Wondering Where The Line Is On Internet Privacy - - Just Watch Facebook

Posted on June 3, 2010 by N. Kane Bennett

My firm receives many calls from new or existing businesses with Internet privacy questions.  Many calls come from e-commerce businesses, start ups, or businesses that want to utilize information gathered from users accessing their Web sites. Some business owners have ideas or concepts that test the limit on use of user profiles, preferences, and content.  The question becomes, just what are the limits for user expectations on privacy?

Take Facebook for example.  Facebook has a reported 400 million users.  Facebook is constantly in the headlines over its privacy policies and security settings related to its user's profile information.  Whether it is a class action lawsuit in California  or the recent $10 million settlement for its Beacon program, you can count on Facebook to have dealt with any number of privacy issues in litigation.  

Recently, another lawsuit has been filed over Facebook's "opt out" setting concerning the instant personalization feature.  Wendy Davis on  Online Media Daily reported on the story.  This feature automatically shares user information with three outside companies, Microsoft Docs, Pandora, and Yelp.  The lawsuit was filed in U.S. District Court in Rhode Island for violation of the Stored Communications Act (Download here).  By my count, Facebook has been sued at least 30 times in Federal court in recent years.

In the Internet privacy area, Facebook tests the outer limits of what is acceptable for privacy rights and user expectations.  When Facebook makes a change or tries something new, everyone pays attention.  As a result, Facebook's privacy policies get vetted by 400 million users, numerous industry and trade groups, leading technology blogs like TechCrunch, and even the federal government. 

If you want to know what crosses the line when it comes to privacy on the Internet,  just watch Facebook.   

Tags: , , , , , , , ,

Will Data Protection Laws Ever Catch Up To New Technology?

Posted on May 3, 2010 by N. Kane Bennett

That was the question posed in an email newsletter I received today from the International Association of Privacy Professionals.   I am a member of this group out of personal interest and to to stay on top of issues related to privacy laws and technology.   One of the benefits of belonging to this group is that I get email newsletters with summaries of new laws, regulations, and lawsuits dealing with privacy issues from all over the world. 

Today's email posed the question in the title of this post and featured an article from the New York Times by Natasha Singer called "Shoppers Have No Secrets."   The article details the technology of "behavioral tracking" by retail and advertising businesses and how the Federal Trade Commission (FTC) is playing catch up when it comes to regulating this technology.

Online behavioral tracking has been a hot button issue for both businesses and privacy rights groups for a few years.  Natasha's article lists several types of new tracking to include:

  • Cameras that can follow you from the minute you enter a store to the moment you hit the checkout counter, recording every T-shirt you touch, every mannequin you ogle, every time you blow your nose or stop to tie your shoelaces.
  • Web coupons embedded with bar codes that can identify, and alert retailers to, the search terms you used to find them.
  • Mobile marketers that can find you near a store clothing rack, and send ads to your cellphone based on your past preferences and behavior.

The article is a very good summary of the issue and has links to advocacy groups on both sides of the debate.  The article also highlights the differences between European and US based privacy laws. In general, the EU is far more advanced and stringent when it comes to personal data protection. 

In the US, the FTC publishes guidelines and takes enforcement action under its authority to regulate unfair trade.  There are also the states' Attorney Generals and class action and individual lawsuits.  Nevertheless, to answer the question I posed in this post, it is clearly a "NO" in the US.   Data protection laws will not catch up to new technology. At least, not anytime soon.

So, should Connecticut businesses ignore consumer privacy issues?    Not if the business wants to stay ahead of the game and out of litigation over privacy violations.   The FTC and state Attorneys General still have broad enforcement powers to regulate unfair trade.  Also, individual consumers continue to bring lawsuits over these issues.  

For Connecticut businesses, it is a good idea or best practices to implement  a policy related to protection of consumer data, preferences, and personal identifiers.  I have posted some tips about these issues before.  If you are looking for "do it yourself" resources, another good place to start is the FTC guidelines on behavioral tracking or its Guide for Business in protecting personal information. 

