HFN Technology & Regulation Client Update
Dear Clients and Friends,
We are pleased to introduce you to our January 2018 edition of the Technology & Regulation Client Update, which includes several important regulatory and industry developments in the fields of digital advertising, data privacy and technology compliance.
These include the following: The European Commission's new extensive GDPR guidance; New industry guidance on partnering with Influence Marketers; YouTube's "tightened" rules regarding creator monetization and partnerships; Toy-maker's settlement with the FTC over children's privacy violations; New US Federal Court's Ruling regarding unauthorized scraping; The Trustworthy Accountability Group's updated guidelines which require publishers to use
Ads.Txt; Another settlement in the FTC's ongoing enforcement measures taken against tech-support
scheme; and The Interactive Advertising Bureau's addendum for Long-Term Video
Ariel Yosefi, Partner Co-Head - Technology & Regulation Department Herzog Fox & Neeman
If you have an important regulatory or industry compliance update you would like to share with the industry, let us know.
The European Commission Releases Extensive GDPR Guidance
TOPICS: Data Protection, EU General Data Protection Regulation, The European Commission, European Union
Just 4 months before the General Data Protection Guidance (the "GDPR") enters into force, the European Commission (the "Commission") released a website with extensive guidance on implementation that provides a variety of useful guidance and information for all stakeholders: Data Protection Authorities ("DPA"), Member States, businesses, and data subjects. The released guidance includes infographics, explanatory documents, a guide to GDPR enforcement, and general FAQ-style information.
The website brings some new information regarding the GDPR. For example, in its Communication to Parliament and guidance to the Council, the Commission notes that it has brought together an Expert Group to accompany member states in their effort to prepare for the GDPR. This Group acts as a forum by which the Member States can share their experiences and expertise. Additionally, The Commission has also engaged in bilateral meetings with Member States' authorities to discuss issues arising at the national level.
The Commission also warns Member States against taking necessary actions which are required under the GDPR as it will, in such cases, make use of all the means it has at its disposal, including recourse to the infringement procedure that might also include providing more resources to national DPAs.
Moreover, the guidance website includes Fact Sheet Charts outlining the next steps that will be taken by the Commission as the GDPR comes into force to the following stakeholders:
Member States - Promotion of consistency and limitation of fragmentation in the application of the GDPR, close monitoring of the application of the GDPR and taking appropriate actions as necessary.
DPAs - Supporting the work of the Art. 29 Working Party and its transition towards the European Data Protection Board and contribution to the work of the European Data Protection Board.
Citizens and Companies the launch and promotion of a practical web guidance to assist with GDPR compliance, collaboration with different stakeholders in formats, such as the multistakeholder group in order to obtain their feedback on the implementation of the GDPR and awareness of the new rules.
In addition, the Commission' actions such as participation in events and seminars across the EU Member States, obtaining feedback on the web guidance and its adaptation, event organization in order to assess if all stakeholders apply the GDPR and issuing of reports of the application of the new rules, will be implemented with respect to all such stakeholders.
We would be happy to provide further advice and recommendations concerning the Commission's guidance and its scope. For further details and recommendations published by us on the GDPR, see our update on How to prepare to the new EU General Data Protection Regulation, as well as our recent GDPR Compliance Playbook.
New IAB Guidance on Partnering With Influencers
TOPICS: Adtech Industry Compliance, Influencer Marketing, Digital Advertising, The Interactive Advertising Bureau
The Interactive Advertising Bureau's (the "IAB") social media, native and content committee has released a guide for marketers building influencer-marketing strategies through publishers. This guide addresses the specific needs of marketers as they relate to the benefits and challenges of influencer partnerships made through publishers.
The IAB's guide goes into great detail regarding the Federal Trade Commission ("FTC") guidelines concerning influence marketing (see our related Client Update), which publishers, brands and influencers alike must be aware of. According to the applicable regulatory requirements and the guide, disclosure of the influencer's capacity is of paramount importance, and the guide stresses that disclosure also benefits the consumer, the brand, the publisher and the influencers themselves.
