RSS Print Email

Marketing

California Attorney General Announces Upcoming Best Practices Guidelines for Do-Not-Track Disclosures; Guidelines Will Not Delay New A.B. 370 Do-Not-Track Disclosure Requirements from Taking Effect on January 1, 2014

December 16, 2013 | Posted by Paul Martino & Dominique Shelton | Topic(s): Online Privacy, Legislation, Behavioral Advertising, Marketing, US State Law, Privacy, Mobile Privacy, Regulatory Enforcement , Tracking

On December 10, 2013, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (CA AG) held a meeting in San Francisco for interested stakeholders to discuss best practices in light of the Assembly’s enactment of A.B. 370, California’s new do-not-track disclosure law that goes into effect on January 1, 2014. A.B. 370 amended the California Online Privacy Protection Act (CalOPPA) to require operators of websites, online services and mobile applications to amend their privacy policies as of the new year to either (1) disclose how they respond to do-not-track signals from Internet browsers or other consumer choice mechanisms regarding the collection of behavioral tracking data; or (2) link to an online location containing a description of a consumer choice program the operator follows and explain the effects of that program. The new law also requires these operators to disclose the type and nature of any third-party tracking occurring on their sites, services or apps. The CA AG staff focused the discussion with stakeholders on what should constitute “best practices” regarding do-not-track disclosures, rather than on what would be required for businesses to simply comply with the new disclosure requirements created by passage of A.B. 370. To learn more about what CA AG staff and industry stakeholders discussed at the December 10, 2013 meeting, please see Alston & Bird’s client advisory entitled On Eve of New Law Taking Effect, California Attorney General Announces Upcoming Best Practices Guidelines for Do-Not-Track Disclosures.

Read More

Prior Express Written Consent Now Required for Sending Marketing Messages via Robocall or Text Message; Questions Remain Regarding Pre-Existing Databases and Purely Informational Messages

October 15, 2013 | Posted by Privacy & Data Security Team | Topic(s): Marketing, Mobile Technologies, Privacy, Federal Communications Commission (FCC), Telephone Consumer Protection Act (TCPA)

Companies that have amassed databases of consumers’ landline and mobile numbers for telemarketing purposes are left in a quandary as to whether they must obtain additional consent from consumers to comply with the new Telephone Consumer Protection Act (“TCPA”) rule. As of Wednesday October 16, 2013 companies that use prerecorded calls, autodialers or text messages as a means of marketing to their customers must adhere to new consent standards. The new consent standards require such companies to procure a consumer’s “prior express written consent” before placing telemarketing prerecorded calls to residential or wireless numbers, placing telemarketing calls to mobile number using autodialers, or sending marketing texts to a customer’s wireless phone. While the new rules apply to text messages sent on or after October 16, 2013, it is unclear whether they will apply retroactively to bar sales calls/texts to mobile numbers collected with written or oral consent prior to October 16, 2013 or what will constitute informational messages that will not require consent at all.

Read More

Update: California Governor Brown Signs into Law A.B. 370, "Do Not Track Disclosure Law"

On September 27, 2013, California Governor Brown signed into law A.B. 370, amending the California Online Protection Act (CalOPPA) to require two new privacy policy disclosures for websites and online services regarding behavioral tracking. California Assembly member Al Muratsuchi (D-Torrance), who introduced A.B. 370, released a statement in which he said the amended law “will protect Californians' right to privacy by providing transparency that will allow consumers to know when their online activity is being tracked. The consumer can then make an informed decision about their use of a particular website or service. The support for AB 370 resonated statewide as Californians expressed their concern with entities tracking their information, many times without their knowledge or consent. While we must continue to foster innovation, we must likewise ensure that consumer protection and privacy are key priorities as technology advances. Further, Attorney General Kamal Harris, the sponsor for this Legislation, worked tirelessly alongside me and stakeholders to make this law a reality. I commend Governor Brown for joining us as we work to ensure transparency in online commerce and interaction.” The new law will become effective as of January 1, 2014. For more information on A.B. 370, please see our previous blog posting entitled California Adopts Do-Not-Track Disclosure Law: A.B. 370 Amends the California Online Privacy Protection Act (CalOPPA) to Require New Privacy Policy Disclosures for Websites, Online Services and Mobile Apps about Behavioral Tracking.

For more detailed information on the new law, please refer to our full-length client advisory entitled
California Adopts Do-Not-Track Disclosure Law, Reflecting a Significant New Development in a National Trend to Improve the Transparency of Online and Mobile Privacy Practices.

Written by Claire Lucy Readhead, Associate, Privacy & Data SecurityAlston & Bird LLP

Privacy Co-Chair Paul Martino Quoted on Nationwide Impact of New California Law Establishing Online Privacy Rights for Children Under 18 Years of Age

On September 26, 2013, Paul Martino, co-chair of Alston and Bird’s Privacy and Security practice, was quoted in the Law360 article, “California’s Delete-Button Law Invigorates Teen Privacy Push.” In the article, Martino discussed the likely nationwide impact of a newly enacted California law, entitled “Privacy Rights for California Minors in the Digital Age,” which passed the California legislature as S.B. 568 on August 30 and was signed by Governor Brown on September 23. “What we're seeing from California is a move to nudge the federal law and perhaps influence other states to move in the direction of enabling children to remove posted content at a later date, and to move the age time frame from under 13 to under 18,” said Martino. “Even though this bill only applies to two limited areas, it has the potential to raise the question among lawmakers at the state and federal level about whether the current regime for children under 13 is sufficient.”

