holy Grail
Internationally becoming a complex area
Within last few months - 3 new major developments in the UK/EU
US regulators and legislatures focus on geo-location, tracking and
behavioral advertising
3 | Online and Mobile Marketing
4. Social Media – Key Questions to ask in 2011
Are you engaged in social media?
Is your company looking to adopt or update a corporate Facebook
page/Twitter account or other form of social media?
Is your company looking to interact with its customer base?
Has your company properly audited its social media activity in each
key jurisdiction?
Has your company updated its internal controls, training etc.
Has your company updated its external policies, terms, notices and
disclaimers?
4 | Online and Mobile Marketing
5. The Basics – Alternative Marketing Methods
“Old” Media
Television and radio commercials
Print ads
Brochures
Articles placed in publications
Any other document or display that makes product claims, or displays a brand image,
and that will be seen by customers
“New” Media
Internet ads, websites
Blog posts
Social network communications (Facebook, Twitter, etc.)
Email messages
Viral marketing, “street team” marketing
5 | Online and Mobile Marketing
6. Ongoing Developments in Data Security and
Marketing Regulations
United States:
Greater regulatory attention to tracking and targeting
consumers, including new attention to geotracking
New Do-Not-Track bills in the US
Renewed enforcement against text message advertising,
SPAM, and testimonials
Children’s Online Privacy Protection Act under review;
restrictions on marketing to children
Greater specificity in the data security measures required by
state and federal regulations
6
6 | Online and Mobile Marketing
7. Ongoing Developments in Data Security and
Marketing Regulations
United Kingdom:
Important changes regarding use of cookies in Europe – 26 May
2011
New UK web sheriff remit extension – 1 March 2011
Unfair Commercial Practices Directive/Misleading and
Comparative Advertising Directive – recently introduced
US Company blind spot
Increased “on the spot” fines for UK watchdog
7
7 | Online and Mobile Marketing
8. 26 May 2011 – Important Change –
Using Cookies in Europe
Pre 26 May 2011 – website operator must tell website users how they
use cookies and tell them how they can “opt out” if they object
From 26 May 2011 – cookies are “opt in” unless “strictly necessary”
for a service requested by a user
narrow exception – apply to “add to basket” cookies only?
not to monitor user preferences
Consent – likely to include (based on UK guidance):
pop ups
changes to terms and conditions which are notified
but take care!
8 | Online and Mobile Marketing
9. US Regulation of Advertising Remains Constant
Federal Trade Commission—Federal law
State Attorneys General—State laws on misrepresentation
Challenges at the National Advertising Division of the Council of
Better Business Bureaus, Inc. (“NAD”)
Competitor or consumer litigation under Section 43(a) of the Lanham
Act and state consumer protection statutes
Pre-clearing of television ads by the U.S. networks and broadcast
authorities in other countries (e.g., UK)
9 | Online and Mobile Marketing
10. Policy Statements and Other Guidelines
In the UK – Committee of Advertising Practice Code – need to be
aware of Advertising Standard Authority’s remit extension
The FTC has the most influence in establishing the “do’s and don’ts”
in commercial advertising.
Over the years, the FTC has issued “Guides”, “Policy Statements”,
and other instructive guidelines.
10 | Online and Mobile Marketing
11. FTC Guides, Policy Statements,
and Other Guidelines
Examples of FTC Guides, Policy Statements, and other guidelines:
FTC Guides Concerning Use of Endorsements and Testimonials
FTC Guides Against Deceptive Pricing
FTC Guides Against Bait Advertising
FTC Guide Concerning Use of the Word “Free”
FTC Guides for the Use of Environmental Market Claims (Green Guides)
How to Comply With The Children’s Online Privacy Protection Rule
11 | Online and Mobile Marketing
12. EU - Unfair Commercial Practices Directive
Unfair commercial practices are prohibited
3 categories of unfair commercial practice
31 always unfair
misleading action, omission or aggressive practice
generally unfair – contrary to professional diligence and materially distorts
economic behaviour
Outside scope:
puffery
B to B
legitimate product placement, brand differentiation
taste and decency
contract
Criminal penalties – unlimited fines and 2 months imprisonment in the
UK
12 | Online and Mobile Marketing
13. EU – Comparative and Misleading
Advertising Directive
Rules much tougher than US approach
Particular pre-emptive substantiation requirements
Major recent shift in law EU-wide regarding claims for
products/services where explicit or implied comparison made with a
competitor
Numerous EU cases - gives competitors something to attack you with
13 | Online and Mobile Marketing
14. EU - Comparative Advertising
Take care when:
naming your competitors
making price comparisons
making product comparisons
Potential for trade mark infringement, passing off, copyright
infringement, defamation etc.