Beyond disclosure guidance, the guide provides best practice suggestions that will vary on a case-bycase basis, according to brand goals and publisher offerings
The guide demonstrates the level of importance which is attached to the new developed regulatory requirements in the influence marketing sphere. You can read more about the key issues in our special Update titled "Influencer Marketing: Rules of Engagement".
Google Tightens YouTube Rules around Creator Monetization and Partnerships
TOPICS: Adtech Industry Compliance, Digital Advertising, Monetization, YouTube, Google
This month Google announced that YouTube will now impose criteria setting out stricter rules for the types of videos that a channel/creator must meet in order to monetize videos and will introduce a new stricter vetting process for the top-shelf YouTube videos it offers advertisers. According to the new requirements, in order for creators to apply for monetization (and having ads attached to videos), they must have tallied 4,000 hours of overall watch time on their channel within the past 12 months and have at least 1,000 subscribers. Previously, they needed 10,000 total views to join the monetization program.
In the past year, YouTube dealt with a series of problems in this area, as reported in our previous updates, commencing in March 2017, when ads were found next to violent and racist videos, leading to boycotts by major brands.
Google will enforce the new eligibility policy for all existing channels as of 20 February 2018, such that channels which fail to meet the threshold will no longer be able to derive income from ads. This enforcement will no doubt make it harder for new, smaller channels to apply for and attain monetization.
We would be happy to provide further advice on the Google's new stricter rules.
Toy-maker VTech Electronics to Settle FTC Charges over Children's Privacy Violations
TOPICS: Data Protection, Data Security, Minors, The Federal Trade Commission, Children's Online Privacy Protection Act, United States
Electronic toy-maker, VTech Electronics ("VTech"), has agreed to pay $650,000 to settle charges filed by the FTC. According to the Department of Justice's complaint, filed on behalf of the FTC, VTech violated the Children's Online Privacy Protection Act ("COPPA") when it collected personal information on hundreds of thousands of children without obtaining their parent's consent. The personal information included children's first and last names, email addresses, dates of birth, and genders.
In addition to the monetary settlement, VTech is also required to begin running a comprehensive data security program that will be subject to independent audits for 20 years.
United States Federal Court Ruling Allowed Scraping in Violation of T&Cs
TOPICS: Scraping, Oracle, Rimini Street, 9th Circuit Court of Appeals, United States
Oracle argued that Rimini Street's actions were in violation of California and Nevada state laws: The California Comprehensive Data Access and Fraud Act and the Nevada Computer Crimes Law. Both acts prohibit accessing a computer without obtaining permission or without authorization.
The Court ruled that the key question is whether Rimini was authorized in the first instance to take and use the information that it downloaded. Since Rimini Street was authorized to access the information in the first place, there is no violation of state law. The Court further states that this decision is consistent with its previous decision in the matter of Facebook v. Power Ventures, which we reported in our previous updates. In the Facebook ruling, the Court relied on Facebook sending a cease-and-desist letter to Power Ventures, which put Power Ventures on notice that it was no longer authorized to access Facebook's computers. This letter established the grounds for the argument that further access by Power Ventures constitutes a violation of the applicable computer laws, which require authorization. In this particular case, Oracle did send a cease-and-desist letter to Rimini Street, but it was very different in nature than the one sent by Facebook. For example Oracle referred to a temporary block on Rimini Street's IP address. This is not likely to establish an argument of denying authorization and the Court did not even mention this letter as part of its decision.
It is noteworthy to mention that the 9th Circuit did not address the ruling of the US District Court for the Northern District of California, in the case of HiQ v.Linkedin which dealt with similar issues, but which resulted in a different outcome (see our related update). The Court in the hiQ case gave more importance to the nature of the data accessed and did not solely rely on the "authorization" factor in order to determine if a possible violation has occurred. Linkedin has filed an appeal to the 9th Circuit and this ruling may have a serious impact on companies that rely on publicly accessible information as part of their operation.
New TAG Guidelines Require Publishers to Use Ads.Txt
TOPICS: Adtech Industry Compliance, Digital Advertising, Anti-Fraud, The Trustworthy Accountability Group, Interactive Advertising Bureau
This month, the Trustworthy Accountability Group ("TAG"), an advertising industry anti-fraud initiative, announced that it has updated its Certified Against Fraud guidelines to require publishers to adopt the ads.txt specification, released last year by the IAB's Tech Lab.
