Regulatory Issues with Social Media Beyond the FDA...Section 5 of the FTC Act No comprehensive...
Transcript of Regulatory Issues with Social Media Beyond the FDA...Section 5 of the FTC Act No comprehensive...
Regulatory Issues with Social Media — Beyond the FDA
June 24, 2015
Lindsey Tonsager Covington & Burling
(415) 591-7061 [email protected]
2
Agenda
Legal Framework
Application to Common Social Media Activities
3
Section 5 of the FTC Act
No comprehensive federal data privacy or security law
in the U.S.
Section 5 authorizes the FTC to address "deceptive" or
"unfair" acts or practices
Applies to consumer and B2B relationships
Deception
• Likely to mislead consumers
• Considered from the perspective of a reasonable consumer
• Material — i.e., likely to affect consumer’s choice or conduct regarding a product
Unfairness
• Likely to cause substantial consumer injury
• Not reasonably avoidable by consumers
• Not outweighed by countervailing benefits to consumers or competition
4
Section 5 Implementation
Limited rulemaking authority under Section 5
Guidance through reports, workshops, and
other informal materials
This informal guidance is NOT legally binding,
but good best practices
5
Section 5 Enforcement
Typically resolved through privately-negotiated
consent decrees – but not always
Implication of entering into a consent decree
Generally no statutory financial penalties under
Section 5, UNLESS there is a violation of a consent
decree
Consent agreements are NOT binding on
competitors
With few exceptions, tend to last a very long time
(e.g., 20 years)
6
State “Mini FTC Acts”
Many states have adopted unfair competition
laws that similarly prohibit deceptive or unfair
acts and practices
Key difference from FTC Act ― a number of
states allow for private rights of action
7
Other Federal and State Laws
Industries
Healthcare Providers (HIPAA)
42 U.S.C. § 300gg, 29 U.S.C § 1181 et seq. and 42 USC
1320d et seq.
Financial Institutions
(Gramm-Leach-Bliley)
15 U.S.C. § 6801, et seq.
Activities
Email Marketing (CAN-SPAM)
42 U.S.C. §§ 7101-7713
Telemarketing (TCPA)
47 U.S.C. § 227
Access to Communications
(ECPA)
18 U.S.C. § 2510 et seq.
Consumers
Children under 13 (COPPA)
15 U.S.C. §§ 6501-6506
California Minors’ Digital Privacy Law
Cal. Bus. & Prof. Code §§ 22580-22582
A variety of other federal and state laws govern
specific:
8
Self-Regulation
Voluntary Industry Guidelines and Best Practices
Privacy Policies
Terms of Use
Social Media Policies, BYOD, Network/Internet Use
Limited to authorized company spokesperson?
Company-branded or personal social media
accounts?
Using company-owned or personal equipment?
9
Agenda
Legal Framework
Application to Common Social Media Activities
10
What Is “Social Media”
11
Regulatory Issues: Social Media
Heightened regulatory attention on social media platforms
FTC consent decrees involving Twitter, Google Buzz, Facebook
Companies using social media also should be aware of potential legal risks:
Consumer notice (and choice)
Testimonials and endorsements
Native advertising
Ad substantiation
Compliance with platform policies
Children’s privacy
Copyright and reuse of user-generated content
Use of vendors and service providers
12
Consumer Notice
Advertisers are responsible for false or unsubstantiated
statements made through endorsements and testimonials,
or for failing to disclose material connections.
Case Study
• Drug Company commissions research on its product by an
outside organization. Drug Company determines subject of
the research and pays a substantial share of the expenses,
but the research organization determines the study’s
protocol and is responsible for conducting it.
• Drug Company pays HCP to write a blog mentioning the
research results as ‘‘findings’’ of that research organization.
• HCP promotes the blog post on Facebook, Twitter, and
LinkedIn.
