Why Privacy Policies Must be Personalized

The best argument for why companies should never simply copy and paste the text of another entities’ privacy policy onto their own website can be found in the recent announcement by the FTC of a settlement reached with Snapchat – relating to misrepresentations contained in the Privacy Policy, among other things. (Snapchat is not alleged to have used someone else’s Privacy Policy as its own; however, its mistakes in its public statements about its products illustrate fully that companies should say what they mean, and mean what they say in their privacy policies!) Continue reading

FTC Issues New Guidance on Online Advertising Disclosures

On March 12, 2013, the Federal Trade Commission (FTC) released the long-awaited, updated version of its .com Disclosure guidance.  See Press Release, “FTC Staff Revises Online Advertising Disclosure Guidelines,” Mar. 12, 2013.  These guidelines were last issued in May 2000, although FTC staff has been working on modifications since May 2011.  FTC, “.com Disclosures: How to Make Effective Disclosures in Digital Advertising” at 1 (Mar. 2013).

The basic premise of the 2000 disclosure guidelines remains true today:  advertising laws apply to every advertisement – without regard to the form in which it is communicated (print, television, telephone, radio or online).  Id. at 2.  Specifically, the following principles govern:
  1. Advertising must be truthful and not misleading;
  2. Advertisers must have evidence to back up their claims (‘substantiation’); and
  3. Advertisements cannot be unfair.

Id. at 4. However, as a result of three public comment periods and a public workshop over the past two years, the 2013 guidelines provide some additional recommendations dealing with advertisements made available through online media.  Id. at 1.  Specifically,

  1. Online disclosures must be “clear and conspicuous.”  The 2000 guidelines recommended that the disclosures appear “nearby.”  The 2013 guidelines, however, suggest placing the disclosure “as close as possible to the claim they qualify.”  Id. at 6.  The new guidelines provide a lengthy discussion of what constitutes “clear and conspicuous,” and even provide visual examples of successful and unsuccessful disclosures in the Appendix.
  2. Disclosures must be effective regardless of the type of device used to access the site.  Id. at 14.  Some browsers may display the text differently than others, and the disclosures must work regardless of the device used.  Id.  Similarly, some smartphones can only show a portion of a screen that is otherwise viewable in its entirety on a desktop PC.  Id. If the disclosure cannot be made effectively on a specific type of device, the advertisement should not be made available on that device, or it should be modified so that the disclosure is not required.  Id. at 6. 
  3. Disclosures must be visible before the consumer makes the decision to purchase the product.  Id. at 14.  If the consumer may also purchase the product at a brick-and-mortar store, the disclosures must be included in the ad itself, and not merely on the ordering screen, which brick-and-mortar shoppers would not necessarily see.  Id. at 15.
  4. Even “space-constrained” advertisements (such as through Twitter) must comply with the disclosure requirements.  Id. at 15.  Again, if “the disclosure needs to be in the ad itself but it does not fit, the ad should be modified so it does not require such a disclosure or, if that is not possible, that space-constrained ad should not be used.  Id. at 16; see also id. Ex. 15 (noting that in some cases “required disclosures can easily be incorporated into a space-constrained ad,” such as “Ad: Shooting movie beach scene.  Had to lose 30 lbs. in 6 wks.  Thanks Fat-away Pills for making it easy.  Typical los: 1 lbs/wk.”).
 Some other points of note:
  • “A disclosure can only qualify or limit a claim to avoid a misleading impression.  It cannot cure a false claim.”  Id. at 5.
  • “Simply making the disclosure available somewhere in the ad, where some consumers might find it, does not meet the clear and conspicuous standard.”  Id. at 6 (emphasis added).
  • Don’t require consumers to scroll to see the disclosure:  “Advertisers should keep in mind that having to scroll increases the risk that a consumer will miss a disclosure.”  Id.; see also id. at 9  (“Scroll bars along the edges of a screen are not a sufficiently effective visual cue” to cause a consumer to look carefully for a disclosure.).
  • Hyperlinks to disclosures are permitted, but the hyperlink itself must capture the consumer’s attention – don’t use “disclaimer” or “more information” or “terms and conditions” to indicate that the consumer should read the disclosure.  Instead use a phrase that will persuade the consumer that they need to read the linked text before making a purchase, e.g., “Service plan required” or “Restocking fee applies to all returns.”  Id. at 12 & Exs. 5, 6.
  • On a related note, do not use hyperlinked disclosures where health or safety is involved – these types of disclosures should be included within the ad itself.  Id. Ex. 4. 
  • Similarly, do not put disclosures in pop-up windows, since users can avoid them completely if their browsers use pop-up blocking software. Id. at 14.
  • If you are using a multimedia advertisement, the disclosure should appear in the same medium as the ad itself – thus, if the advertisement is in audio form, the disclosure should also be.  Written advertisements should include written disclosures.  Visual advertisements (such as appended to an online video) should be displayed for a “sufficient duration” for the consumer to read both the ad and the disclosure.  Id. at 20.
  • Avoid having visual distractions in the background that would prevent the consumer to be able to focus on the disclosure.  Id. at 19.  “On television, moving visuals behind a text message make the text hard to read and may distract consumers’ attention from the message. Using graphics online raises similar concerns: flashing images or animated graphics may reduce the prominence of a disclosure. Graphics on a webpage alone may not undermine the effectiveness of a disclosure. It is important, however, to consider all the elements in the ad, not just the text of the disclosure.”  Id.

