Dave discusses the legal pitfalls that all brands should be aware of when running a mobile campaign. He will also cover the court precedents that are important to how mobile campaigns should be run to prevent legal action, particularly class action lawsuits. All brand owners should attend to ensure they are protecting their brands in the current wild wild west setting of mobile marketing and legal.
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
MobiU2011 Lecture: STRAT131 Mobile Legal Implications - Sedgwick LLP
1. Presented by the Heartland Mobile Council
Legal Landmines in “Mocial” Marketing
David S. Almeida, Partner, Sedgwick LLP, @almeidage @SedgwickLLP
Event hashtag #MobiU2011
2. #MobiU2011, @almeidage @SedgwickLLP
Primarily, a litigator; defending companies faced with class action lawsuits
over their marketing and data security policies and practices
Also, counsel clients on best practices for direct, mobile and other forms
of marketing, as well as on use of social media, mobile commerce, privacy
and data security
Focus & Representative Clients
3. #MobiU2011, @almeidage @SedgwickLLP
Mobile (text, sites, apps, commerce)
o Laws, Lawsuits, Ways to Defend, Ways to Avoid
Social
o FTC Guidelines, Investigations
o Social & Mobile Commerce
Privacy, including Geolocation & Information Sharing
Best Practices for Minimizing Risk
Overview/Agenda
4. #MobiU2011, @almeidage @SedgwickLLP
Lawyers Are Not All Bad
Focus on lawyer as business partner
Legal should not be seen as an obstacle
Can add value to “Mocial” marketing
campaigns that go beyond risk avoidance
and mitigation to customer
satisfaction/retention
Knowledge of applicable laws & regs will
help build campaigns that focus on
consumers’ desires & expectations, and
keep you out of trouble
5. #MobiU2011, @almeidage @SedgwickLLP
Choice and Privacy exist in partnership
Obtain opt-in and opt-out preference and desired frequency for your
customers and respect those choices
The consumer has chosen you based on your representations (policies) and
told you how they want to interact with you
Compliance entails meeting both the legal and responsibility requirements
6. #MobiU2011, @almeidage @SedgwickLLP
— Michael Becker, Managing Director for North America, Mobile
Marketing Association
1. Protect consumers’ privacy
2. Give consumers choice in terms of timing and method of
engagement
3. Provide CLEAR AND CONSPICUOUS NOTICE to consumers of
what they can expect when they engage in marketing
program, including information re: opt-out
“Protect the consumer, and you protect the opportunity”
7. #MobiU2011, @almeidage @SedgwickLLP
Many, many, many laws & regulations potentially apply
Laws either explicitly or implicitly regulate particular channels of
marketing, including:
1. The FTC Act (Section 5)
2. State Unfair and Deceptive Practices Acts
3. CAN-SPAM
4. TCPA and FCC regulations
5. Do-Not-Call Rules
Generally speaking, US’ laws are channel specific (TCPA, CAN-SPAM,
etc…), whereas many other countries’ laws are broader and cover many
channels (i.e., regulate privacy generally as opposed to channels
specifically)
Increasing focus on marketing practices by FTC, FCC, Congress &
Plaintiffs’ lawyers
If you don’t voluntarily and proactively comply, either government
(FTC) or plaintiffs’ lawyers will come calling
8. #MobiU2011, @almeidage @SedgwickLLP
Telephone Consumer Protection Act (TCPA)
Originally passed in 1991
Broadly applicable to direct marketing via calls, faxes and texts
Recipients May File a Lawsuit on Behalf of a Class of Similarly Situated
Persons (a Class Action Lawsuit) Seeking:
o Actual monetary damages incurred or
o $500/per violation or $1,500 for each “willful” violation.
o No cap on amount of “damages” recoverable (unlike many other consumer
protection statutes)
o For certain judges, plaintiffs’ burden on proving willfulness is very easily met.
