 |
| Author: Paul C. Van Slyke |
Recently the Federal Trade Commission reached a record $22.5 million settlement with Google for consumer privacy violations of an
earlier order involving what is called “online behavioral advertising” or OBA.
The Google case is a roadmap for avoiding serious legal missteps for
tracking of consumer interests in violation of a company’s own policies and
claims that are commonly made and often overlooked. In the Google settlement, the FTC sent a loud
and clear message that it will not tolerate promises and claims made in fine
print to protect the privacy of consumers and breaking those promises by use of
cookies and user tracking tools in day-to-day operations long after the
promises in fine print are forgotten.
Overlooked Privacy Claims in the Google
Case
Most companies have gotten the message that what they say in their privacy
policies has to line up with their day-to-day operations. The problem is
that many companies are conveying claims not just in a formal privacy policy in
the fine print on the website, blog or social media brand page, but also where
the company states choice mechanisms, opt-outs, and other ways consumers can
customize their experience. The FTC’s complaint against Google highlights alleged
misrepresentations on the company’s Advertising Cookie Opt-Out Plug-in page
that were overlooked for compliance.
Cookies are the unique file codes placed on a consumer’s computer when a
website is opened and consumer choices are made on the website.
Google claimed in its fine print that for users of the Safari browser that
it would not place tracking cookies on the users’ computers or serve them
targeted advertisements. The FTC alleged that Google used codes to
disguise its cookies to work around Safari’s opt-out default setting.
Overlooked Claims of Self-Regulatory
Compliance
Many companies promote on their website
their affiliation with self-regulatory programs. For example, to join the
Network Advertising Initiative (NAI), a voluntary self-regulatory group for the
online advertising industry, company members agree to disclose to users their
data collection and use practices. Although Google touted its NAI membership
on its website, the FTC says the company did not truthfully disclose what it
was doing with Safari users’ data.
Key
Points
- The CEO and top executives of your company must often repeat that they are committed to compliance with consumer privacy and advertising laws and they will hold the IT director and Chief Marketing Officer accountable.
- Your information technology staff needs to take the lead in compliance before your marketing managers and legal advisors get involved.
- It helps for a company to adopt an internal consumer privacy policy that places primary responsibility on the IT Department and secondary responsibility on the marketing staff for compliance with laws and regulations on the use of cookies and user tracking tools.
- The internal policy should require that IT department make and update a list of all the places on your company websites, social media promotions and sponsored blogs where privacy representations and claims are made, maintain an inventory of the cookies they use, and not launch new ones without both marketing and legal review.
- The internal policy should also require that the marketing staff make and update a separate list of all the user tracking tools being used on your company websites, social media promotions and sponsored blogs and maintain an inventory of the categories of data being collected from users, and not launch new tracking tools or categories of data being collected without both IT and legal review.
- Sidestepping users’ preferences can lead to costly legal missteps.