Read More

Update: California Governor Brown Signs into Law S.B. 568, "Privacy Rights for California Minors in the Digital World"

Today, California Governor Brown signed into law S.B. 568, establishing a new law entitled “Privacy Rights for California Minors in the Digital World,” which aims to protect the online privacy of children and teenagers who are under 18 years of age and reside in the State of California. California Senate President pro Tempore Darrell Steinberg (D-Sacramento), who introduced S.B. 568, released a statement calling the new law “a groundbreaking protection for our kids who often act impetuously with postings of ill-advised pictures or messages before they think through the consequences. They deserve the right to remove this material that could haunt them for years to come. At the same time, this bill will help keep minors from being bombarded with advertisements for harmful products that are illegal for them to use, like alcohol, tobacco and guns. I thank Governor Brown for recognizing that these common sense protections will help our children as they navigate the on-line world.” The new law will become effective as of January 1, 2015. For more information on S.B. 568, please see our previous blog posting entitled California Establishes Digital Privacy Rights Law for Minors: S.B. 568 Expands Online Privacy Protections Beyond Federal COPPA Rules and Extends Rights to All Children Under 18 Years of Age. For more detailed information on the new law, please refer to our full-length client advisory entitled California Establishes Digital Privacy Rights Laws for Minors.

Written by Paul G. Martino, Partner, Privacy & Data Security | Alston & Bird LLP

California Establishes Digital Privacy Rights Law for Minors: S.B. 568 Expands Online Privacy Protections Beyond Federal COPPA Rules and Extends Rights to All Children Under 18 Years of Age

California Governor Brown is preparing to sign into law an unprecedented children’s online privacy bill (S.B. 568), which adds a new chapter to the State’s Business and Professions Code (BPC) to protect the online privacy of children and teenagers who are under 18 years of age and reside in the State of California. The bill establishes Chapter 22.1, entitled “Privacy Rights for California Minors in the Digital World,” which will commence with Section 22580 in Division 8 of the BPC.

Read More

House Passes Updated CISPA Cybersecurity Legislation With Broader Bipartisan Support After Privacy Amendments Adopted

April 18, 2013 | Posted by Jeff Sural and Paul Martino | Topic(s): US Congress, Legislation, Marketing, Data Security, Cybersecurity, Privacy, House of Representatives

Today the House voted 288-127 to pass the Cyber Intelligence Sharing and Protection Act (CISPA), H.R. 624. The bill passed by a wider margin than last Congress, with 92 Democrats voting in favor of H.R. 624. Several amendments regarding privacy concerns were adopted. Ranking Member Dutch Ruppersberger (D-MD) stated after the vote “CISPA recognizes that you can’t have true security without privacy, and you can’t have privacy without security. This bill effectively works to protect both.”

Read More

FTC Updates Advertising Disclosure Guidelines to Address Online and Mobile Environment

The FTC recently released an update to its 2000 report, “Dot Com Disclosures” offering further guidance on effective disclosures for advertising in digital media.

The FTC instructed advertisers to adopt the perspective of a reasonable consumer, and should assume consumers do not read the entire website or screen, just as they don’t read every word on a printed page. Under the new guidance, the required disclosures need to be clear and conspicuous across all devices and platforms. The following is a highlight of some of the guidance provided in the comprehensive report.

Read More

California AG Issues Mobile App Privacy Guidelines; Internet Marketing & Advertising Industry Responds

January 10, 2013 – California Attorney General Kamala Harris today issued “Privacy on The Go: Recommendations For The Mobile Ecosystem,” the goal of which is to provide mobile app developers and other parties with guidance for considering privacy early in the app development process.

Not surprisingly, the guidance recommends minimizing data collected by apps, developing a privacy policy that is clear, accurate, and conspicuous and “minimizing surprise” by drawing users’ attention to data practices that may be unexpected and enabling them to make meaningful choices.

Read More

Senate Commerce Committee Holds Privacy Hearing

Today the Senate Committee on Commerce, Science, and Transportation held a hearing entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission.” The hearing examined the need for privacy legislation and the recent privacy reports from the White House and the Federal Trade Commission. Testifying on behalf of the federal government were Cameron Kerry, General Counsel at the Department of Commerce, Jon Leibowitz, Chairman of the Federal Trade Commission (FTC), and Maureen Ohlhausen, FTC Commissioner. The witness statements and an archive of the hearing webcast may be found here.

Written by Paul Martino, Partner | Alston & Bird LLP

FTC Releases Final Report: Protecting Consumer Privacy in an Era of Rapid Change

Last week the FTC issued its final report to address privacy issues associated with new and emerging technologies and business models (“Report”). This follows the FTC’s preliminary report issued in December 2010. Since the preliminary report, the FTC received and considered over 450 comments prior to making its final recommendations.

