Self-Regulatory Online Behavioral Advertising Principle No. 3: Consumer Control

Last month we promised to provide you with a bit more detail regarding each of the self-regulatory principles that form the basis of the Self-Regulatory Online Behavioral Advertising Principles, announced by the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus. The principles are intended to provide a framework for industry participants to adopt, implement and adhere to standards of conduct applicable to their online behavioral advertising practices. Seven basic principles are contained in the report, and Legal Bytes is briefly summarizing each one, although we urge you to read the full report.

We previously reported on the Education and Transparency principles; those links in the outline below will take you to the summaries, or you can read the overview posted when we reported on the initial release of the Self-Regulatory Online Behavioral Advertising Principles.

For reference, here are the seven enumerated principles:

Today, Keri S. Bruce highlights the Consumer Control principle that relates to the practice recommended by the report of providing consumers with additional control over whether data is collected about them and whether it is shared with others. The principle applies to third parties that collect or use behavioral advertising data and the websites from which the data is collected. The principle also applies to “service providers” (i.e., parties that provide Internet access services, toolbars, Internet browsers or comparable services, and who are engaged in online behavioral advertising). Through notices that are described under the Transparency principle, with respect to third parties and websites, consumers should be able to control the use and collection of their personally identifiable information by opting-out of having data collected or shared with non-affiliate websites. With respect to service providers, because they potentially can, by the nature of the services they provide, gain access to all or substantially all online behavioral data of a particular user when that user is online with or through the service provider, the Consumer Control principle requires industry participants to follow practices that require consumers to opt-in to data collection for online behavioral advertising purposes by the service provider. Further, even after consent is given, service providers must provide a means for the consumer to withdraw her or his consent.

Thanks to Keri S. Bruce for her analysis. For further information, you can also call me or the Rimon attorney you regularly work with. Stay tuned for summaries of the remaining principles.

Self-Regulatory Online Behavioral Advertising Principle No. 2: Transparency

Last month, Legal Bytes reported to you that the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, released its Self-Regulatory Online Behavioral Advertising Principles. As reported, the major participants in the online advertising industry have proposed to apply these principles to their practices related to online behavioral advertising: “the collection of data from a particular computer or device regarding Web viewing behaviors over time and across non-Affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors.”

We promised to provide you with a bit more detail regarding each of these principles. We previously reported on Education, and today we summarize Transparency. As we go through each one, we’ll use the outline below to enable you to link to all the prior principles covered in Legal Bytes, while highlighting the one covered today. The seven enumerated principles are:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

The Transparency principle seeks clear and accessible consumer disclosures regarding the type of data collected and how the data will be used to conduct behavioral advertising. Because behavioral advertising is often conducted by third-party advertising networks that lease space on a website, the principle applies to both third-party entities collecting and/or using the data, and the websites from which such data is being collected. Under this principle, these parties would provide “enhanced notice” on the page where data is collected through links embedded in or around advertisements, or on the web page itself. Customers will have the ability to read these notices and use the information to enable themselves to take control over the use of their personal information, choosing whether they would like to permit their information to be used for online behavioral advertising purposes.

Thanks to Amy S. Mushahwar for her analysis. Stay tuned for summaries of each of the remaining principles.

Credit Card Act of 2009: Act I, Scene 1

A few months ago, Legal Bytes noted the progress of the Credit Card Act of 2009 (the “Act”), and when it was signed into law, we updated that blog post with a note about the inclusion, for the first time in federal law, of coverage of gift cards.

Today, some of the credit card protections the Act affords consumers go into effect. First, credit card bills must be mailed to the consumer at least 21 days before payment is due. Second, significant changes to the rates or fees that apply to credit cards can’t be implemented unless consumers are given at least 45 days’ notice. In both cases, this represents an elongation of the prior regulations (14 days and 15 days, respectively). 

Provisions of the Act also in effect now prohibit credit card issuers from raising their fees and interest rates without any notice if a credit card account holder fails to make a payment on time or goes over their credit limit. In most cases, such a charge would have required approval from the issuing institution anyway.

Most of the other significant provisions of the Act come into effect next February (e.g., restrictions on increases in interest rates for existing credit card balances), and by July 2010, the Federal Reserve Board is to have crafted and approved new rules covering consumer disclosures (i.e., advertising, application forms, etc.).

