The U.S. Congress appears determined to investigate online advertising. Early this month, the House Energy and Commerce Committee issued a letter to more than 30 companies, and what began as an inquiry into how Internet service providers use network data to target advertising, has morphed into a fishing expedition into all kinds of interactive advertising. Most notably, and despite urging by the FTC to allow self-regulation to take hold, the Committee does not differentiate between personally identifiable information and non-identifying, anonymous data used for traffic metrics, ad insertion and other common advertising purposes. Lumping different kinds of information together could needlessly undermine marketing as it has been practiced for decades. The “tailoring” of advertising, in the Committee’s words, based on consumers’ behavior and media consumption patterns, has been at the heart of marketing for as long as marketing has been around.
More disturbing are presumptions that “privacy” rights are being violated by any and all forms of behavioral or targeted marketing. Advocacy groups opposed to commercial communication seek to promote an implicit, yet fundamental redefinition of personal privacy—i.e., anything that derives from peoples’ activities, no matter how distanced or anonymous. Taken to logical conclusion, any academic, commercial or journalistic observation of consumer activity could fall under regulatory restrictions under such a framework. Not surprisingly, the FTC—with its long history of regulation of advertising practices—has argued before Congress that self-regulation is likely to be an effective means of protecting consumers’ real privacy interests. According to testimony by FTC Consumer Protection Bureau Director Lydia Parnes before the Senate Committee on Commerce, Science, and Transportation this July, the FTC is “cautiously optimistic that the privacy concerns raised by behavioral advertising can be addressed by industry self-regulation.” Nevertheless, in the letter released this month and in three previous inquiries over the past few months, both the House and the Senate seem to be searching for a rationale to regulate. Stay tuned.
Ad-blocking programs are getting attention these days, spawned by the proliferation of plug-ins, configurational ad-ons, and announced features in upcoming browser releases. These enable the blocking of ads (or content that “looks” like advertising) by browsers, automating the removal or blocking of some or all content from being viewed on web pages. There has always been a balance (and some would add “tension”) between a consumer’s right to privacy and the marketer’s desire to know more and reach the right customer. The direct intersection of these issues resulting from the rise of consumer and commercial use of the Internet and its complexity, have spawned a degree of heat over these issues, never before seen in history.
From the earliest days of ad-supported radio and television broadcasting there has been a balance between the delivery of cost-effective programming and content and the right of the viewer (today, the end-user) to determine what, when and in what form ads are displayed. Advertising plays a major role in subsidizing delivery of programming. Indeed, while technology may give the individual the ability to skip advertising, there are no legal prohibitions on newspapers, television or radio serving ads along with content. There is also little question that without advertising, the price of content would rise significantly or its availability would diminish, or both.
Continue reading “Ad Blocking is in Vogue – Privacy is to Blame (Again)”
As the Olympics came to a close, I was reminded of Thomas Hicks in the 1904 Olympic marathon in Missouri who, when starting to fail around the 19th mile, had his coach hand him a prepared cocktail—cognac, egg whites and 1/60th grain sulfate of strychnine—yes, the rat poison! A second dose with only a few miles to go apparently kept him going (another would likely have killed him), but alas, he crossed the finish line second. But the person who came in first was disqualified and Hicks was ultimately awarded the Gold Medal—notwithstanding his almost comatose state. Who was the disqualified athlete and for what? Send your answer to me.
Last month we asked you about two individuals who had the courage to print the Declaration of Independence—a hanging offense at the time. The fastest right answer—coming in two emails before anyone else fired off a single one—comes from John Falco, a long-standing Legal Bytes reader. He correctly told us that after Congress adopted the Declaration of Independence, Jefferson’s handwritten copy was sent a few blocks away to John Dunlap’s print shop at 48 Market Street. Then, in January 1777, the Continental Congress ordered signed copies to be more widely distributed and hired Mary Katherine Goddard to do the job. In addition to being the first American woman postmaster, she operated the Maryland Journal, a Baltimore newspaper, and owned a print shop where the copies were made.
