Client Alert - Update on US Web, Mobile App and E-commerce Regulations
As e-commerce and social media grow, so do the legal regulations that govern them. Just as you must stay up to date with technology, you must stay up to date with the new regulations and changes to existing regulations concerning technology. Among these are:
COPPA (Children’s Online Privacy Protection Act, 15 U.S.C. § 6501 et seq.). On July 1, 2013 important amendments to COPPA adopted by the Federal Trade Commission become effective. Among these are the new definition of “personally identifiable information,” which now proscribes the collection and storage of email addresses and IP addresses, in addition to names, street addresses, etc. Only companies that specifically direct their app or site to children are governed by COPPA, but proprietors of sites popular with teens or tweens should be aware that if they have actual knowledge of children using their site or app, they will be subject to COPPA.
Mobile Apps/Website Privacy. If there was ever any doubt that a mobile app, like a traditional website, must prominently bear a privacy policy, it was dispelled recently when an app developer was prosecuted for failure to include such a policy conspicuously on his app. Although there is no silver bullet for ensuring compliance with privacy laws, best practices do exist, including disclosing your data collection practices to consumers before the app is downloaded and including links to your privacy policy on each page of the site or app. Any app directed at children will be under heightened scrutiny. Potential problem areas include data collection disclosures that do not match actual practices, and apps or sites that collect location data or track consumers’ preferences without disclosure, or that collect financial or medical data. The user’s consent to such collection must be granted before collection occurs; merely posting your policy is not adequate.
California Privacy (Cal. Bus. & Prof. Code § 22575 et seq. (“Cal-OPPA”)). California law expressly provides that every platform, whether a mobile app or a website, must include a conspicuous privacy policy. That policy must state that you will provide California consumers, within 30 days of request, with the specific names of any information brokers or other third-party companies with whom you may share their information. Under the currently pending Right to Know Act of 2013, such disclosures would also include any data sharing by way of cookie collection or other non-human collection.
FTC .Com Disclosures. These “truth-in-advertising” rules govern such things as use of celebrity endorsements, which must be labeled as such; sponsored ads, which also must be labeled as such; and claims made in the body of an internet ad itself. The FTC premises its rules—the application of which is subjective in nature—on the fact that ads appearing on the internet are often read quickly, or have details hidden in hyperlinks or in a smaller font or light colors.
Online Contests. Any contest run on a social media site such as Facebook, Pinterest, Tumblr or Twitter must comply with each respective platform’s guidelines, and also with multiple laws, both federal and state, including COPPA. Recent FTC action against Zanga and Playdom resulted in fines of $1 million and $3 million, respectively. All promotions, but especially those that encourage the submission of user-generated content, while popular, should be reviewed by counsel prior to commencement.
Gift Cards/Online Coupons. There have been numerous developments in gift card laws in recent years, on both the state and federal level. The federal Credit CARD Act of 2009 requires that certain disclosures be made to the consumer, and prohibits expiration of a card in less than five years. Several state laws require that unused portions of gift cards be given back to consumers, although most states allow a shorter expiration period for the cash-back component. The terms and conditions of the gift card or online coupon must be conspicuous and clear, and must be placed on the card or coupon itself.
Recommendations:
◊ Routinely update both the terms and conditions and privacy policies your company places on its website. If you have a mobile app, it too must disclose the policies governing its use and data collection; often the policies may differ due to the size constraints of an app.
◊ Appoint a privacy compliance employee, who ensures compliance with privacy disclosure requests and reviews promotions and postings online.
◊ Be sure to also update your designation of an agent to receive notifications of claimed infringement with the U.S. Copyright Office if necessary, to continue to be eligible for the safe harbor under the DMCA for user-generated content.
◊ Be mindful that there are also laws in other countries which must be complied with if you are operating in such other countries, or directing your app, contest or promotion to consumers outside the U.S.
◊ Don’t assume that compliance yesterday means compliance today.
For further information contact Arlana S. Cohen or Meichelle MacGregor.
To download a printable copy of this article, click here.