Regulatory Developments in Israel
Israeli Central District Court determines that Google's Remarketing Practice does not constitute SPAM according to the applicable Israeli Law
On 18 September 2014, the Israeli Central District Court rejected a request for a class action directed against Google, addressing the legality of Google's Remarketing practice under Amendment 40 to the Israeli Communications Law (the “Spam Law”).
According to the complaint, Google displayed advertising material to users who had previously visited a website (remarketing / retargeting), without obtaining the prior written consent of the recipients. The request for the class action sought damages under the Spam Law, which regulates the practice of sending unsolicited commercial marketing materials to recipients by way of e-mail, fax, automatic phone dialing systems or text messaging. The Spam Law establishes a general rule that an Israeli advertiser may not send commercial communications via such technologies, without obtaining the written permission of the recipient in advance.
In its decision, the court determined that the scope of the communication's technologies specified in the Spam Law, does not cover remarketing practice, as such practice does not meet the definition of dispatching an e-mail, as provided for in the Spam Law.
Regulatory Developments in the United States
Last month, the U.S. Court of Appeals for the 9th Circuit, published a ruling discussing the required notice for a constructive consent on the part of the consumer, with regard to a contract formed on the internet.
For your convenience, the full ruling is available here.
Yelp and TinyCo settle FTC charges their Apps which improperly collected children’s Personal Information
The online review site Yelp, Inc. and mobile app developer TinyCo, Inc., agreed to settle separate Federal Trade Commission (“FTC”) charges that each of them improperly collected children’s information in violation of the Children’s Online Privacy Protection Act (COPPA).
According to the FTC complaint, Yelp failed to implement a functional age-screen in its apps, thereby allowing children under 13 to register for the service, despite having an age-screen mechanism on its website.
With respect to TinyCo, the FTC complaint alleged that its apps, through their use of themes appealing to children, brightly colored animated characters and simple language, were directed at children under 13 and accordingly, TinyCo was subject to the COPPA Rule. Many of TinyCo’s apps included an optional feature that collected e-mail addresses from users, including children younger than aged 13.
Under both settlements, in addition to the civil penalties, the companies are required to comply with COPPA requirements in the future and submit a compliance report to the FTC within one year, outlining their COPPA compliance program.
These enforcement cases underscore the importance of undertaking reasonable measures to ensure compliance with COPPA, including that children's information will not be collected without their parent's consent. This applies particularly to app developers which potentially target a children’s audience.
The FTC targets more than 60 Advertisers
The FTC recently directed warning letters to advertisers, in a wide range of industries, which failed to make adequate disclosures in their ads. The enforcement operation, called “Full Disclosure”, focused on disclosures that were in fine print or were otherwise easy to miss or hard to read, yet contained important information which was needed in order to avoid misleading consumers.
The FTC letters advised advertisers that to meet the “clear and conspicuous” standard, their disclosures should use clear and unambiguous language and should stand out in the advertising - consumers should be able to notice disclosures easily; they should not have to look for them.
The inadequate disclosures identified in the ads fell into many different categories:
- Many ads quoted the price of a product or service, but did not adequately disclose the conditions for obtaining that price, while others did not adequately disclose an automatic billing feature.
- Other ads claimed a product capability or that an accessory was included, butdid not adequately disclose the need to first own or buy an additional product or service.
- In some ads, the advertiser claimed that a product was unique or superior in a product category, but did not adequately disclose how narrowly the advertiser defined the category, while other comparative ads did not adequately disclose the basis of their comparisons.
- Ads promoting a “risk-free” or “worry free” trial period did not adequately disclose that consumers would need to pay for initial or return shipping.
- Numerous other ads made absolute or otherwise broad statements and had inadequate disclosures explaining exceptions or limitations.
- Weight-loss ads featuring testimonials claiming outlier results did not adequately disclose the weight loss that consumers generally could expect to achieve.
- Other ads did not adequately disclose issues related to the safety or legality of a product or service.
- Some ads also made false claims that the advertisers attempted to cure with contradictory disclosures, which were not sufficient to prevent ads from being deceptive.
While the operation focused on television and print advertisements, the FTC announced it follows a recent FTC effort to address online disclosures in new media.
FTC approves final orders settling charges against Fandango and Credit Karma
The FTC has approved final orders settling charges against two companies – Fandango, Inc. and Credit Karma, Inc – whose mobile apps left consumers’ sensitive personal information, including credit card information and Social Security numbers,vulnerable to interception by third parties.
The settlements require the companies to establish comprehensive security programs designed to address security risks during the development of their applications and to undergo independent security assessments.
The settlements further illustrate the importance of implementing strict and adequate security measures with respect to securing sensitive personal information.
Regulatory Developments in the Europe
EU Privacy Regulators give Google guidelines to change privacy practices
Last week (23 September 2014) the advisory group of the European data privacy regulators (“Article 29 Working Party”) sent to Google a package of guidelines to help it in the way it collects and stores user data in line with EU law after six regulators had opened investigations into the company’s privacy practices.
The guidelines sent to Google are available here and we recommend reading these guidelines in order to ensure compliance with their key principles.
Facebook has to answer to Privacy complaints made in a Class Action Suit
In August 2014 the Vienna Regional Court ruled that Facebook must respond to a class action suit filed against the company’s Irish subsidiary.
The class action suit was filed by a privacy activist and lawyer, Max Schrems, together with tens of thousands other people. In response, the court ruled that the company must respond to the privacy complaints against it, otherwise the court will rule without its response.