9. #MobiU2011, @almeidage @SedgwickLLP
Recent explosion in amount of
marketing dollars spent on mobile
marketing campaigns, including:
Text messaging (SMS, MMS)
Mobile Websites
Applications
Location Based
QR Codes
Mobile Marketing: The TCPA’s Next Frontier
10. #MobiU2011, @almeidage @SedgwickLLP
Mobile: Different LEGALLY from other forms of marketing
1. Requires affirmative consent (opt-in); most
other forms of DM do not (CAN-SPAM, for
ex, opt-out)
2. Lack of sufficient space for adequate
disclosures (hashtags – good enough ?)
3. Absence of uniform national regulations or
laws (courts apply TCPA (passed in ’91) to
mobile)
4. Cost – consumers complain that unlike
other forms of DM, SMS actually costs
them $ (in addition to privacy
concerns)
11. #MobiU2011, @almeidage @SedgwickLLP
Facts
o Plaintiff received a single text
message advertising publication of
Stephen King’s “The Cell”
o Plaintiff alleges that she granted
permission to Nextones.com and
affiliate brands, but not to Simon
& Schuster, the brand & the
defendant (and, most imptly, the
perceived deep pocket)
Issue
o Whether a text message is a “call”
under the TCPA?
o Whether text was sent with
plaintiff’s “prior express consent”?
Satterfield
Mobile Information
Access Co.
Nextones.com
Ipish!
Simon & Schuster
Satterfield v. Simon & Schuster, Inc., 569 F.3d 946 (9th Cir. 2009)
12. #MobiU2011, @almeidage @SedgwickLLP
9th Circuit reversed MTD and held that a text is a “call” under TCPA
o TCPA does not define "call" (passed in 1991)
o FCC considers both voice and text to fall under the “to make any call” language of TCPA
o Legislative History: TCPA enacted to curb transmission of unsolicited telemarketing calls
Plaintiff did not give “prior express consent” to Simon & Schuster to text
her
o Calls exempt under 47 USC § 227(b)(1)(B) with consent
o Simon & Schuster was not an affiliate of Nextones.com; affiliates construed narrowly
o Consent too attenuated / need to be direct consent
Case ultimately settled: creation of a $10M settlement fund with
plaintiff’s attorneys receiving $2.7M
Satterfield v. Simon & Schuster, Inc.,(cont’d)
13. #MobiU2011, @almeidage @SedgwickLLP
Abbas v. Selling Source, LLC, 2009 WL 4884471 (N.D. Ill. 2009) &
Lozano v. Twentieth Century Fox Film Corp., Case No. Civ. 09-cv-
6344 (N.D. Ill)
Recipient of text need not be charged
o Language of 47 U.S.C. § 227 is ambiguous as to whether a charge is required
o TCPA amended to provide that FCC “may, by rule or order, exempt . . . [calls] a cellular
telephone service that are not charged”
o Implication from amendment is that charge is not required; there are also privacy
concerns
Equipment sending text need not be an ATDS
o Text sent from an institutional sender without personalization
o Sufficient to allege sender had “capacity” for random or sequential generation; to
withstand dispositive motion and get to discovery
First Amendment and void for vagueness are likely not viable
defenses
20th Century Fox case settled for $16M
14. #MobiU2011, @almeidage @SedgwickLLP
Plaintiff filed suit on behalf of a putative class of similarly situated
persons alleging that he received 10 unsolicited text messages in
violation of the TCPA
Defendants argued the “prior express consent” requirement of the
TCPA did not apply to text message cases (because language was
passed in 1991 – well before text messages)
Court said no; defendants disregarded “ample evidence” that the
TCPA applied with equal measure to “both voice calls and text calls to
wireless numbers.”
Takeaway - “Defendants are obligated to examine FCC guidance and
court decisions that address express consent for automated
marketing under the TCPA.”
Makes clear that mobile marketing requires express consent, not just
implied
Kramer v. Autobytel, Inc.
