Transcript Online Privacy Thurs 330p FNL11

ONLINE PRIVACY
AN OXYMORON?
THE RISKS OF ONLINE
BEHAVIORAL
ADVERTISING
Introductions
MODERATOR:
• Michael W. Born, Esq., Senior Vice President - Underwriting Manager, ThinkRisk
Underwriting Agency, LLC
PANELISTS:
• Jim Adler, Chief Privacy Officer & General Manager, Data Systems
• Laura D. Berger, Esq., Senior Attorney, Federal Trade Commission, Division of
Privacy and Identity Protection
• Joe DePaul, Senior Vice President, A.J. Gallagher Risk Management Services
• Dominique R. Shelton, Esq., Partner, Wildman Harrold Allen & Dixon, LLP
• Adam Sills, Vice President, E&O, Allied World Assurance Company
Agenda
• Technology of Online Behavioral Advertising
• Legality of Gathering Online Behavioral Information
• Risks Associated with the Tracking of Users Internet
Activity
• Risk Management Solutions for Advertisers
• Predictions
• Questions
ARS Polling Question
• How familiar are you with how Online Behavioral
Advertising works?
1. I am very familiar with OBA and how it works.
2. I know what OBA is but I don’t know how they do it.
3. I have heard of OBA but don’t know exactly what it is
or how it works.
4. I thought OBA stood for On Base Average.
What Is OBA and How Do They Do It?
Online Behavioral Advertising
• Advertisers use of information collected on an
individual's web-browsing behavior, such as the
pages they have visited or the searches they have
made, to select which advertisements to display to
that individual.
How Do They Track Such Information?
• Cookies, Flash Cookies, Zombie Cookies,
Ever Cookies
• What is the new technology that is causing concern?
• Is the average consumer aware of this? Do they care?
What Are They Looking For
and How Do They Use It
• Typical information gathered by new online tracking devices:
– Computer’s IP address
– Browsing history including search terms used, items viewed
and websites visited
– User name or user ID?
– What about personally identifiable information?
• What do they do with that information?
– Aggregate and use to determine geographical and
demographical trends
– Direct targeted advertising to the user or at least his/her IP
address
– Sell to other companies that wish to do the same
What is at Stake
• US online ad spending was projected to reach $25.8 billion
in 2010 (actual was $26 billion), to pass $30 billion in
2012 and $40 billion in 2014.
ARS Polling Question
• Now that you know a little more about how Online
Behavioral Advertising works, how concerned are you
about being tracked online?
1. I am very disturbed and would like for all online tracking to
be illegal.
2. I am somewhat concerned and would like the option to
opt-out of being tracked.
3. I am okay with being tracked so long as my personal
identifying information is not disclosed.
4. You have zero privacy anyway, get over it.
Legal Implications of the Collection and
use of Internet User’s Information
•
December 1, 2010, FTC released its preliminary staff report, “Protecting Consumer
Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policy
Makers.”
– Issues with current privacy models
– Suggested new framework
– (1) Privacy by Design;
– (2) Simplification of consumer choice; and
– (3) Greater transparency
•
December 16, 2010, the Department of Commerce Internet Policy Task Force released
a privacy green paper, “Commercial Data Privacy and Innovation in the Internet
Economy: A Dynamic Policy Framework.”
•
March 16, 2011, Assistant Secretary of Commerce Lawrence E.
Strickland called for national consumer data privacy legislation and FTC
to enforce.
Regulatory and Legislative Efforts
•
FTC Do Not Track Proposal:
– Persistent Cookie that “blocks” tracking
– Enforcement Provision
•
Compare EU e-Privacy Directive (2002/58/EC) update effective
May 26, 2011:
– Prior consent to collect consumer info via cookies or other tech
– Implementation details still being developed
– See www.allaboutcookies.org
•
The Commercial Privacy Bill of Rights Act of 2011 - Kerry-McCain
Bill Opt-out (Except especially sensitive information, then Opt-in)
– No Private Cause of Action
•
The Do Not Track Online Act of 2011 – Rockefeller Bill
― Basically follows FTC Do Not Track framework
FTC Privacy and Data Security Cases
FTC v. Chitika – March 2011
• FTC Puts an End to Tactics of Online Advertising Company
That Deceived Consumers Who Wanted to "Opt Out" from
Targeted Ads
• Chitika Inc.’s Opt-Out Expired After Only 10 Days
• The settlement bars Chitika from making misleading statements
about data collection
• Requires that every targeted ad include a hyperlink to an
opt-out page
• Requires Chitika to destroy all prior user information collected
Enter the Class Action Bar –
Privacy Litigation
•
Green v. Cable One, Inc. (N.D. Ala, filed February 3, 2010); Re-filed as Reeves v. Cable One, Inc.
