Data – the Lifeblood of the Affiliate Marketing industry

Hot Topics in Privacy and Date Security Law1
Affiliate Summit East – 2014
DATA – THE LIFEBLOOD OF THE
AFFILIATE INDUSTRY
August 11, 2014
Gary Kibel
Partner, Digital Media, Technology & Privacy
Davis & Gilbert LLP
gkibel@dglaw.com
212.468.4918
@GaryKibel_law
© 2014 Davis & Gilbert LLP

TOPICS
»Big Data
- What is PII?
»Reports on data brokers
»Federal Trade Commission initiatives
»Other state / federal / international initiatives
»Data in Behavioral Advertising
»Data in Social Media
Data – The Lifeblood of the Affiliate Industry2

DEFINITIONS – WIKIPEDIA
»Big data is a blanket term for any collection of data
sets so large and complex that it becomes difficult
to process using on-hand database management
tools or traditional data processing applications
»An information broker (independent information
professional, information consultant) collects and
sells information. Uses include targeted ads, market
research, consumer scoring, patent searches, and
election campaigns. The industry has been
criticized for being unregulated and opaque

WHAT IS PERSONAL INFORMATION?
»U.S. definition – ?
- COPPA
- HIPAA – “protected health information”
- GLB – “nonpublic personal information”
- State security breach notification laws
»E.U. definition – Any information relating to an identified or
identifiable natural person (data subject); an identifiable
person is one who can be identified, directly or indirectly, in
particular by reference to an identification number or to one
or more factors specific to his physical, physiological,
mental, economic, cultural or social identity
(E.U. Data Protection Directive 95/46/EC)

»In re: Hulu Privacy Litigation, Case No: 11-03764
(N.D. Cal. 2012)
- Video Privacy Protection Act
• “Personally identifiable information” includes
information which identifies a person as having
requested or obtained specific video materials or
services from a video tape service provider
- Data transmitted by clicking the Facebook ‘LIKE’
button could be deemed to be “Personally Identifiable
Information,” which means such information identifies
a person as having requested or obtained specific
video materials from a Video Tape Service Provider
EXPANDING SCOPE OF
PERSONAL INFORMATION

REPORTS, REPORTS
AND
MORE REPORTS …

FTC (MARCH 2012)
9
»Protecting Consumer Privacy in an Era of
Rapid Change: Recommendations For
Businesses and Policymakers
- “[t]he Commission recommends that Congress
consider enacting targeted legislation to provide
greater transparency for, and control over, the
practices of information brokers.”
Data – The Lifeblood of the Affiliate Industry

»Rep. Ed Markey (D-Mass.) and Rep. Joe Barton
(R-TX) sent letters July 2012 to nine data companies
asking detailed questions about their practices
“The business of data brokerage, namely the collecting,
assembling, maintaining, and selling to third-parties of
consumers’ personal information, has grown into a
multiple billion dollar industry. By combining data from
numerous offline and online sources, data brokers have
developed hidden dossiers on almost every U.S.
consumer. This large scale aggregation of the personal
information of hundreds of millions of American citizens
raises a number of serious privacy concerns.”

»Rep. Ed Markey (D-Mass.) and Rep. Joe Barton
(R-TX) sent letters July 2012 to nine data companies
asking detailed questions about their practices
11 Data – The Lifeblood of the Affiliate Industry
- Methods of collection
- Use of social media
- Use of mobile services
- Products and services
(both online and offline)
- FCRA compliance
- Consumer data access
- Consumer data opt-out
- Consumer data updates
- Consumer data deletion

CHAIRWOMAN RAMIREZ
(AUGUST 2013)
12
»Chairwoman Ramirez listed perceived risks of “big data:”
- Indiscriminate collection of data
- Need to ensure meaningful consumer choice
- Data breach (risk of improper disclosure of sensitive
information)
- Behind-the-scenes profiling
- “Data determinism” (use of data to “make
determinations about individuals, not based on
concrete facts, but on inferences or correlations”)

CHAIRWOMAN RAMIREZ
(AUGUST 2013)
»“To me, the FTC is like the lifeguard on a beach.
Like a vigilant lifeguard, the FTC’s job is not to
spoil anyone’s fun but to make sure that no one
gets hurt. With big data, the FTC’s job is to get out
of the way of innovation while making sure that
consumer privacy is respected”

