Technology: The privacy perils of mobile technology
During the last several years, there has been explosive growth in the use of mobile technologies, fueling a concomitant increase in privacy-related regulatory activity and class action litigation around the globe.
June 01, 2012 at 05:00 AM
10 minute read
The original version of this story was published on Law.com
During the last several years, there has been explosive growth in the use of mobile technologies, fueling a concomitant increase in privacy-related regulatory activity and class action litigation around the globe. In the U.S., the recent regulatory trend began in earnest last year, when the primary privacy regulator in the U.S., the Federal Trade Commission (FTC), concluded its first enforcement action involving mobile apps.
The FTC reached an agreement with a developer of children's games for the iPhone, requiring the app developer to pay $50,000 to settle charges that it violated the Children's Online Privacy Protection Act (COPPA) by illegally collecting and disclosing personal information of tens of thousands of children under the age of 13 without their parents' prior consent. The settlement was one of many recent reminders that even older laws such as COPPA, which was enacted in 1998, have important implications for new mobile technology.
Regulatory activity in the U.S. has since increased. In February, the FTC warned six marketers of background screening mobile apps that they may be violating the Fair Credit Reporting Act. Days later, in a report entitled “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing”, the FTC issued a “warning call to industry that it must do more to provide parents with easily accessible, basic information about the mobile apps that their children use.”
The report was based on the FTC's investigation of hundreds of mobile apps and their legally inadequate or nonexistent privacy notices. The report indicated that, during the coming months, the FTC would conduct additional review to identify enforcement opportunities. Among the report's main conclusions were the following:
“Parents should be able to learn what information an app collects, how the information will be used, and with whom the information will be shared. App developers also should alert parents if the app connects with any social media, or allows targeted advertising to occur through the app. Third parties that collect user information through apps also should disclose their privacy practices, whether through a link on the app promotion page, the developers' disclosures, or another easily accessible method.”
Less than a week later, this call for greater transparency was echoed by the California Attorney General, who announced an initiative to increase compliance with the California Online Privacy Protection Act of 2003 (OPPA). Among other compliance obligations, OPPA requires operators of mobile apps to post a privacy notice that contains a description of the categories of personal information the apps collect and the types of third parties with whom that information is shared. Many mobile apps collect an unexpectedly wide range of data from users' mobile devices and silently share that data with networks of service providers and other third parties. Development of these apps often is outsourced or handled by an insular group of in-house developers.
Consequently, the company sponsoring the app frequently lacks the information necessary to craft an accurate privacy notice. Because OPPA prohibits the handling of data in a manner that is inconsistent with the privacy notice, the company could incur the risk of both an OPPA violation and damage to the company's relationship with its consumers. In addition, the company runs the risk of joining the long line of companies against which the FTC has brought enforcement actions for inaccurate representations in privacy notices.
The lack of transparency also invites class action litigation, such as the case currently pending in federal court in Texas against more than a dozen popular app developers for allegedly collecting users' mobile address book data without consent. To help address this issue, the California Attorney General joined six leading mobile app platform providers—Apple, Google, Hewlett-Packard, Microsoft and Research In Motion—in adopting a joint statement of principles under which consumers will have the opportunity to review an app's privacy policy before downloading it.
Meanwhile, new privacy issues continue to crop up in the text message arena. Current Federal Communications Commission (FCC) regulations prohibit the automated sending of any kind of non-emergency text message without the recipient's prior express consent. The statutory damages of $500 per text message predictably have invited the interest of plaintiffs' counsel, who have extracted millions of dollars in settlements from companies whose only alleged transgression was to send a confirmation message to consumers who opted out of mobile programs in which they previously had enrolled, such as “Your opt-out has been processed”.
The FCC recently sought comment on whether to take the position that the plaintiffs' theory that the consumer's opt-out revoked consent to send even the confirmation message should be deemed invalid. Even if the FCC provides some relief, the pressure remains: In February, the FCC announced new regulations that will prohibit companies from sending marketing-oriented text messages without first obtaining the recipients' consent in the form of signed, written agreements.
For the business community, the message is clear: In the mobile space, companies must closely monitor the rapidly changing privacy landscape to safely navigate this complex terrain.
During the last several years, there has been explosive growth in the use of mobile technologies, fueling a concomitant increase in privacy-related regulatory activity and class action litigation around the globe. In the U.S., the recent regulatory trend began in earnest last year, when the primary privacy regulator in the U.S., the Federal Trade Commission (FTC), concluded its first enforcement action involving mobile apps.