If you need to know more about compliance and credit cards—offline or online—contact me (Joseph I. Rosenbaum) or the Rimon attorney with whom you regularly work. We are happy to help.

Court Orders Google to Turn Over Blogger Identity Information

Earlier this week, New York State Supreme Court Judge Joan Madden ordered Google to turn over account information about an anonymous blogger to model Liskula Cohen in order to enable her to pursue a claim of defamation. The blogger had used Google’s blogging service to create a blog entitled “Skanks in NYC,” and had posted pictures and references to the model that were anything but flattering, and which, she claimed, lost potential opportunities for her. When Ms. Cohen originally sought to find out who had posted the content, predictably Google resisted, maintaining that its privacy policy does not permit the disclosure of the blogger’s account information.

To put this in perspective, the protection of free speech—especially anonymous speech—is a concept in American jurisprudence and history that traces its roots to Thomas Payne’s pamphlet, Common Sense. First published in 1776, it anonymously challenged the authority of Great Britain in the New World and is widely regarded as the first work to openly ask for independence for the Colonies from Britain.

Since then, state courts have varied on just how wide those rights go and for what purposes protection is appropriate. Although I am hardly a First Amendment lawyer or a Constitutional scholar, the legal issue still seems simple. If the speaker—anonymous or not—is expressing ideas or an opinion or belief, he or she is more likely to enjoy protection. While there are limitations on freedom of expression (e.g., yelling “fire” in a crowded theater), political expression has typically enjoyed greater protection than “commercial” speech—one being fundamental to a society’s encouragement of the free flow of ideas, the other designed to promote a product, service or brand in a free market economy. On the other side of the spectrum and generally not protected, would be public expressions that are clearly and solely intended to hurt someone, where actual harm can be shown from intentional or malicious public expression or, as was determined by the New York court here, where an illegal act was or was likely to have been committed—in this case, defamation.

While it is difficult to pinpoint a single factor that will always favor protection, anonymity is a strong legal shield U.S. jurisprudence holds dear to protect individuals from the potential swords of those in power, or from anyone who might seek to stifle dissent or ideas that might be unpopular. For example, in 2005, a blogger who ranted against a politician, accusing him of “obvious mental deterioration,” was ultimately protected by the Delaware Supreme Court expressing concern over the potential “chilling effect” on anonymous speech. The blogger in this case was referring to a politician, and the court ruled that in order to justify revealing the identity of an anonymous blogger, the plaintiff must provide evidence sufficient to all the elements of the claim if the case were to go to trial. Because the court concluded no reasonable person would believe the blogger’s statements to be factual, no action for defamation could be sustained, and the court dismissed the case. You can read the Delaware Supreme Court’s decision in full right here, but clearly for bloggers, this represented a significant landmark and affirmation of the substantial protection afforded anonymous posting.

In a subsequent 2008 case, a Maryland Court of Appeals decision (Independent Newspapers, Inc. v. Zebulon J. Brodie) similarly concluded that anonymous posts should be protected, and set out an approach first detailed in a New Jersey case (Dendrite Int’l, Inc. v. John Doe No. 3) describing the steps judges should take in deciding whether to compel disclosure of anonymous online speakers in cases that come along in the future.

Unlike the previous cases, and potentially distinguishing this case, is the fact that the blogger here targeted Ms. Cohen intentionally, exclusively, and individually; and while the defendant argued the postings were just “trash talk” and only opinion, Judge Madden noted that if Ms. Cohen could prove the blogger’s statements were factually inaccurate, it would refute the argument that the posts were merely opinion and would support a legal claim of defamation.

As we have previously noted in Legal Bytes in articles describing the FTC’s efforts to regulate the blogosphere, and in presentations we have made, it is clear that online speech is coming under increased scrutiny, and that regulators and courts appear to nibbling away at the virtually complete immunity anonymous bloggers once seemed to enjoy, seeking to define the contours of what is or is not permissible conduct on the web. Does anyone remember the term “netiquette”?

For more information, or for assistance with issues like these or any social media, online, digital content, gaming or matters that meet at the crossroads of advertising, technology & media, look up Joseph I. Rosenbaum, send me an email, or contact the Rimon attorney with whom you regularly work. We are happy to help.

Rights of Publicity – Wake Up and Smell the Coffee!