Of course, by the time you implement a privacy plan for today's technology, it will be time to start updating it for what tomorrow brings.  Good thing I get an email to remind me.   

 

Tags: , , , , ,

Unfair and Deceptive Trade Practices in Connecticut

Posted on February 14, 2010 by N. Kane Bennett

Each state generally has some type of consumer protection or trade protection law that seeks to prohibit and punish unfair conduct and deceptive acts in trade or commerce.   Most states, including Connecticut, model their laws after section 5 of the Federal Trade Commission Act.  Section 5 of the FTC Act prohibits unfair or deceptive acts and unfair competition in the marketplace. 

Connecticut's Unfair Trade Practices Act (commonly referred to as CUTPA by attorneys and judges), is codified at Connecticut General Statutes section 42-110b.  CUTPA states, in relevant part, that:

(a) No person shall engage in unfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce.

(b) It is the intent of the legislature that . . . the courts of this state shall be guided by interpretations given by the Federal Trade Commission and the federal courts to Section 5 . . . .

(c) The commissioner may . . .establish by regulation acts, practices or methods which shall be deemed to be unfair or deceptive. . . Such regulations shall not be inconsistent with the rules, regulations and decisions of the federal trade commission and the federal courts . . .

(d) It is the intention of the legislature that this chapter be remedial and be so construed.

CUTPA's provisions can be far reaching for businesses and consumers.  For example, under section 42-110g, attorneys who successfully prove a CUTPA violation in Connecticut business litigation may be able to recover attorneys fees, punitive damages, and costs for their clients.  CUTPA's provisions also provide for the ability of attorneys to bring class action lawsuits in Connecticut for unfair or deceptive acts. Additionally, courts can order injunctive relief or other equitable remedies for CUTPA violations.

CUTPA's provisions may be enforced by the various State's Attorneys and the Attorney General, such as the AG's recent lawsuit against Net Health over its loss or exposure of personal identifiers (date of birth, social security number) of Connecticut residents.  Private citizens and businesses may also bring actions for unfair competition or deceptive acts under CUTPA, including class action lawsuits such as the recent case against AT&T over Internet access.

To establish a violation of CUTPA, attorneys in Connecticut have to prove that their clients suffered "any ascertainable loss of money or property, real or personal, as a result of the use or employment of a method, act or practice prohibited by section 42-110g. . ." Generally speaking, this requirement means Connecticut attorneys have to show that their clients sustained damages as a result of an unfair or deceptive act in trade or commerce. 

To determine what constitutes an unfair or deceptive act, Connecticut courts specifically refer back to the Federal Trade Commission and what is commonly referred to as the "cigarette rule."  The cigarette rule defines what type of conduct may qualify as unfair and deceptive justifying an award of compensatory or punitive damages.   This rule dates back to 1964 and comes from legislative policy making by the Federal Trade Commission concerning requirements for warning labels on cigarette packages. 

 The three prongs of the cigarette rule are as follows:

  1. whether the practice, without necessarily having been previously considered unlawful, offends public policy as it has been established by statutes, the common law, or otherwise-in other words, it is within at least the penumbra of some common law, statutory, or other established concept of unfairness;
  2. whether it is immoral, unethical, oppressive, or unscrupulous;
  3. whether it causes substantial injury to consumers, [competitors or other business persons]. . . .

All three criteria do not need to be satisfied to support a finding of unfairness. A practice may be unfair because of the degree to which it meets one of the criteria or because to a lesser extent it meets all three.


It is important to note that not every act or conduct that might seem to fit the criteria will be a violation of CUTPA. For example, generally speaking, mere negligent acts or simple breaches of a contract do not constitute unfair or deceptive acts under CUTPA. It is also important to note that some conduct automatically violates CUTPA or is considered a per se violation, such as failure to follow the Home Improvement Act or to register a trade name.


There are many nuances to CUTPA and the above is only a brief summary. Any business or consumer trying to determine whether they were damaged by conduct constituting a violation of CUTPA should contact a business litigation attorney or the Attorney General's office.

 

Tags: , , , , , , ,