Public Social-Media Posts May Not Be Fair Game for Marketing Profiles, Warns FTC Lawyer
SAN FRANCISCO -- Even including public Twitter posts in information-gathering for marketing purposes unexpected by the writer might be a federal privacy violation, an FTC attorney said. That posts are open to all would weigh against liability but not preclude it, said Laura Berger of the commission’s privacy and identity protection division late Tuesday. She was answering a question from a lawyer at a Practising Law Institute seminar.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
A Google lawyer stressed the difficulty of dealing with varying regulations on privacy and data security around the world. “Things are pretty scary from a consistency-of-law perspective across a lot of jurisdictions,” said Marc Crandall, Google senior manager of global compliance for enterprise. Google is “seeing what could be significant deviations from jurisdiction to jurisdiction” within Europe, and even with a uniform EU regulation proposed, “in the next 18 months, I don’t see much relief,” he said.
The creation of an international privacy-enforcement counterpart to Interpol “to enhance cooperation across agencies” could “make things easier from a regulator perspective, as well as those attempting to comply,” Crandall said. He said “cross-jurisdictional standards from a security perspective” also would help.
State prosecutors work together on emerging problems through the Privacy Working Group of the National Association of Attorneys General, said Senior Counsel Paula Selis of the Washington attorney general’s office. Behind the scenes, the group has been looking into online tracking, data brokers’ practices, sales of customer information by companies in bankruptcy, social networking sites’ policies and practices, and geolocation services, Selis said. “We discuss data breaches regularly -- every single time we talk,” she said.
In Washington state, “we're looking at mobile apps,” Selis said. “So as technology changes, so do our cases.” She said her office had just filed and settled its first “Facebook spam case,” in which a post that looks like it’s from a friend links to provocatively described content that can’t be reached without filling out a survey, providing fodder for sales to advertisers (WID May 11 p7). But “where we're seeing the biggest problem now” is online marketing campaigns in which prizes are offered as a lure to draw consumers into supplying large amounts of information about themselves, which is then used to fuel “hundreds of spam messages a week,” Selis said.
Chief Joanne McNabb of California’s Office of Privacy Protection handicapped as low the chances that federal legislation will be enacted in the next 18 months. “The consumer demand doesn’t exist” for congressional action on data breaches, “because of the state laws” across the country on the subject, she said. And “things are happening in the absence of legislation” with do-not-track mechanisms online, she said.
In California, McNabb is “surprised there’s only one bill,” AB-2455, “not 50” to prohibit employers and schools from demanding an applicant’s Facebook logon, she said. “Everybody was on that instantly.” McNabb predicted at least one California bill to restrict government access to location information will pass. She said her office is working with “players in the mobile ecosystem” on best practices regarding privacy. The work highlights the need for a “special notice,” beyond the formal privacy policy, to offer users choices concerning any “unexpected actions” and “surprising data flows,” McNabb said. “The more of these special notices you have, the more unpleasant the consumer experience,” she said. “So don’t have so many unexpected data flows.”