Did you ever have the experience of someone walking up to you and telling you that you look just like someone . . ? Most of us at one point or another have had that experience. Well, Russell Christoff was in a store in 2002, when someone came up to him and said he thought he looked just like an image he had seen on a jar of coffee. Perhaps he laughed at that moment, but about a month later, when Mr. Christoff actually saw the jar of Taster’s Choice instant coffee on a shelf – with his recognizable image on the label – he bought the jar of coffee, stopped laughing, and called his agent.

It seems Mr. Christoff, a former model, had posed for a photo shoot for Nestlé (owner of the Taster’s Choice brand) back in 1986 and was paid $250, with the understanding that if the company used his likeness in marketing, he would receive $2,000 in compensation. Thus begins the tale and trail of a legal battle that continues to this day. Mr. Christoff filed suit in 2003 alleging violation by Nestlé of his right of publicity. (California Civil Code § 3344 bars, among other things, unauthorized use of a person’s image for commercial purposes.) The statute allows for damages, punitive damages, the award of attorneys’ fees AND (unlike many other state statutes protecting rights of publicity), profits attributable to the unauthorized use.

As the action unfolded, Mr. Christoff discovered Nestlé’s had begun using his image in 1986. Not only had he never been paid the $2,000, but there was more as well. Much more. It appears that from 1997 to 2003, Nestlé had also used his image on eight different varieties of Taster’s Choice brand labels in 18 different countries, including in Israel, Japan, Kuwait, Mexico, South Korea and the United States. At the trial, a jury concluded that Mr. Christoff should have been paid $330,000 for the use of his likeness and was entitled to damages of more than $15 million! California’s right of publicity statute, as it relates to proof of a defendant’s profits, states that the plaintiff needs to “present proof only of the gross revenue attributable to such use,” (emphasis supplied) while the defendant must prove “deductible expenses.”

In this case, even though the jury determined that only 5 percent of the sales of Taster’s Choice over the period of 1997 – 2006 were attributable to the use of the image, a profitable product and extended use made the jury award substantial, to say the least. Now you would think that the jury verdict in 2005 might have put an end to it, but predictably, Nestlé appealed and the saga continues.

Based on Nestlé’s appeal, the appellate court reversed the jury’s verdict based on the fact that Mr. Christoff had not brought his lawsuit before the statute of limitations had expired; but just this past Monday (Aug. 17), the California Supreme Court ordered the case back down to the trial court to take another look. Why, you may ask? Because the Supreme Court wants the trial court to answer the following question: What’s the correct way to calculate the statute of limitations – start date/end date – in lawsuits involving rights of publicity and product labeling?

Since Mr. Christoff brought his lawsuit six years after Nestlé USA, Inc. began using his image (but less than a year after he discovered it), the original trial court instructed the jury to use a two-year statute of limitation, but to use the point at which Mr. Christoff knew, should have known, or could have reasonably suspected his image was being used on the label, as the starting point for calculating when the statute of limitation would bar his lawsuit. It seems the trial court determined that unlike offensive or defamatory remarks that would not be considered “published” over and over again, simply because they were repeated in 100,000 copies of the same book, the “Single Publication Rule” (Uniform Single Publication Act as codified in Civil Code section 3425.3) did not apply to cases involving the use of someone’s likeness or image. So here’s how the wrinkle unfolds . . .

Continue reading “Rights of Publicity – Wake Up and Smell the Coffee!”

Self-Regulatory Online Behavioral Advertising Principle No. 1: Education

Last month, Legal Bytes reported to you that the Association of Advertising Agencies, the Association of National Advertisers, the Direct Marketing Association, and the Interactive Advertising Bureau, in concert with the Council of Better Business Bureaus, released its Self-Regulatory Online Behavioral Advertising Principles. As reported, the major participants in the online advertising industry have proposed to apply these principles to their practices related to online behavioral advertising: “the collection of data from a particular computer or device regarding Web viewing behaviors over time and across non-Affiliate Web sites for the purpose of using such data to predict user preferences or interests to deliver advertising to that computer or device based on the preferences or interests inferred from such Web viewing behaviors.”