The Comparative Advertising Directive
honest practice?
taking unfair advantage?
detrimental?
Risks of fines and imprisonment
14 | Online and Mobile Marketing
15. 1 March 2011 – Important Change –
New Web Sheriff for Websites Targeting the UK
Pre-March 2011 – remit included ads in paid for space
Now – Committee of Advertising Practice Code governs all marketing
communications online
advertising must be legal, honest, decent, truthful etc
Applies to:
company websites
social media marketing communications in non-paid for space e.g. Facebook and
Twitter
Advertising Standard Authority will take action against:
.co.uk websites or if a company is registered in the UK
any website which targets UK consumers which are not subject to regulation by an
international equivalent of the ASA
Being a .com or a US based website will not save you!
15 | Online and Mobile Marketing
16. 1 March 2011 – Important Change – ASA Policing
All Marketing On Websites and Social Media
User Generated Content and Social Media – take care!
will be caught if incorporated within an organisation’s own marketing
communications (e.g. posted on homepage)
message board moderated for harmful and offensive language only – maybe not?
Sanctions
usual ASA sanctions – uphold complaints (like an injunction), pre-vetting
naming and shaming on ASA website
placing of ads highlighting non compliance
search engines agreed to remove ads which link to offending ads
reference to the Office of Fair Trading - fines, injunctions
16 | Online and Mobile Marketing
17. US - Key Advertising Rules of Thumb
An advertiser must be able to support all reasonable interpretations of
an ad—even ones that the advertiser did not intend to communicate.
The advertiser’s intent does not matter. What matters is what people
reasonably heard or understood.
If market research determines that at least 20 percent of the viewers
of an ad saw or heard a certain claim, the advertiser must be able to
substantiate that claim.
17 | Online and Mobile Marketing
18. US Basics – Endorsements and Testimonials
An “endorsement” or “testimonial” purports to present the opinions,
beliefs, findings or experience of someone other than the advertiser.
The product performance or results presented in a testimonial must
be representative of the product performance that a typical customer
would experience. “Results may vary” disclaimer likely no longer to
be sufficient.
Any claim made by the endorser must be supportable by the
advertiser with “reasonable basis” substantiation, as if made by the
advertiser.
Any “material connection” between the advertiser and the endorser
(not reasonably expected by the audience) must be disclosed.
If the endorser is a celebrity, no such disclosure is required because the
public is assumed to know that celebrities are usually paid for their
endorsements.
18 | Online and Mobile Marketing
19. US - Endorsements on social networks and blogs –
FTC Guides apply
October 5, 2009 - FTC Guides on endorsements and testimonials
have been updated to make clear that the requirements apply to
advertising through third parties on social networks and blogs. 16
C.F.R. Part 255
When a blogger mentions a company or product in a blog, the blogger
must disclose receiving any form of payment from the company.
This includes direct payment, “free” products, reimbursed travel
expenses, etc. in exchange for the review.
Statements by a sponsored blogger must be supportable by the
sponsoring company with “reasonable basis” substantiation.
Practice Point: Monitor comments posted on any sponsored blogs, social
networks, etc., and take steps to stop incorrect comments.
19 | Online and Mobile Marketing
20. US - Behavioral Marketing, Targeted Ads
The practice of tracking consumers’ activities online—including searches a
consumer has conducted, web pages visited, and content viewed—to
facilitate advertising targeted to particular consumers.
The FTC is studying the practice closely. It is not happy with the current
regime—lengthy and complex privacy policies, insufficient opt outs, etc. More
regulation is expected by next summer.
The distinction between personally identifiable and non-personally identifiable
information is no longer “a tenable distinction”.*
Possible requirement: A clickable icon that will show what data are being
collected about a consumer, and who will be allowed to use that data, plus
option to opt out from website collecting information for targeted advertising.
However, clickable icon may be impractical in mobile environment.
* David Vladeck, FTC’s new head of consumer protection (as quoted in the New York Times, August 5, 2009).
20 | Online and Mobile Marketing
21. US – Behavioral Marketing – Deep Packet Inspection
What is Deep Packet Inspection?
Advertiser places a cookie or text file placed on an individual’s computer.
The cookie monitors the computer user’s internet movement, products
searched, compared, reviewed, purchased as well as sites visited, credit
card usage, bank account usage, etc. The advertiser then “reads” the
cookie to learn all the collected information which is used to target
advertising to that computer.