In June, H&R Block settled charges brought by the New York Attorney General arising from two sweepstakes programs involving instant-win scratch-off cards. The cards were available at retail when purchasing tax-return preparation services, or online via free registration. The advertisements online, in print, and on radio and television mentioned “no purchase necessary,” but the mentions were fleeting or not conspicuous, according to the NY AG. Further, in-store advertising did not include these words, nor were Official Rules posted in the retail stores. The NY AG noted that under these circumstances, customers who found about the promotions in retail stores had no way to know they could enter online at no charge. The NY AG alleged the lack of disclosure in stores about free entry, coupled with unclear or minor disclosures in the other ads, was false and deceptive. To settle, H&R Block agreed not only to clearly post the Official Rules at participating retail offices, but also to pay $245,000 in penalties and costs. The settlement also requires H&R Block to train employees to direct consumers to information about no purchase means of entry and clearly disclose that alternate means of entry are available whenever advertising mentions entry is available by purchasing an H&R Block service.
There are complex state laws that cover how promotions, chance, skill or combinations, are to be advertised and operated. When marketing globally, rules are more complicated with language, currency, prize notification and disclosure regulations, as well as age and consent requirements on national, provincial or trading-block scale. What is a “skill” or when is “no purchase” required? When does the chance of winning have equal “dignity” when entering without a purchase? These are often subject to varying interpretation—online and offline. Compliance (registration and bonding in some jurisdictions) can seem an endless legal quagmire. Fortunately, Rimon’s Advertising Technology & Media lawyers around the world can help.
The Children’s Advertising Review Unit recently held that screening for age to avoid collecting personal information from children under 13 was not enough. In Bandai America (the website is Bandai’s Wireless.com site), CARU found that although Bandai’s website had a screening mechanism that asked for a date of birth, there was no tracking once a child put in a birth date. Thus, anyone under 13 could come back and enter a different (inaccurate) date of birth to get by the screen. CARU’s COPPA compliance guidelines require that not only must interactive sites have an age screening mechanism, but there also must be some reasonably effective means of tracking so children can’t get around the screening process. Forewarned is forearmed.
Have you received one of those “data security breach” letters? Quick, call the credit bureau and bank. Change the checking, credit card and license numbers. Most financial institutions have absorbed the cost of reissuing payment cards or providing new checks, even when these financial institutions had nothing to do with the security breach. When B.J.’s Wholesale Club disclosed that a theft of credit card information had occurred, two financial institutions sued to recover the costs that resulted from that breach. The institutions claimed B.J.’s breached its legal obligation to maintain the security of the financial institution and should be liable for the damages. Those claims were initially rejected, but have now been revived by the U.S. Court of Appeals for the Third Circuit, which has issued a decision holding these financial institutions were intended third-party beneficiaries of the contract among the retailer, its merchant bank, and the payment card industry, to keep customer data safe. If the retailer breached data protection rules imposed by the payment card industry and the financial institutions were third-party beneficiaries of that agreement, then any damage and loss could be recovered based on contract law claims. Stay tuned.
Although the California Appellate Court, Second Appellate District, has designated the actual opinion as NOT FOR PUBLICATION (this means you must consult the rules of the court before you cite this case), this past May, two former members of the famed rock band The Doors were held to have engaged in false advertising under California law by advertising a concert band using that name. Although a jury found the band members not guilty of trademark infringement or unfair competition, the appeals court agreed with the trial court that “false advertising” claims are not the same, and upheld a permanent injunction against the individuals using the name “The Doors,” or any name containing that name. The court’s ruling also precludes the use of the name, voice or likeness of deceased band member Jim Morrison, in promoting concert ticket sales, citing prohibitions under the California statute regarding rights of publicity. Rimon knows publicity and privacy, in California—and throughout the United States and the world. Always know before you show. Call us, we can help.
Cyber-Ark Software, a U.S.-based information security company, surveyed information technology professionals at the Infosecurity Europe Expo 2008 in London this past April. They asked 300 senior IT folks attending the Expo about abuses relating to information access, and guess what they found? First, about one-third of all IT professionals surveyed abused their own company’s information access rights policies to view information unrelated to their job (e.g., spying on employees or looking at confidential information). The survey report noted that passwords of IT and systems oversight staff often aren’t required to be changed as often as user passwords—or sometimes not at all. In most cases, IT administrators have free reign to use or abuse access privileges—which apparently happens too often.
The notion of “internal firewalls” is highlighted by this report. While companies often take great pains to protect themselves from external threats, as history has shown us in the physical world, the biggest dangers are from “inside jobs.” Without protections that apply internally, snooping, economic espionage, sabotage, spying and data security risks will remain a looming threat to the information assets of a business enterprise.