Since we promised to provide you with a bit more detail regarding each of these principles, which are listed below, here is our first installment in fulfilling that commitment. The seven enumerated principles are:

  • Education
  • Transparency
  • Consumer Control
  • Data Security
  • Material Changes
  • Sensitive Data
  • Accountability

The Education principle requires everyone in the online behavioral environment to participate in meaningful efforts to educate consumers and businesses about behavioral advertising, the purpose of the Self-Regulatory Online Behavioral Advertising Principles, and the potential benefits and consumer choices that are available when these principles are followed, and to explain to consumers the means and implications of exercising their rights and the choices they may have. While the specifics of all of the proposed educational outreach are yet to be established within the framework of the industry groups that have formulated these principles, the one thing that was agreed on as a tangible, quantitative objective is that through industry-developed website(s) and a major online education campaign, the initial educational outreach would be developed to achieve at least 500,000,000 (yes, that’s five hundred million) impressions over the next 18 months. Thanks to Keri Bruce for her input. Stay tuned for highlights of the six other principles.

Gift Cards: The Chart is Free. It’s Our Experience You Pay For.

Last month, Legal Bytes posted Online Gaming Laws Survey – Free (Yes, You Read Correctly), which also included a link that would allow readers to download a copy of a chart summarizing the U.S. laws that apply to online gaming (Survey of U.S. Federal and State Gaming Laws & Regulations). In that posting, I asked “Why would a law firm be giving away such valuable research for free online, on the web, for everyone to see?” The answer, my friend, is . . . (you were expecting a Bob Dylan line, weren’t you) . . .

The answer is simple. We know that many lawyers and firms can do research! While it may come as a shock to some, it comes as no surprise to us that Rimon may not be the only, or even the first, law firm that has done 50-state surveys of various laws and regulations. However—and it’s a big HOWEVER—Legal Bytes may be among the few lawyer-driven blogs that actually gives research away to any visitor to our blog—for nothing. You don’t even have to be a client, but you may want to be. It’s free. Yours for the taking.

It’s free because in this age of information and social media, we believe it’s not the research that distinguishes lawyers or law firms. Oh, of course we must do research and, of course, we need to be good at it. We are. But clients want lawyers who can wisely and effectively apply and use the research; lawyers who know how to use years of hands-on experience gained from working with clients, and apply it to real-world, real-life and real-time situations. We give research away because our sustainable competitive advantage is based on relationships, and the depth and wealth of experience that enables us to bring value to clients when they call.

So, just as with online gaming, we turn today to gift cards and gift certificates, online and offline, and the wealth of experience our Advertising Technology & Media law group has developed and applies regularly for clients. The experience that lets us give valuable research away for free. So enough philosophy, show us the money.

In connection with the work we do for many clients, we have found it useful to develop and maintain a database, which we update periodically, relating to Gift Cards, payment instruments that are increasingly blurred with prepaid debit cards, stored value cards, smart or chip-cards, reward cards, discount certificates, and traditional credit, charge and debit cards. If you are in this market, you already know there are regulations that require certain disclosures, certain restrictions on expiration dates and on the imposition of inactivity fees, as well as escheat and abandoned property laws that may apply on a state-by-state basis. You also know that for the first time, the Credit Card Act of 2009 will impose federal legislative and regulatory requirements on gift cards.

So with pleasure to all of our current (and future) Legal Bytes readers and subscribers, here is a link to our publicly available chart covering Federal and State Gift Card Laws. The chart provides a handy citation and reference tool for the various gift card and gift certificate laws in the 50 United States and the District of Columbia, and includes a description of the newly enacted Credit Card Act of 2009, which provides certain consumer protections applicable to gift cards under U.S. federal law.

Now the disclaimers. First, no chart can be as comprehensive or as up-to-date or clear as actually reading and knowing the statutes and regulations themselves. It is a guide, not an authority, and you should not rely on it for anything other than as a roadmap to proper and thorough legal counsel based on the source material itself. That said, let’s not minimize its value either: it represents the distillation of years, and of hours of work and effort. A special thanks to Keri Bruce and Stacy Marcus for helping to consolidate and refine it so that it is ready for prime time.

Continue reading “Gift Cards: The Chart is Free. It’s Our Experience You Pay For.”

Identity Theft: Don’t Just Yell ‘Stop Thief.’ Audit Something!