FTC STATEMENT TO CONGRESS
(DECEMBER 2013)
14
»FTC Prepared Statement – “What information do
data brokers have on consumers, and how do
they use it”
- Lack of transparency
- No reasonable access to data
- FCRA

FTC COMMISSIONER BRILL
»‘Reclaim your name’ initiative
»Don’t focus solely on data usage
- Robust and meaningful notice
- Choice
- Collection minimization

»New breach notification law
»Consumer Bill of Rights
»Amend ECPA
»Discriminatory outcomes of big data analytics – ‘digital
redlining’
»“The big data revolution presents incredible
opportunities in virtually every sector of the economy
and every corner of society”

FTC – DATA BROKERS:
A CALL FOR TRANSPARENCY AND
ACCOUNTABILITY (MAY 2014)
»Data Brokers = Companies that collect consumers’
personal information and resell or share that information
with others
»They operate with a “fundamental lack of transparency”
»Consumers are “largely unaware that data brokers are
collecting and using this information”
»It is “virtually impossible” for a consumer to determine how
a data broker obtained his or her data
»Consumer choices are “invisible” and “incomplete”
»Call for legislation
»Access; opt-outs; disclosures of sources

CalOPPA - CALIFORNIA AB 370
(SEPTEMBER 2013)
»Amendment to California Online Privacy
Protection Act (CalOPPA)
»Three new privacy policy disclosure requirements
(Seven total)
»Disclose how a publisher responds to a “DNT”
signal or similar mechanism if that publisher
engages in online behavioral advertising
»Cure period
»Effective January 1, 2014

CA ATTORNEY GENERAL –
“MAKING YOUR PRIVACY PRACTICES
PUBLIC” (MAY 2014)
»AG – the practice of online tracking is “invisible” to
consumers because consumers whose browsers
send a DNT signal cannot easily determine how a
site or service responds to the signal

CA ATTORNEY GENERAL –
“MAKING YOUR PRIVACY PRACTICES
PUBLIC” (MAY 2014)
»Operators should:
- Clearly identifying the sections of the privacy policy
in which their policy regarding online tracking or
how it responds to consumers’ DNT signals is
described
- Describe the response to browser DNT signals or
to such other mechanisms in the privacy policy
- Privacy policy link to a program or protocol that
offers consumers a choice about online tracking
- Disclosing the presence of other parties that collect
personally identifiable information on the website or
service, if any are present

CALIFORNIA SB 568
»Right of erasure for CA minors for online services
»Notify minors of these rights and provide clear
instructions
»Doesn’t extend to third party usage
»Effective January 1, 2015

FEDERAL TRADE
COMMISSION INITIATIVES
AND
ENFORCEMENT ACTS

Section text

FEDERAL TRADE COMMISSION ACT §5
»“Unfair methods of competition in or affecting
commerce, and unfair or deceptive acts or practices in
or affecting commerce, are hereby declared unlawful”
- Deception = Misrepresentations or omissions likely to
mislead consumers acting reasonably under the
circumstances
- Unfairness = causes or is likely to cause substantial
consumer injury, not reasonably avoided by the
consumer, and not outweighed by countervailing
benefits to consumers or competition

PRIVACY POLICIES
»FTC Fair Information Practice Principles
http://www.ftc.gov/reports/privacy3/fairinfo.Shtm
- Notice
- Choice
- Access
- Security
- Enforcement
»It’s all about transparency and consumer
expectations

FTC PROPOSED PRIVACY
“FRAMEWORK” DECEMBER 2010
»“Privacy by design”
»Simplified consumer choice
- Commonly accepted practices
- Do not track
»Increased transparency
- Disclosures
- PII v. Non-PII
»Data brokers

FTC V. SNAPCHAT
(MAY 2014)
»FTC asserted Snapchat deceived consumers
over:
I. Disappearing messages
II. Amount of data collected
III. Type of data collected
IV. Security measures
»Commissioner Ramirez: “Any company that
makes misrepresentations to consumers about its
privacy and security practices risks FTC action”
»20 year consent order