15. #MobiU2011, @almeidage @SedgwickLLP
Question of consent is narrowly construed – thus, when contacting
customers via mobile, a marketer must independently determine that
the permission-basis for the contact encompasses the specific
communication that the marketer intends to transmit
HUGE mistake to rely exclusively on a vendor’s opt-in list
o Must build consent list with single or double opt ins
o Timely honor opt-outs, “STOP”
Very impt to build indemnification language into all contracts with
vendors and affiliate marketers; however, those provisions only as
valuable as the financial viability of those entities
Keep records – if possible – to substantiate consent (tricky with
verbal consent)
Consent Issues
16. #MobiU2011, @almeidage @SedgwickLLP
Typically filed in state court
Standard for removal to federal court varies by jurisdiction
All circuits permit removal to federal court based on Class Action
Fairness Act of 2005 (“CAFA”) & diversity jurisdiction:
o CAFA
o Class of plaintiffs 100 or greater
o Minimal diversity (1 plaintiff diverse from 1 defendant)
o Amount in controversy exceeds $5 million
o Diversity Jurisdiction – 28 U.S.C. §1332
o Amount in controversy exceeds $75,000 for single plaintiff
o Complete diversity between plaintiff and all defendants
Cases are tough to defend, but winnable on existing business
relationship exemption under FCC regulations, offer of judgment or
defeating class certification (superiority, predominance etc…)
.
Defending TCPA claims
17. #MobiU2011, @almeidage @SedgwickLLP
Number of texts x $ amount per transmission 10,000 x $500-$1,500
Total settlement fund amount $5,000,000
Incentive award for class representative $5,000-$10,000
Attorney’s fee (generally 1/3 of settlement amount) $1,650,00
Notice costs <$500
TOTAL COSTS INCURRED BY DEFENDANT $1,658,000 (avg)
BEFORE OPENING UP CLAIMS PERIOD
In theory, the remaining funds $3,342,000 should be paid to class members, but. . .
Economics of a TCPA Class Action.
18. #MobiU2011, @almeidage @SedgwickLLP
Claims-Made Settlement
o Pay claimants only if submit valid claim form (typically, 5-7% opt-in rate)
o Defendant retains funds thus keeps any unclaimed monies
o So, in above scenario, $3.3M Fund, 5% opt-in rate (500 claimants), pay out $167,100
to class members, left with a $3.175M residual
o Significant carrot offered by Plaintiff’s lawyer to encourage early settlement and lots
of attorney’s fees
Settlement Fund
o Administered by third party claims administrator (an extra $25-50k)
o Residual not returned to Defendant
o Cy Pres: "as near as possible,” courts basically give the remainder away
o In the above scenario, defendant basically forced to settle because of risk of losing
nearly $3.2 M
Structure of Class Settlement: BIG Difference
19. #MobiU2011, @almeidage @SedgwickLLP
Huge aspect of TCPA cases; insurance companies and courts split on duty
to defend and to indemnify TCPA class actions
Plaintiffs’ lawyers “creatively plead” around insurance exclusion by
alleging more than a TCPA violation
o Thereby, Plaintiff ensures insurance company involvement – a deep pocket to pay for
settlement or judgment
Often, 2 for the price of 1: Declaratory judgment actions by insurers
Impt takeaway – carefully review all potentially applicable insurance
policies, declarations and exclusions (and those of your marketing
partners)
Additional resource:
http://sedgwickmail.com/ve/ZZ2661j6782R71877292T/VT=0/page=1
Insurance Aspect of TCPA Cases
20. #MobiU2011, @almeidage @SedgwickLLP
Evolving Media Landscape
Business is Moving to Social Marketing, Quickly (this is not news)
o 20% of marketing dollars to social media by 2015*
o 60% of Fortune 500 now have Twitter accounts, up from 35% in 2009 **
Social Communications – New Dynamics
o Real-time engagement
o Two-way communications
o Multiple sources of information & influence
Risks & Opportunities
o PR nightmares
o Protect brand equity
o Scaling social media efforts
o Transparency & accountability
o Increased regulatory requirements
o Social media policies & governance
*eMarketer 09/2009 **Center for Marketing Research University of Massachusetts Dartmouth 2010
21. #MobiU2011, @almeidage @SedgwickLLP
Regulatory Environment
"As a practical matter, social media is now a regulated industry; and all
stakeholders are responsible for compliance with the FTC Guides. As a
result, all marketers, agencies, and brands must develop a 'culture of
compliance' where the vocabulary of risk management is a central aspect
of an advertising strategy.”