The FTC reached an agreement with a developer of children's games for the iPhone, requiring the app developer to pay $50,000 to settle charges that it violated the Children's Online Privacy Protection Act (COPPA) by illegally collecting and disclosing personal information of tens of thousands of children under the age of 13 without their parents' prior consent. The settlement was one of many recent reminders that even older laws such as COPPA, which was enacted in 1998, have important implications for new mobile technology.
Regulatory activity in the U.S. has since increased. In February, the FTC warned six marketers of background screening mobile apps that they may be violating the Fair Credit Reporting Act. Days later, in a report entitled “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing”, the FTC issued a “warning call to industry that it must do more to provide parents with easily accessible, basic information about the mobile apps that their children use.”
The report was based on the FTC's investigation of hundreds of mobile apps and their legally inadequate or nonexistent privacy notices. The report indicated that, during the coming months, the FTC would conduct additional review to identify enforcement opportunities. Among the report's main conclusions were the following:
“Parents should be able to learn what information an app collects, how the information will be used, and with whom the information will be shared. App developers also should alert parents if the app connects with any social media, or allows targeted advertising to occur through the app. Third parties that collect user information through apps also should disclose their privacy practices, whether through a link on the app promotion page, the developers' disclosures, or another easily accessible method.”
Less than a week later, this call for greater transparency was echoed by the California Attorney General, who announced an initiative to increase compliance with the California Online Privacy Protection Act of 2003 (OPPA). Among other compliance obligations, OPPA requires operators of mobile apps to post a privacy notice that contains a description of the categories of personal information the apps collect and the types of third parties with whom that information is shared. Many mobile apps collect an unexpectedly wide range of data from users' mobile devices and silently share that data with networks of service providers and other third parties. Development of these apps often is outsourced or handled by an insular group of in-house developers.
Consequently, the company sponsoring the app frequently lacks the information necessary to craft an accurate privacy notice. Because OPPA prohibits the handling of data in a manner that is inconsistent with the privacy notice, the company could incur the risk of both an OPPA violation and damage to the company's relationship with its consumers. In addition, the company runs the risk of joining the long line of companies against which the FTC has brought enforcement actions for inaccurate representations in privacy notices.
The lack of transparency also invites class action litigation, such as the case currently pending in federal court in Texas against more than a dozen popular app developers for allegedly collecting users' mobile address book data without consent. To help address this issue, the California Attorney General joined six leading mobile app platform providers—
Meanwhile, new privacy issues continue to crop up in the text message arena. Current Federal Communications Commission (FCC) regulations prohibit the automated sending of any kind of non-emergency text message without the recipient's prior express consent. The statutory damages of $500 per text message predictably have invited the interest of plaintiffs' counsel, who have extracted millions of dollars in settlements from companies whose only alleged transgression was to send a confirmation message to consumers who opted out of mobile programs in which they previously had enrolled, such as “Your opt-out has been processed”.
The FCC recently sought comment on whether to take the position that the plaintiffs' theory that the consumer's opt-out revoked consent to send even the confirmation message should be deemed invalid. Even if the FCC provides some relief, the pressure remains: In February, the FCC announced new regulations that will prohibit companies from sending marketing-oriented text messages without first obtaining the recipients' consent in the form of signed, written agreements.
For the business community, the message is clear: In the mobile space, companies must closely monitor the rapidly changing privacy landscape to safely navigate this complex terrain.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllUS Reviewer of Foreign Transactions Sees More Political, Policy Influence, Say Observers
Pre-Internet High Court Ruling Hobbling Efforts to Keep Tech Giants from Using Below-Cost Pricing to Bury Rivals
6 minute readPreparing for 2025: Anticipated Policy Changes Affecting U.S. Businesses Under the Trump Administration
Senate Panel Postpones Vote on Reconfirmation of Democrat Crenshaw to SEC
Trending Stories
- 1As 'Red Hot' 2024 for Legal Industry Comes to Close, Leaders Reflect and Share Expectations for Next Year
- 2Call for Nominations: Elite Trial Lawyers 2025
- 3Senate Judiciary Dems Release Report on Supreme Court Ethics
- 4Senate Confirms Last 2 of Biden's California Judicial Nominees
- 5Morrison & Foerster Doles Out Year-End and Special Bonuses, Raises Base Compensation for Associates
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250