FTC V. GMR TRANSCRIPTION
SERVICES (JANUARY 2014)
»50th data security consent order
»Independent medical transcription contractors
»Independent contractors transmitted medical files
in clear readable text
»“The lawsuit also alleges that GMR didn’t monitor
what [its subcontractor] was doing to protect the
highly sensitive information in its possession.
Taken together, the FTC says that GMR’s course
of conduct violated Section 5”
»Vendor liability

SEN. JAY ROCKEFELLER (D-WV)
»Do Not Track Online Act of 2013
»Orders FTC to implement regulations that
“establish standards for the implementation of a
mechanism” for consumers to simply and easily
indicate a preference to have PIE collected by
service providers
»Exceptions for collection that are necessary to
provide a service requested by a user
»Not yet enacted

SEN. JAY ROCKEFELLER (D-WV)
»Data Broker Accountability and Transparency Act
of 2014 (DATA Act)
»Introduced February 2014
»Prohibits deception
»Requires data access to correct or opt-out
»Not yet enacted

CALIFORNIA SB 1348 (FEBRUARY 2014)
»Introduced February 21, 2014
»Requires online data brokers to notify consumers
when the broker transfers their personal information
to a third party and to provide a description of the
content of the information and the identity of the
purchaser
»Still in committee

Hot Topics in: Advertising, Social Media and Consumer Privacy Law36
ACXIOM – ABOUT THE DATA

CONSUMER CHOICE –
THE E.U. MODEL
»Mario Costar Gonzalez
»“The right to be forgotten”
»Google – E.U. Court of Justice
»Search engines are “data
controllers” (even non-E.U.)
»Right already exists without
the proposed data protection
regulations
»Newspaper can keep it up

WHAT DOES CONSUMER CONTROL
LOOK LIKE?
»Notice and choice
»Transparency
»Access
»Modification / correction
»Deletion / opt-out
»Uses
* Don’t forget contractually required disclosures in a
privacy policy

Hot Topics in: Advertising, Social Media and Consumer Privacy Law42 Hot Topics In Consumer Privacy42

BEHAVIORAL ADVERTISING
»Federal Trade Commission – December 20, 2007
Online Behavioral Advertising – Moving the Discussion
Forward to Possible Self-Regulatory Principles
- Transparency and consumer control
- Reasonable security, and limited data retention,
for consumer data
- Affirmative express consent for material changes
to existing privacy promises
- Affirmative express consent to (or prohibition
against) using sensitive data for behavioral
advertising

BEHAVIORAL ADVERTISING
AAAA/ANA/DMA/IAB – July 2009
»7 principles: Education; Transparency; Consumer
Control; Data Security; Material Changes;
Sensitive Data; Accountability

DIGITAL ADVERTISING ALLIANCE (DAA)
WWW.ABOUTADS.INFO
»Self-Regulatory Principles for Online Behavioral
Advertising
»License Icon
»Implementation
- Evidon
- Truste

WORLD WIDE WEB CONSORTIUM
(W3C) DO NOT TRACK
»DNT refers to interactive companies honoring a
user’s browser preference settings to stop online
tracking through the use of cookies and other
technologies by all sites through that user’s browser
(rather than opting out of tracking site by site)
»W3C is working with browser vendors and industry
groups for the “complete implementation of an easy-
to-use, persistent, and effective Do Not Track
system”
»Participants in the W3C include representatives of
Apple, AT&T, eBay, Google, Microsoft, Yahoo!
among others

WORLD WIDE WEB CONSORTIUM
(W3C) DO NOT TRACK
»Many open issues remain regarding
implementation, exceptions and response to
receiving a DNT signal
»1st Parties vs. 3rd Parties
»1st Party must not pass data to a non-service
provider 3rd Party
»Financial logging permitted
»Affiliate/attribution tracking ?