– Tony DiResta
General Counsel of WOMMA
"If law enforcement becomes necessary, our focus will be advertisers, not
endorsers – just as it’s always been.”
– FTC Factsheet on Update to Endorsement Guides
22. #MobiU2011, @almeidage @SedgwickLLP
The FTC has been extremely active in policing companies’ data security and
collection practices to ensure compliance with their posted policies.
Chitika
Costs of settlements go far beyond fines and CMPs; rather, extensive corrective
action plans are typically part of any FTC or OCR settlement (not to mention
class action litigation costs)
Additional resource:
http://digital-media-law.com/2011/07/08/recent-ftc-settlements-provide-
guidance-on-data-security-failure-to-secure-pi-can-be-an-unfair-or-deceptive-
practice/
Extremely Activist Regulatory Environment
23. #MobiU2011, @almeidage @SedgwickLLP
FTC Requirements
Disclose & Inform
o Disclosures must be clear & conspicuous
o Advertisers and agencies are liable
o Create a process that ensures a culture of compliance
between advertisers, employees, agencies and
influencers
Document & Monitor
o Must know what your influencers are saying
o Process & procedures must be documented
Follow Up & Takedown
o Expectation is not that you will catch everything but
you must be responsive and proactive in addressing
required compliance
All material connections must be disclosed with documented process
25. #MobiU2011, @almeidage @SedgwickLLP
Risks of Non-Compliance
Regulatory Action
o Significant legal costs
o Penalties and settlement terms
o Potential for erosion of brand trust
Court of Public Opinion
o Consumers, Bloggers,
o Social media backlash
o Blacklisting
PR Nightmares
o Scandals
o Reports & investigations
o Bad press & negative opinions
26. #MobiU2011, @almeidage @SedgwickLLP
The Challenges of Compliance
Short, Simple, Clear & Conspicuous
o Space limitations - 140 Characters or less
o Universal & recognizable
Maintain control across multiple influencer channels
o Active monitoring for compliance
o Ability to follow-up and take down
o Ensure proper use of disclosures – enforce policies
Scale Challenges
o Monitor for omitted disclosures / compliance at influencer level
o Understand the context of specific messages/posts/tweets
o Document follow up actions
o Archive audit trail data of all program activities
Management Challenges
o Communicate policies and document participant acceptance
o Multiple programs, brands, agencies, stakeholders, platforms
27. #MobiU2011, @almeidage @SedgwickLLP
How Are People Addressing This?
Ignorance is not bliss
Your agency *might* handle it
Listening vs. understanding
Ad-hoc compliance solutions / Hashtags
Site-wide disclosures
Background & Profile Disclosures
Contests & Promotions
Affiliate marketing programs
29. #MobiU2011, @almeidage @SedgwickLLP
FTC Preliminary Privacy Report Issued in December, 2010
“All companies involved in
information collection and
sharing on mobile devices –
carriers, operating system
vendors, applications and
advertisers – should
provide meaningful
choice mechanisms for
consumers.”
30. #MobiU2011, @almeidage @SedgwickLLP
Mobile Data, Commerce Lawsuits
Mocial – wealth of information – where you are, who your friends are,
what you like
Concerns over what info is collected? From whom? When? How?
o Is it personal identifiable info?
o Is it personal info?