It was 1998 and identity theft had not yet hit the radar screens as heavily as it would during the course of the next decade. Who could predict? So when I received a call from Albert J. Marcella, Jr. Professor of Management in the School of Business and Technology, Department of Management, at Webster University in St. Louis, who said he was putting together an “audit oriented” publication for The Institute of Internal Auditors to guide professionals who were becoming increasingly concerned about online identity theft, I naturally wondered what I could contribute to that effort.

So we spent a great deal of time collaborating about what we knew, speculated about what we did not know, and tried to put the work in context—specifically, guidance for corporate auditors and security management professionals on what they needed to know as sensitive, personally identifiable information migrated online. The result, of which my contribution played only a small part, was a book entitled, Protecting Your Identity on the Web, published in November 1999 by The Institute of Internal Auditors.

Identity theft, not a brand new crime even then, had a new face in our online, digital interconnected world. And, it was growing and pervasive, and its implications—if for no other reason than the sheer magnitude of the potential risks and the speed at which they would materialize on or through the Internet—were unprecedented and were becoming global.

I now know what I could not have known then—that more than 40 states have passed identity theft statutes and that the Privacy Rights Clearinghouse website, which takes pride in cataloging such things, estimates that as of a day or two ago, 263,247,398 records containing sensitive personal information were involved in security breaches in the United States since January 2005—six years after the publication became available.

To appreciate the foresight and to learn about those audit guidelines and benchmarks, you have to buy the book. But to read my personal piece of that collaborative effort—an end-piece summary of the legal implications entitled “Technology, the Internet and Cyberspace: Challenges to National and International Privacy“, you just have to read Legal Bytes.

Carpe Diem! Italy Authorizes Issuance of Online Gaming Regulations.

Gaming is a fast-growing segment of the online community—remarkable since people have actually been saying that since 1994! Well online gaming and gambling may become more difficult (and more expensive) in places like Italy, if the Italian Chamber of Deputies has its way. New legislation ratifying and amending existing Italian law authorizes the State Monopolies Authority (Amministrazione Autonoma Monopoli di Stato (AAMS)) to promulgate implementing regulations—which are likely to be issued in early 2010 (although late 2009 is a possibility). Currently, Italy licenses online poker tournament games and fixed-odds sports betting, but online gambling in Italy is limited to Italian gamblers on internal, not international networks.

So what does the new law provide? Although absent the actual regulations it is impossible to predict with certainty, there does appear to be both good news and bad news.

First the good news. The law authorizes the introduction of online cash games—both fixed draws and card games—and permits the implementation of new online lotteries of various types and modes of play. Consequently, online games involving cash are likely to become legal and be introduced in Italy. 

Now the bad news. The tax that will be imposed on these new games is 20 percent of the total (essentially a gross profits tax). This represents an increase above the current 4.5 percent tax on “gross gaming revenues” that applies to sports betting in Italy. In cash online games, unlike tournament poker (in which a tax is imposed as a percentage of gross gaming revenue), the network operator generally takes a “rake” from each game. Thus, using a gross profits tax will allow the operator to set the rake more rationally in the marketplace, but will also result in more tax revenue.

So bottom line, while these new provisions are likely to stimulate new online gaming, the AAMS retains very broad authority to define the basis upon which operators can customize the wagering products and services being offered. Because the AAMS still retains the right to approve each betting product, one wonders if that will not limit both innovation and competition in the online gaming marketplace. That said, gaming and gaming revenues continue to increase and tax revenue will likely follow. We’ll see if the new regulations provide additional opportunities, but as they said in ancient Rome: Cum catapultae proscriptae erunt tum soli proscript catapultas habebunt.

Need to understand more about online gaming, or online gambling, or both? Need help? In Italy? In the United States? Anywhere? Need references? In Italy? In the United States? Anywhere? Contact me at, check out my bio at Joseph I. Rosenbaum, or contact the Rimon lawyer you normally work with. We are happy to help.

Legal Bytes Archives: Have You Been Back to the Future Lately?

In case you haven’t checked in with Legal Bytes lately, you might want to know that we have been busy posting many of the articles that have appeared in our back issues—prior to our conversion to a blog format. Actually, thanks go to outstanding marketing support from Rebecca Blaw, who has done much of the archive posting over the past few months, along with the trusty support of Erin Evans.

Check it out. You can’t always get what you want, but if you try sometime, you might just get what you need!