(March 2011)
–
•
Complaints allege that Cable One permitted NebuAd (now defunct) to install “ISP-based spyware” on users’
computers to track their “communications” and online conduct
Mortensen v. Bresnan Communications (D. Montana 2/16/10)
– TOS and PP language matters!
•
Valdez v. Quantcast, MTV, NBC Universal et al (C.D. Cal. July 23, 2010)
–
•
Class action against ABC, MTV
Networks, NBC Universal and
Quantcast for use of flash cookies on
plaintiffs’ websites
White v. Clearspring Technologies,
(C.D. Cal. August 10, 2010)
–
NBC and Warner Bros Records sued due
to widgets
Even More Litigation
• Ringleader Digital mobile-web advertising company sued in CDCA
over its use of HTML5 to track iPhone and iPad users
– 6/20/11 Confidential Settlement (not on a class basis)
• Interclick class action lawsuit over “history sniffing” re-spawning
flash cookies and hidden code to monitor online users.
– CFAA dismissed b/c no quantification of $ damages
– No $ damage required under NY Bus 349 due to misleading practices
– Trespass still requires harm to value but sufficiently plead
– Dismissed contract claims for failure to allege denied benefit of contracted
– Advertiser Defendants Dismissed for failure to state any wrongful acts
Most Recently
Freeman v. Apple Lalo v. Apple Acosta v. Apple and Diaz v. Apple
The suits stem from a WSJ investigation that revealed several iOS and
Android applications were transmitting age, gender, location and device
identifier (UDID) information to third-party advertising companies.
• Sept 1, 2011 Microsoft Suit (Federal Court Seattle) re Windows Phone 7
Smartphones tracking when camera is on
• Arkansas State Computer Trespass Cases
(December 30, 2010- January 10, 2011)
– 17 consumer class actions
Are There Any Damages?
• Quantcast and Clearspring Flash Cookie Class
Action Settlement:
$2.4 million
Self-Regulation
•
Effort to develop common practices for OBA activities across the Internet
is being led by a coalition of the nation’s largest media and marketing
trade associations:
•
•
•
•
•
•
Association of National Advertisers (ANA)
American Association of Advertising Agencies (AAAA)
American Advertising Federation (AAF)
Direct Marketing Association (DMA)
Interactive Advertising Bureau (IAB)
The self-regulatory program for online behavioral advertising includes
several important components:
• Advertising Option Icon
• Consumer Choice Mechanism
• Accountability and Enforcement
• Educational Campaign
• To learn more, visit www.aboutads.info.
ARS Polling Question
• How Should Online Privacy Issues be Regulated?
1. Through governmental agencies, such as the FTC
2. By means of consumer protection statutes that
support private litigation
3. Self-regulation by online companies with regulatory
oversight
4. All of the above
5. Online privacy should not be regulated
Risk Management
• Privacy Policies and Terms of Use or Terms of Service
• Compliance’ doesn’t mean risk-free
– Clearly marked ‘opt-out’
– Web 2.0
• If its ok in U.S., doesn’t mean its ok in EU
• What are the goals of the marketing?
• Do your customers understand what you are doing
with the information?
Insurance Solutions
How Does Insurance Apply to These Risks?
• General liability advertising injury coverage
• Professional liability for advertisers
• Media or content liability policies
• Privacy and Network Security
Policies
Predictions and Key Take-Aways
• What will be the important online privacy statutes
and regulations implemented in 2011 and beyond?
• How will the courts apply these new rules and
regulations?
• Will OBA cease to exist or become more
commonplace and accepted?
• Will insurance products evolve to provide or
exclude coverage for online privacy violations?
ARS Polling Question
• How Did You Like This Panel?
1. I loved it!
2. It was the best presentation I have ever attended!
3. I laughed, I cried, I wish it weren’t over!
4. I thought Tony Blair was supposed to be on this panel!
Questions
&
Answers
Many thanks to …
• Jim Adler
• Laura Berger
• Michael Born
• Joe DePaul
• Dominique Shelton
• Adam Sills