Potential Impact On Your Company and Who Should be Accountable
In addition to your legal staff, your IT director and your chief marketing officer both need to be accountable to avoid these serious legal missteps. Even if your company is not under a previous order with the FTC that would expose it to a multi-million dollar fine, being subject to a fine of one-tenth of $22.5 million could mean a $2.25 million fine that could be more than a big headache for executives and shareholders of a mid-sized or small company. Even the CEO, the COO, and the CFO better be aware of the potential for big liability for a mismatch between what obscure fine print says are privacy policies and representations, and what is actually done with cookies to expose consumer information and track consumer interests and behavior.
Overlooked Privacy Claims in the Google Case
Google claimed in its fine print that for users of the Safari browser that it would not place tracking cookies on the users’ computers or serve them targeted advertisements. The FTC charged, however, that Google placed tracking cookies on users’ computers, used the cookies for tracking users’ interests and websites visited and served targeted ads to the interests of consumers. The FTC alleged that Google used codes to disguise its cookies to work around Safari’s opt-out default setting.
Overlooked Claims of Self-Regulatory Compliance
Many companies promote on their website their affiliation with self-regulatory programs. For example, to join the Network Advertising Initiative (NAI), a voluntary self-regulatory group for the online advertising industry, company members agree to disclose to users their data collection and use practices. Although Google touted its NAI membership on its website, the FTC says the company did not truthfully disclose what it was doing with Safari users’ data. Therefore, the FTC charged that Google misrepresented the extent to which it honored NAI’s Code. Membership in self-regulatory programs is voluntary, but once your company advertises its adherence to an industry code, your company must live up to its terms to avoid potential liability from an FTC action.
- The CEO and top executives of your company must often repeat that they are committed to compliance with consumer privacy and advertising laws and they will hold the IT director and Chief Marketing Officer accountable.
- Your legal staff or outside counsel must often engage in live training of your IT staff and marketing staff on compliance with consumer privacy and advertising laws.
- Your information technology staff needs to take the lead in compliance before your marketing managers and legal advisors get involved.
- The internal policy should require that IT department make and update a list of all the places on your company websites, social media promotions and sponsored blogs where privacy representations and claims are made, maintain an inventory of the cookies they use, and not launch new ones without both marketing and legal review.
- The internal policy should also require that the marketing staff make and update a separate list of all the user tracking tools being used on your company websites, social media promotions and sponsored blogs and maintain an inventory of the categories of data being collected from users, and not launch new tracking tools or categories of data being collected without both IT and legal review.
- Sidestepping users’ preferences can lead to costly legal missteps.