The Report articulates a privacy framework of best practices (“Framework”) for businesses to follow in developing and implementing privacy and security practices relating to the collection and use of consumer data. While not legally binding, the Framework is an indication of how the FTC will use its enforcement and regulatory authority, including its authority to challenge unfair or deceptive practices, under Section 5 of the FTC Act. As such, companies should pay close attention to the Framework in order to mitigate any FTC enforcement actions.

Read More

Supreme Court Strikes Down Vermont Data Privacy Law under the First Amendment

Sorrell v. IMS Health, 564 U.S. __ (June 23, 2011). In a 6-3 decision written by Justice Kennedy, the Supreme Court affirmed the conclusion of the Second Circuit that Vermont's law that restricts the sale, disclosure and use of pharmacy records containing prescriber-identifying information violates the First Amendment. The Vermont statute prohibits pharmacies, health insurers and similar entities from selling prescriber-identifying information, or allowing such information to be used for marketing without the consent of the prescriber. The statute also prohibits pharmaceutical companies and marketers from using such information for marketing without the consent of the prescriber. Focusing on certain findings that the legislature made, the majority concluded that these statutory restrictions constitute burdens on speech that are based on the content of the speech and are aimed at a particular viewpoint. Accordingly, the First Amendment (as incorporated into the Fourteenth Amendment and, thus, applicable to the States) requires that the Vermont statute be evaluated under heightened scrutiny. The Court concluded that the Vermont statute fails this test, but noted that it would also fail under the intermediate standard applied to commercial speech under Central Hudson Gas & Electric Corp. V. Public Service Commission of New York, 447 U.S. 557 (1980), and Thompson v. Western States Medical Center, 535 U.S. 373 (2002), that the statute directly advances a substantial government interest and that it is (narrowly) drawn to achieve that interest. In doing so, the Court compares the Vermont statute, which it views "mak[ing] prescriber-identifying information available to an almost limitless audience" (except for "a narrow class of disfavored speakers") with the HIPAA Privacy Rule, which "allow[s] the information's sale or disclosure in only a few narrow and well-justified circumstances." See Slip Op. at 18. Justice Breyer dissented, joined by Justices Ginsburg and Kagan, contending that the statute should survive under the intermediate commercial speech standard. The dissent noted that never before had the Court found that the First Amendment prohibits the government from restricting the use of information gathered pursuant to a regulatory mandate. It also claimed that the Court's decision threatens significant judicial interference with widely accepted regulatory activity, which the dissent noted often imposes rules that are speaker-based, i.e., are imposed on regulated entities.

Working Party Opinion on Geolocation Technologies and Mobile Devices

The Article 29 Working Party has issued an opinion (WP185) on the data protection standards applicable to geolocation services on mobile devices. The opinion is consistent with the continuing focus of EU policymakers on the application of traditional privacy and security concepts to emerging technologies. The Working Party, an advisory body to the European Commission established pursuant to Directive 95/EC/46, recommends mobile device manufacturers and mobile app providers secure affirmative, opt-in consent before the collection of geolocation data. Consent standards in the EU are strict. The WP states that consent must be clear and specific, and may not be obtained through mandatory acceptance of terms and conditions required to use the device itself. The Working Party further recommends that mobile devices be configured “continuously [to] warn” of the collection of geolocation data, such as through a permanent screen icon.

Mobile app developers, device manufacturers and businesses that provide services over the mobile Web should take heed of these emerging standards as they design products and services for the European market. A copy of WP185 is available at the following link: http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2011/wp185_en.pdf  

Senator Rockefeller Introduces S. 913, the Do-Not-Track Online Act of 2011

Senator Jay Rockefeller (D-W. Va.), Chairman of the Senate Committee on Commerce, Science and Transportation, has introduced the Do-Not-Track Online Act of 2011, a bill that would require the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking an individual's online behavior. The bill would also provide an opt-out mechanism for users of online services, including users of mobile applications.

2010 Post-Election Advisory: Outlook for the 112th Congress

The preeminent privacy issue facing the House Energy and Commerce Committee, Senate Commerce Committee, Federal Trade Commission (“FTC”) and Department of Commerce during the 112th Congress will be defining the proper role of the federal government in setting and regulating consumer privacy standards for all businesses operating in the United States. At the forefront of this issue is whether Congress and Obama Administration departments and agencies can agree upon a general framework and legislative language to regulate the collection, use and disclosure of consumer data by businesses, whether they are operating exclusively online, exclusively offline or in both environments. “Every business that sells to consumers likely collects some data on them that they use to enhance their future product and service offerings in order to grow their revenue and expand their customer base. Over the past two years, Congress has been considering legislation that would establish new rules to regulate this important customer relationship, making consumer privacy legislation in the next Congress one of the key issues with broad applicability to businesses, and one issue to which executives will want to pay close attention,” observed former Senate Majority Leader Bob Dole.

Read More