The operative goal with these disclosures is that the consumer actually see them so that they are not confused or mislead about the promises contained in an advertisement.  It is not sufficient for the disclosure to be buried somewhere.  Instead, the disclosures have to be prominently and clearly made, in language that is easy enough for the reasonable consumer to understand.  See, e.g., id. at 6, 20-21.

Other Resources:
Lesley Fair, Fed. Trade Comm’n BCP Business Center, “FTC Reboots .com Disclosures: Four Key Points and One Possible Way to Bypass the Issue Altogether,” Mar. 12, 2013 (concluding that “Advertisers spend a lot of time and trouble dealing with disclosures.  Sometimes there may be no way around it.  But in many cases, the need for a disclosure is really a warning sign that the underlying ad claim may contain some element of deception.  Rather than focusing on fonts, hyperlinks, proximity, platforms, and the whole disclosures rigmarole, how about stepping back and reformulating the ad claim to get rid of the need for a disclosure in the first place?”).

Two New Privacy Lawsuits Filed — Part One, Facebook

Within the last few weeks, two major companies have been sued for alleged violations of privacy laws – one filed before the Federal Trade Commission seeking an investigation into Facebook’s privacy settings and the other filed in federal court, styled as a class action against Netflix. (The Netflix suit will be analyzed separately, in Part 2 of this topic.)

Facebook Complaint

On December 17, 2009, privacy advocates filed a complaint with the Federal Trade Commission, requesting that “the FTC open an investigation into Facebook’s revised privacy settings.” In the Matter of Facebook, Inc., Docket Number —- (FTC); see also EPIC’s Press Release, “EPIC Defends Privacy of Facebook Users: Files Complaint with the Federal Trade Commission,” Dec. 17, 2009.

Facebook announced its privacy policy revisions in a December 9 Press Release, “Facebook Asks More Than 350 Million Users Around the World To Personalize Their Privacy; Service Gives Users New Tools to Control Their Information” – which suggested that the changes would actually benefit users, and help them protect their information. In fact, however, these changes potentially undo the restrictive settings that users may have applied to keep their profiles closely guarded and viewable only by “friends.”

A copy of the Complaint, Request for Investigation, Injunction and Other Relief can be found on EPIC’s site, but EPIC is not the only plaintiff. Nine other consumer protection organizations have joined, namely the American Library Association (see also their privacy resources), The Center for Digital Democracy (see also a Dec. 17 blog post that explains CDD’s reasons for joining the complaint), Consumer Federation of America, FoolProof Financial Education, Patient Privacy Rights (see also their Dec. 11 criticism of Facebook’s privacy policy changes and their Feb. 18 analysis of the Complaint Almost Filed Against Facebook), Privacy Activism, Privacy Rights Now Coalition, The Privacy Rights Clearinghouse and the U.S. Bill of Rights Foundation. (If the organization name is not hyperlinked, it’s because I could not find an updated web site for the organization. If you find one, please post it in the Comments section below.)

Other Information about Facebook’s Privacy Policies

* EPIC has also developed an “In Re Facebook” page, on which it summarizes all of the actions it has taken to date relating to privacy issues faced by Facebook participants, provides a background to the debate, and chronicles various articles that have been written about the complaint. (Last updated on Dec. 30, although it appears to be kept current, so keep checking back.)

* The Electronic Frontier Foundation (EFF) has also posted (Dec. 21) an interesting article on its Deep Links Blog entitled, “Who Knows Who Your Facebook Friends Are?”, discussing how Facebook’s changes to its privacy policies have exposed users’ list of friends – thus causing real problems for political activists operating under oppressive regimes. Another EFF article worth reviewing in detail is “Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly” (Dec. 9).

* The New York Times’s Brad Stone blogged about the lawsuit in an article entitled “Privacy Group Files Complaint on Facebook Changes,” (Dec. 17) which has been updated to include Facebook’s response to the Complaint. The response notes that Facebook “discussed” the revisions to its privacy policies with regulators, including the FTC.

FTC Releases its Staff Report on its 2/09 Fraud Forum

On December 29, 2009, the Federal Trade Commission’s Division of Marketing Practices released its “Staff Report on the [FTC]’s Fraud Forum.” See Report. The report analyzes the recommendations and conclusions made during the FTC’s February 2009 meeting on the topic of preventing consumer fraud. See 12/29/09 Press Release.

The report analyzes the types of scam artists, some of the common scams that have been (at least marginally) successful, the types of victims, reasons why these crimes might be unreported or underreported, and upcoming challenges such as payment system frauds or phishing, spoofing and keystroke logging. The report also makes several proposals for improving the FTC’s anti-fraud program.