The FTC’s Complaint Against Snapchat
On December 31, 2014, the Federal Trade Commission (FTC) announced its approval of a final order settling charges against Snapchat for deceptive trade practices in the form of:
1) Snapchat’s misrepresentations to consumers that images or videos shared through Snapchat would actually disappear within the timing set by the consumer (and in no event more than 10 seconds after shared);
2) False promises that if a recipient were to take a screenshot of the image, the sender would be notified; and
3) Misrepresentations about the nature and scope of the data actually collected from a user’s phone the Snapchat’s Find Friends tool.
See also “FTC Approves Final Order Settling Charges that Snapchat Deceived Users,” Bloomberg BNA, Social Media Law & Policy Report (Jan. 5, 2015); see also In re Snapchat, Inc., FTC No. 132-3078, Final Order (Dec. 23, 2014).
In addition to these claims about Snapchat’s misrepresentations about its data collection and use, the FTC also alleged that Snapchat failed to secure its Find Friends feature, which failure resulted in a security breach in December 2013 relating to a database of 4.6 million Snapchat usernames and phone numbers. FTC Press Release, “Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False; Snapchat Also Transmitted Users’ Location and Collected Their Address Books Without Notice or Consent” (May 8, 2014).
Settlement with the FTC
On December 23, 2014, following the public comment period, the FTC formalized its complaint and gave final approval to the settlement, which requires Snapchat to:
- Implement a comprehensive privacy program that will be monitored by an independent privacy professional (a third-party whom Snapchat has to pay) for the next 20 years;
- Hire this independent privacy professional to conduct a follow up review every two years and provide a compliance report to the FTC;
- Conduct this two-year review until December 23, 2034;
- The extent to which a message is deleted after being viewed by the recipient;
- The extent to which Snapchat or its products/services are capable of detecting or notifying the sender when a recipient has captured a screen shot or saved a message;
- The categories of personal information that Snapchat actually collects; and
- The steps taken to protect against misuse or unauthorized disclosure of covered information.
Maintain records for at least five (5) years of the following types of documents:
- Every communication to consumers about the extent to which Snapchat “maintains and protects the privacy, security and confidentiality of any covered information”;
- All consumer complaints directed at Snapchat, or forwarded to Snapchat by a third party, that relate to the conduct prohibited by this order and any responses to such complaints;
- Any documents that contradict, qualify, or call into question Snapchat’s compliance with this order; and
- All materials relied upon to prepare the required Assessment, “including but not limited to all plans, reports, studies, reviews, audits, audit trails, policies, training materials, and assessments, for the compliance period covered by such Assessment.”
Id. Lest anyone mistakenly believe that these consequences are not serious because there is no monetary penalty assessed, note that Snapchat risks civil penalties of $16,000 per violation per day if it fails to abide these terms. See Letters to Commentators, at 1 (Dec. 23, 2014) (as provided by Section 5(1) of the FTC Act, 45 U.S.C. § 45(1), as adjusted by 16 C.F.R. § 1.98(c)).
Also note that the preparation of each of the items identified above will “cost” Snapchat money in terms of employee, consultant and/or contractor time, and in taking these resources away from working on money-making endeavors, whether they receive salaries or some other compensation.
Similar Settlement with Maryland Attorney General
In the midst of this dispute with the FTC, in June 2014, Snapchat settled a similar complaint with the Maryland Attorney General.
In its Complaint, the Maryland AG accused Snapchat of collecting data from its users’ electronic address books without their knowledge or consent and “knowingly collect[ing] e-mail addresses and photographs from users younger than 13.” “Snapchat to Pay $100,000 in Settlement with Maryland Over Privacy of User Snaps,” Bloomberg BNA Social Media Law & Policy Report (June 12, 2014); Jeff Clabaugh, “Snapchat pays Maryland $100K in settlement,” Washington Business Journal (June 12, 2014).
The settlement agreement with the Maryland Attorney General requires Snapchat to:
- Create and publicize mechanisms for users to report accounts that may be used by children;
- Provide notice and affirmative consent before Snapchat could collect any address book data – and this notice must appear separately from the user’s agreement to the general terms of service; and
- Provide Maryland with annual reports for the next 10 years, documenting its compliance with the settlement.
Id.; see also Maryland Attorney General’s Office Press Release, “Attorney General Gansler Secures Settlement from Snapchat, Inc.; Mobile app developer can no longer deceive consumers by claiming its photo and video messages “disappear forever”; Snapchat also alleged to have collected personal information from children under age 13 without parental consent, in violation of federal law” (June 12, 2014); cf. Snapchat, Our Agreement with the Maryland Attorney General (June 12, 2014). This settlement also requires a mandatory payment to Maryland of $100,000. Maryland Attorney General’s Office Press Release.
CONCLUSION: Privacy Policies Must be Customized
Christopher Olsen, assistant director of the Division of Privacy and Identity Theft Protection in the FTC’s Bureau of Consumer Protection, actually stated it best:
The agency [the FTC] certainly supports and encourages the development of privacy protective products, but if there is one message we want to make sure is clear today, it is that, if you make promises about privacy, you must honor those promises; otherwise you risk FTC enforcement action.
“Snapchat Settles FTC Accusations of Failure to Purge ‘Snaps’ by Senders,” Bloomberg BNA Social Media Law & Policy Report (May 8, 2014).