o Recent changes to privacy
o policy at Groupon – a good
o idea
31. #MobiU2011, @almeidage @SedgwickLLP
4 broad categories of legal claims
Geo-targeting
o Location, Location, Location
o Coupling Location w/ Context, w/ Behavior
o Brown v. Google & Gupta v. Apple
App-based
o In re iPhone Application Litigation
Online tracking (through phone’s web browser and resultant behavorial
advertising)
o Google, Microsoft, and many others
Mobile, Social Commerce
o Gift buying, daily deal sites (expiration date cases)
32. #MobiU2011, @almeidage @SedgwickLLP
Geo-location legislation
Many, many geo-location privacy bills introduced recently
Federal Lawmakers Introduce Geolocation Bills: Main Themes
are Consent & Transparency
http://digital-media-law.com/2011/07/08/federal-lawmakers-
introduce-geolocation-bills-main-themes-are-consent-
transparency/
33. #MobiU2011, @almeidage @SedgwickLLP
Seven Self-Regulatory Principles
1. Education
2. Transparency
3. Consumer Control
4. Data Security
5. Material Changes
6. Sensitive Data
7. Accountability
34. #MobiU2011, @almeidage @SedgwickLLP
Some say industry self-regulation futile …
Frustration w/ slow pace of privacy self-regulation leads to lawsuits
Thus, defenses to Mobile Data Collection Cases …
o Lack of a Legally Cognizable Injury (no standing to sue)
o Consent
o End User License Agreement
o Privacy Policies
o Statute-specific defenses
o Video Privacy Protection Act
o Stored Communications Act
o Electronic Communications Privacy Act
35. #MobiU2011, @almeidage @SedgwickLLP
Data Breach Litigation & Costs
*January 2011 Ponemon Institute Study
The Heartland Payment Systems breach disclosed in January 2009 has
affected over 250,000 merchants and 500+ financial institutions.
Fourteen lawsuits have been filed against Heartland. $65 Million Visa
Settlement Rejected by attorneys.
TJX reached a $40.9 Million settlement agreement with banks that
processed credit card transactions. This represented only a fraction of
the $256 million+ cost of the breach.
Of the 78% of Fortune 1,000 U.S. entities that have reported a data
breach*:
80% of breaches = total insurable amount < $1,000,000
15% of breaches = total insurable amount $1,000,000 - $20,000,000
5% of breaches = total insurable amount > $20,000,000
*January 2011 Ponemon Institute Study
36. #MobiU2011, @almeidage @SedgwickLLP
Cost Timeline of a Breach
Recognize breach
Determine extent of breach, number of records
lost, type of information lost
Review federal and state statutes - actions
necessary in breach response
Notification, forensics, credit monitoring, credit
restoration
Potential regulatory fines and penalties incurred
Vendor fines and penalties incurred
Third party litigation, settlements (credit
monitoring, damages, etc…), legal fees, pr issues
37. #MobiU2011, @almeidage @SedgwickLLP
Source: Ponemon Institute, Five Countries: Cost of Data Breach , Apr 2010
0
50
100
150
200
250
US Germany France Australia UK Average
214
177
119
114
98
142.4
Cost of Data Breach
38. #MobiU2011, @almeidage @SedgwickLLP
KEY Takeaways
Carefully review Terms of Use and Privacy Policies for accuracy
and compliance
Inform consumers what data collected & how use
Plain English – consumers must know what they are signing up
for
Do what you say you will do – honor representations in stated
policies
Indemnity Provisions – any time dealing with 3rd parties – if
buying a list, if managing opt-outs, if hosting an application
Periodically audit websites for hidden tags, cookies – need to
know what you are doing, what data you are collected and why
42. #MobiU2011, @almeidage @SedgwickLLP
Sedgwick provides its clients with informed corporate and transactional
advice, effective litigation strategies, and long-term litigation avoidance
counsel. With more than 350 attorneys in offices throughout North
America, Bermuda* and Europe, Sedgwick’s collective experience spans
the globe and virtually every industry. For more information about
Sedgwick, its attorneys, and its services, visit the firm’s website at
www.sdma.com.
About Sedgwick
*Associated office.
43. #MobiU2011, @almeidage @SedgwickLLP
This presentation is for general informational purposes only and is not
legal advice. The evaluation of legal issues always depends on specific
facts and circumstances. This presentation should not be used as a
substitute for competent legal advice from a licensed attorney.
Your use of this presentation does not create an attorney-client
relationship. Please do not send us any confidential information by
email or otherwise as your communication will not be privileged and
may be subject to compelled disclosed to other persons.
Disclaimer
Notas do Editor
Ponemon Institute conducts independent research on privacy, data protection and information security policy.
Ponemon Institute conducts independent research on consumer trust, privacy, data protection and emerging data security technologies