13
Consumer Notice
14
User-Generated Social Media Endorsements
“We believe that participants' pins featuring Cole Haan products were endorsements of the Cole Haan products . . . [W]e were concerned that Cole Haan did not instruct contestants to label their pins and Pinterest boards to make it clear that they had pinned Cole Haan products as part of a contest. We do not believe that the "#WanderingSole" hashtag adequately communicated the financial incentive- a material connection- between contestants and Cole Haan.” – FTC Cole HaanClosing Letter
15
Third-Party Social Media Endorsements
Fellow Deutschers – The PlayStation Team has been working hard on a campaign to launch Sony’s all-new handheld gaming device, the PS Vita, and we want YOU to help us kick things off! . . . To generate buzz around the launch of the device, the PS Vita ad campaign will incorporate a #GAMECHANGER hashtag into nearly all creative executions. . . . The campaign starts on February 13th, and to get the conversation started, we’re asking YOU to Tweet about the PlayStation Vita using the #GAMECHANGER hashtag. Easy, right?
FTC alleged Deutsch LA misled consumers because they did not disclose that they were
written by employees of Deutsch LA
“One thing can be said about
PlayStation Vita...it’s a #gamechanger”
“This is sick. . . .See the new PS Vita in
action. The gaming #GameChanger”
“Got the chance to get my hands on a PS Vita
and I'm amazed how great the graphics are.
It’s definitely a #gamechanger!”
16
Native Advertising
17
Key Takeaways
Make endorsement relationship clear
All claims must be complete, accurate, and not misleading
Determine appropriate level of control and monitoring
Consider all the possible platforms and devices
Try to incorporate disclosures into the content
18
Online Advertising
In addition to behavioral advertising using cookies and similar browser-based technologies, companies increasingly are trying to find and reach their existing or potential customers on social media
Example:
Advertiser has a list of existing or potential customers (e.g., email addresses, phone numbers, Apple IDFA, Google Ad ID) and wants to deliver an ad to those people.
The person also is a registered user of a social media service.
Data is hashed (de-identified), and hashed data of advertiser and social media service is compared.
If there is a match, the social media platform delivers the ad to the user.
The process can be supplemented by information from data brokers for more refined ad targeting.
19
How Hashing Protects Consumer Privacy
C242010385759788A
G739503820494675B
C242010385759788A
Advertiser Social Media Platform or Third-Party Ad Service
Match
No match
C242010385759788A
20
Platform Policies
Policies may address promotions, advertising, and privacy
Platform may offer plugins or embed tools to distribute third-party content consistent with copyright laws
May permit (or restrict) use of user-generated content for your own purposes
Once you post content, it may no longer be yours exclusively
21
Forward-To-A-Friend Campaigns
CAN-SPAM Act regulates sending of commercial email
Applies to commercial emails sent to consumers and B2B
communications
Accurate
Transmission Information
No Deceptive Subject Lines
Opt-Out Notice Functioning Electronic Opt-Out
“Ad” Disclosure, Unless Consent
Valid Physical Postal Address
Honor Opt-Out Within 10
Business Days
Onward Transfer Prohibitions
22
Forward-to-a-Friend Campaigns
Case Study: Drug Company encourages a HCP, consumer, or other third-
party to forward Drug Company’s e-mail messages to others.
Determine whether the “primary purpose” of the message is commercial
Confirm whether there is any payment or other consideration (e.g., coupon, discount) for forwarding the message
Consider level of control you’ll have over the message
Contracts with affiliate marketers should cover CAN-SPAM compliance
If applicable, implement list scrub and opt-out mechanisms
23
Telemarketing, Text Messaging, Pre-Recorded Calls
The Telephone Consumer Protection Act (TCPA)
Recent FCC Order interprets Act expansively, but some exceptions for
HCPs and drug companies
What Does it Cover?
Telemarketing (residential wireline and wireless phones)
Text Messaging
Autodialers / Prerecorded Calls (some rules are content agnostic)
Other Laws to Consider
Telephone Consumer Fraud and Abuse Prevention Act, 15 USC §
6101, and FTC implementing regulations, 16 CFR § 310
Section 14 of the CAN-SPAM Act, 14 USC § 7712
State Laws
24
Why Does The TCPA Matter?
Private Right of Action
Very actively enforced by plaintiffs’ bar
Statutory damages of up to $1500 per call or text
Regulatory Enforcement by FCC, FTC, State AGs
Regulatory fines of up to $16,000 per call or text
25
Service Providers
Play important role in analytics, conversion
tracking, measurement, optimization, etc.
Privacy and data security diligence critical to
mitigating legal and reputational risk
26
Questions
Lindsey Tonsager
One Front Street
San Francisco, CA 94111-5356
(415) 591-7061
To keep current on developments in global privacy and data security matters,
visit www.InsidePrivacy.com