21 | Online and Mobile Marketing
22. Deep Packet Inspection
US Statutes potentially violated by Deep Packet Inspection
Electronic Communications Privacy Act, 18 U.S.C. § 2510
Computer Fraud and Abuse Act, 18 U.S.C. § 1030
California’s Invasion of Privacy Act, California Penal Code § 630
California’s Computer Crime Law, California Penal Code § 502
22 | Online and Mobile Marketing
23. Proposed Do-Not-Track Legislation - State
California Senate Bill 761
Introduced February 2011; first of its kind to pass out of committee
“Covered Entity” cannot use “Covered Information” without disclosure of information
collection, use, and storing practices and an opt-out
“Covered Entity” is one doing business in California that collects, uses, or stores online
data containing covered information from a consumer in California, but not government
or person storing information on fewer than 15,000 or collect from fewer than 10,000 in
12 months
“Covered Information” includes online activity or history, geolocation or computer
identity, unique identifiers (e.g., IP address), personal information and sensitive (health,
biometric) information, but excludes business information.
Prohibits selling, sharing or transferring covered information
Penalty for willful violation: civil damages not less than $100 or greater than $1,000 per
individual plus punitive damages, costs and attorneys fees.
Creates potential for state-level “do not track” framework like current data breach
notification framework
23 | Online and Mobile Marketing
24. Proposed Do-Not-Track Legislation - Federal
Rep. Speier (D-CA) proposes creating do-not-track registry similar to do-not-
call list
Sen. Rockefeller (D-WV) proposes creating obligation for companies to honor
users’ opt-out requests on Internet and mobile devices and giving FTC
enforcement powers
After opt-out request, companies could only collect information on customer if absolutely
necessary for site or service to function
Must be anonymized or destroyed after usefulness expires
Still subject to user consent
Reps. Markey (D-MA) and Barton (R-TX) propose amending COPPA to
include:
Expansion of COPPA building on “verifiable parental consent” model
“Digital Marketing Bill of Rights” for teens
Limits on collection of geolocation info about both children and teens
Internet “Eraser Button” similar to EU concept of “right to be forgotten”
24 | Online and Mobile Marketing
25. US - Email Marketing
CAN-SPAM restricts transmission of unsolicited commercial emails (UCEs)
“emails” has been interpreted broadly to include postings within social
media environments
Obligates “sender” compliance
“Sender” includes transmitter and advertiser
Non-deceptive subject line and email body
“ADV:” in subject line
Physical address for contact
Link for “unsubscribe”
Honor “unsubscribes” within 10 days
25 | Online and Mobile Marketing
26. Unsolicited marketing messages to Europeans -
Beware of E-Privacy Regulations
Consent required to send unsolicited electronic marketing message to
individuals
Must be free, specific and informed
Can rely on “soft opt in” but beware:
in the course of the sale or negotiations
similar products/services
simple means of opting out
Telephone
individuals have the right to opt out of unsolicited calls
beware of automated calling systems – always opt in
Relevant enforcer in the UK can issue “on the spot” fines of up to
£500K for serious breaches
26 | Online and Mobile Marketing
27. US - Unsolicited Text Message or Mobile Telephone
Advertisements – Still Unlawful without Consent
Telephone Consumer Protection Act
“ It shall be unlawful for any person within the United States, or any person outside the United States if the
recipient is within the United States—
(A) to make any call (other than a call made for emergency purposes or made with the prior express
consent of the called party) using any automatic telephone dialing system or an artificial or
prerecorded voice—
. . .(iii) to any telephone number assigned to a paging service, cellular telephone service, specialized mobile
radio service, or other radio common carrier service, or any service for which the called party is charged for
the call”
47 U.S.C. § 227(b)(1)(A)(iii) (emphasis added).
2003: FCC states that the TCPA’s prohibition “encompasses both voice calls and text
calls to wireless numbers including, for example, short message service (SMS) calls .
. . .” In re Rules and Regulations Implementing the Telephone Consumer Protection
Act of 1991, Report and Order, 18 FCC Rcd. 14014, 14115 (July 3, 2003)
2009: Ninth Circuit holds that text messages are “calls” under the TCPA. Satterfield
v. Simon & Shuster
27 | Online and Mobile Marketing
28. Mobile Marketing – What Rules Apply?
Is it SPAM because it’s an email?
OR
Is it a text message because it is received on a mobile phone?