In addition, TAG has also updated its Certified Against Piracy guidelines to offer direct buyers and publishers a path to certification. In order to receive certification, ad buyers and publishers must meet the following requirements:
Must complete a TAG registration; Be a Tag member in good standing; Attend anti-piracy training annually; Comply with TAG's Anti-Piracy Pledge; and Ensure that properties do not block anti-piracy software. Publishers may have additional requirements depending on their level of hosting user-generated content.
The new requirements with enter into force in 1 July 2018. TAG also released a new enforcement process for its certification programs such that individuals and entities can submit noncompliance allegations for review and action. Companies that currently hold the Certified Against Fraud or Certified Against Piracy Seals are required to be compliant by that time, while new applicants for those certifications will be evaluated against updated guidelines going forward.
We would be happy to provide further advice and recommendations on TAG's updated guidelines.
Tech-Support Operators Agree to Settle FTC and the State of Ohio Charges
TOPICS: Tech-Support Apps, Digital Advertising, The Federal Trade Commission, United States
Following settlements with the FTC and the State of Ohio, the operators of a computer tech support scam are permanently banned from the tech support business, following charges brought against the defendants that they tricked consumers into believing their computers were infected with viruses and malware, and then charged them hundreds of dollars for unnecessary repairs.
According to a complaint filed last year by the FTC, the defendants contacted consumers through advertisements that resembled pop-up security alerts from well-known technology companies. These ads appeared on consumers' computer screens when they were browsing the Internet. The complaint alleged that the ads falsely warned consumers that their computers were infected with viruses or had been hacked or otherwise compromised, and urged them to immediately call a toll-free number for assistance.
The complaint further alleges that once consumers called the toll-free number listed on the ads, they were connected to a call center and pitched by telemarketers who claimed to be affiliated with technology companies such as Microsoft or Apple. After gaining access to consumers' computers, the telemarketers purported to run a series of "diagnostic tests" to show that their computers had major problems requiring immediate repair. The telemarketers then persuaded consumers to buy a one-time "fix" or long-term service plans that cost hundreds of dollars.
As part of the settlements, the Defendants are banned from offering tech support products and services as well as engaging in deceptive telemarketing practices, misrepresenting their affiliation with another company, and collecting or attempting to collect payment for tech support products or services. Additionally, the settlements impose a $12.4 million judgment, which will be suspended upon payment by the defendants of a total of $122,376.39.
The defendants were charged as part of a major international crack down on tech support scams called Operation Tech Trap announced in May 2017. It continues the FTC's enforcement focus on scammers who frighten consumers into purchasing expensive and unnecessary computer repairs and technical support services (see our previous report on this regulatory trend).
We encourage our clients and friends to take the necessary measures and implement the required policies and to ensure their advertisers and other partners comply with all applicable rules concerning the advertisement of computer tech support and repair programs.
Terms and Conditions Addendum for Long-Form Video Released by the IAB and 4As
TOPICS: Adtech Industry Compliance, Digital Video Advertising, The Interactive Advertising Bureau, the American Association of Advertising Agencies.
The Interactive Advertising Bureau ("IAB") and the American Association of Advertising Agencies ("4As") released a set of transactional terms and conditions for long-form video, a key addendum to the standard transactional terms which were last updated in 2009 ("the Addendum"). The transactional terms and its Addendum are intended to be used voluntarily by buyers and sellers in order to address the technical and business issues with long-form video advertising. The terms were designed to reduce the delays and expenses inherent in preparing multiple, custom agreements, which are currently the industry standard.
The Addendum covers definitions and provisions relating to: Viewability and brand safety; Cancellation and termination provisions for unified buys (in which digital inventory is purchased along with TV on-air inventory); Terms for audience composition and demo-guaranteed campaigns; Ad tag/materials preparation, testing, and notification; Definitions and use cases for first party versus third and fourth party ad tags; and Rules and processes for handling report and measurement discrepancies.
The Addendum is available until 5 February 2018 for public comments after which, the final version of the addendum will be released.