THE BROWSERS
Microsoft IE
announced that
Internet Explorer 10
will have DNT turned
“on” by default
Mozilla Firefox
includes DNT option
Apple Safari
Blocks third
party cookies
Google Chrome
Functionality
built in

WHAT’S NEXT AFTER THE COOKIE?
»Cookies
»Device fingerprinting
»Canvas fingerprinting
»Other persistent identifiers (UNDID)
»Location-based services
»Cross-device tracking
»Pixel tags / web beacons
»De-identified data segments
»Need new technological solutions vs. standard
“notice and choice” constructData – The Lifeblood of the Affiliate Industry50

MOBILE MARKETING

FTC STAFF REPORT –
MOBILE PRIVACY DISCLOSURES
(FEBRUARY 2013)
»Provide “just in time” disclosures to obtain
affirmative express consent
»Develop one-stop “dashboards”
»Develop icons to depict transmission of data
»Require App developers to meet these standards
»Platforms should disclose to consumers the extent
of the testing and review
»Implement Do Not Track
»Better coordination between platforms –
advertising networks – App developers

Hot Topics in: Advertising, Social Media and Consumer Privacy Law53 Hot Topics in Social Media and Mobile Marketing Law53 Social Media and Privacy53

CHILDRENS ONLINE PRIVACY PROTECTION
ACT – 13 U.S.C.§1301 et seq.
»All website operators who intend to reach children
under the age of 13 or have actual knowledge
(regardless of the age group targeted by their
website) that children under the age of 13 visit
their website must
- Post a privacy policy
- Obtain “verifiable parental consent”
- Advise parent/legal guardian that they can
review the child’s personal information
- Establish and maintain reasonable security
procedures

EXPANDING SCOPE OF
PERSONAL INFORMATION
»FTC Consent orders – “Persistent identifiers”
»COPPA Amendments 2013 – Definition of personal
information expanded to include any “persistent
identifier that can be used to recognize a user over
time and across different websites or online services”
- Carve out for “support for internal operations”
Certain internal activities would not be considered
a collection of PI, as long as the information
collected is not used or disclosed to contact a
specific individual(e.g., site maintenance and
analysis)

ENDORSEMENTS/TESTIMONIALS
»Endorsement/Testimonial = Any advertising message
which message consumers are likely to believe reflects
the opinions, beliefs, findings, or experience of a party
other than the sponsoring advertiser”
»Must be honest and not deceptive
»Disclosure of material connections:
“When there exists a connection between the endorser
and the seller of the advertised product which might
materially affect the weight or credibility of the
endorsement (i.e., the connection is not reasonably
expected by the audience), such connection must be
fully disclosed”

FTC’S REVISED ENDORSEMENT GUIDES
»A blogger/word-of-mouth marketer has a duty to
disclose any “material connections” with an advertiser
(e.g., payments or free products that the consumer
would not expect)
»Celebrities have a duty to disclose their relationships
with advertisers when making endorsements outside
the context of traditional ads, such as on talk shows,
blogs or in social media
»Employees who promote their employer’s products or
services in social media should clearly and
conspicuously disclose their employment relationship

FTC VS. COLE HAAN
(MARCH 2014)
»#Wanderingsole
»Contest - $1,000
»FTC – “We believe that participants' pins featuring
Cole Haan products were endorsements of the
Cole Haan products, and the fact that the pins
were incentivized by the opportunity to win a
$1000 shopping spree would not reasonably be
expected by consumers who saw the pins”

DISCLOSURES AND RIGHT OF PUBLICITY

Hot Topics in: Advertising, Social Media and Consumer Privacy Law62

DON’T BE CREEPY!

64 From Arenas to Zooey: Recent Attempts to Expand Right
of Publicity Claims
64 The Basics of Advertising & Marketing Law64
QUESTIONS?
Gary Kibel
Partner, Digital Media, Technology & Privacy
Davis & Gilbert LLP
gkibel@dglaw.com
212.468.4918
@GaryKibel_law

Data – the Lifeblood of the Affiliate Marketing industry

Recomendados

Recomendados

Mais conteúdo relacionado

Mais procurados

Mais procurados (18)

Destaque

Destaque (7)

Semelhante a Data – the Lifeblood of the Affiliate Marketing industry

Semelhante a Data – the Lifeblood of the Affiliate Marketing industry (20)

Mais de Affiliate Summit

Mais de Affiliate Summit (20)

Último

Último (20)

Data – the Lifeblood of the Affiliate Marketing industry