(Answer: both! Congress intended that CAN-SPAM would include
messages sent to mobile devices. 15 USC §7712(b). FCC rules on
TCPA encompass text messages and SMS transmissions. 18 FCC
Rcd. 14014,14115)
28 | Online and Mobile Marketing
29. US - Marketing to Children
Updates to the Children’s Online Privacy Protection Act (COPPA)
FTC has held round-table workshops and solicited comments re:
updating COPPA
5/19/11 – FTC Director Bureau Consumer Protection testimony before
Senate Committee on Commerce, Science and Transportation
Says little other than that FTC is reviewing COPPA and that additional
legislation is not required (FTC’s existing authority is broad enough)
Complexity of online environment makes COPPA challenging
29 | Online and Mobile Marketing
30. UK - Marketing to Children
CAP Code 5: The way in which children perceive and react to
marketing communications is influenced by their age, experience and
the context in which the message is delivered. Marketing
communications that are acceptable for young teenagers will not
necessarily be acceptable for younger children. The ASA will take
those factors into account when assessing whether a marketing
communication complies with the Code
Child is someone under 16
Rules relate to:
harm
credulity and unfair pressure
direct exhortation and parental authority
promotions
30 | Online and Mobile Marketing
31. US – State Restrictions on Marketing to Children
Child Registry Statutes
Utah and Michigan statutes (U.C.A. 1953 § 13-39-201 and M.C.L.A. 752.1065)
Established registries for minors
Unlawful to market to registered minors 30 days after registry
Michigan: email marketing
Utah: email, instant messaging or telephone
Covers marketing of any product or service that is illegal for a minor to buy, use, view,
participate in, receive or possess, or which may be harmful to the minor
Emails with links to websites advertising alcohol may violate statutes
31 | Online and Mobile Marketing
32. US – Data Security Requirements
Federal State
Fair and Accurate Credit Massachusetts
Transactions Act (FACTA) Data security plan
Encryption of data in transit
Identity Theft Red Flags and on portable devices
Program Nevada
Written Plan Encryption of data in transit
Still pending for “creditors”
Connecticut
FACTA data destruction Published Social Security
Social Security Number Number Policy
and Consumer Report
information must be Data Security and
shredded, burned or Destruction
rendered unreadable
32
32 | Online and Mobile Marketing
33. US – Data Requiring Protection
Name and Social Security, Taxpayer ID number or driver’s license
number
Name and financial account number
Consumer report information (Information that would be used for
determining eligibility for credit, employment or insurance including
mode of living, creditworthiness, credit standing, credit capacity,
character, general reputation or personal characteristics)
Health/Medical information
33
33 | Online and Mobile Marketing
34. US - Data Security and Destruction
State Statutes:
obligation to protect personal information of state residents against unauthorized
access, destruction or misuse (9 states currently)
obligation to destroy documents or data containing personal information of state
residents (25 states currently)
prohibition against public display or disclosure of Social Security Numbers (27
states currently)
Federal (FACTA):
Consumer report information must be disposed of in a manner that renders it
unreadable
Includes name and Social Security or Taxpayer ID number, financial account
number
May include other information to the extent that it indicates creditworthiness,
mode of living, etc.
34
34 | Online and Mobile Marketing
35. EU - Data Security and Destruction
When building up databases of customer profiles important that you
don’t overlook getting the basics on data handling/storage correct
Particularly important given there is a relatively new Information
Commissioner with increased powers in place in the UK
High fine levels in other EU states (e.g. France)
35 | Online and Mobile Marketing
36. Key Take-Away Messages
Consider the legal landscape – including new 2011 rules and
sanctions for non-compliance
Review websites and online and social media activities and
campaigns
check which territories websites are aimed at
check for compliance with EU Cookie Directive, UCPD, etc.
Consider marketing materials, activity and campaigns
Be able to substantiate any claim – need for due diligence
Consider competitor activity– any opportunity to object?
Consider internal controls and audit external policies/directives
Consult with expert counsel
36 | Online and Mobile Marketing
37. Presented by
Rafi Azim-Khan, Partner
25 Old Broad Street, London, United Kingdom, EC2N 1HQ
+44.20.7847.9519
email: rafi.azimkhan@pillsburylaw.com
Catherine Meyer, Counsel
725 South Figueroa Street, Suit 2800, Los Angeles, CA 90017-5406
+1.213.488.7362
email: catherine.meyer@pillsburylaw.com
John Nicholson, Counsel
2300 N Street, NW Washington, DC 20037-1122
+1.202.663.8269
email: john.nicholson@pillsburylaw.com
37 | Online and Mobile Marketing