250 likes | 353 Views
Online Privacy An Oxymoron? The Risks of Online Behavioral Advertising. Introductions. MODERATOR: Michael W. Born, Esq., Senior Vice President - Underwriting Manager, ThinkRisk Underwriting Agency, LLC PANELISTS: Jim Adler , Chief Privacy Officer & General Manager, Data Systems
E N D
Online Privacy An Oxymoron?The Risks of Online Behavioral Advertising
Introductions MODERATOR: • Michael W. Born, Esq., Senior Vice President - Underwriting Manager, ThinkRisk Underwriting Agency, LLC PANELISTS: • Jim Adler, Chief Privacy Officer & General Manager, Data Systems • Laura D. Berger, Esq., Senior Attorney, Federal Trade Commission, Division of Privacy and Identity Protection • Joe DePaul, Senior Vice President, A.J. Gallagher Risk Management Services • Dominique R. Shelton, Esq., Partner, Wildman Harrold Allen & Dixon, LLP • Adam Sills, Vice President, E&O, Allied World Assurance Company
Agenda • Technology of Online Behavioral Advertising • Legality of Gathering Online Behavioral Information • Risks Associated with the Tracking of Users Internet Activity • Risk Management Solutions for Advertisers • Predictions • Questions
ARS Polling Question • How familiar are you with how Online Behavioral Advertising works? • I am very familiar with OBA and how it works. • I know what OBA is but I don’t know how they do it. • I have heard of OBA but don’t know exactly what it is or how it works. • I thought OBA stood for On Base Average.
What Is OBA and How Do They Do It? Online Behavioral Advertising • Advertisers use of information collected on an individual's web-browsing behavior, such as thepages they have visited or the searches they have made, to select which advertisements to display tothat individual. How Do They Track Such Information? • Cookies, Flash Cookies, Zombie Cookies,Ever Cookies • What is the new technology that is causing concern? • Is the average consumer aware of this? Do they care?
What Are They Looking Forand How Do They Use It • Typical information gathered by new online tracking devices: • Computer’s IP address • Browsing history including search terms used, items viewedand websites visited • User name or user ID? • What about personally identifiable information? • What do they do with that information? • Aggregate and use to determine geographical and demographical trends • Direct targeted advertising to the user or at least his/her IP address • Sell to other companies that wish to do the same
What is at Stake • US online ad spending was projected to reach $25.8 billion in 2010 (actual was $26 billion), to pass $30 billion in 2012 and $40 billion in 2014.
ARS Polling Question • Now that you know a little more about how Online Behavioral Advertising works, how concerned are you about being tracked online? • I am very disturbed and would like for all online tracking to be illegal. • I am somewhat concerned and would like the option to opt-out of being tracked. • I am okay with being tracked so long as my personal identifying information is not disclosed. • You have zero privacy anyway, get over it.
Legal Implications of the Collection and use of Internet User’s Information • December 1, 2010, FTC released its preliminary staff report, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policy Makers.” • Issues with current privacy models • Suggested new framework • (1) Privacy by Design; • (2) Simplification of consumer choice; and • (3) Greater transparency • December 16, 2010, the Department of Commerce Internet Policy Task Force released a privacy green paper, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” • March 16, 2011, Assistant Secretary of Commerce Lawrence E. Strickland called for national consumer data privacy legislation and FTC to enforce.
Regulatory and Legislative Efforts • FTC Do Not Track Proposal: • Persistent Cookie that “blocks” tracking • Enforcement Provision • Compare EU e-Privacy Directive (2002/58/EC) update effectiveMay 26, 2011: • Prior consent to collect consumer info via cookies or other tech • Implementation details still being developed • See www.allaboutcookies.org • The Commercial Privacy Bill of Rights Act of 2011 - Kerry-McCain Bill Opt-out (Except especially sensitive information, then Opt-in) • No Private Cause of Action • The Do Not Track Online Act of 2011 – Rockefeller Bill • Basically follows FTC Do Not Track framework
FTC v. Chitika – March 2011 • FTC Puts an End to Tactics of Online Advertising Company That Deceived Consumers Who Wanted to "Opt Out" from Targeted Ads • Chitika Inc.’s Opt-Out Expired After Only 10 Days • The settlement bars Chitika from making misleading statements about data collection • Requires that every targeted ad include a hyperlink to anopt-out page • Requires Chitika to destroy all prior user information collected
Enter the Class Action Bar –Privacy Litigation • Green v. Cable One, Inc. (N.D. Ala, filed February 3, 2010); Re-filed as Reeves v. Cable One, Inc.(March 2011) • Complaints allege that Cable One permitted NebuAd (now defunct) to install “ISP-based spyware” on users’ computers to track their “communications” and online conduct • Mortensen v. Bresnan Communications(D. Montana 2/16/10) • TOS and PP language matters! • Valdez v. Quantcast, MTV, NBC Universal et al (C.D. Cal. July 23, 2010) • Class action against ABC, MTVNetworks, NBC Universal andQuantcast for use of flash cookies onplaintiffs’ websites • White v. Clearspring Technologies,(C.D. Cal. August 10, 2010) • NBC and Warner Bros Records sued dueto widgets
Even More Litigation • Ringleader Digital mobile-web advertising company sued in CDCA over its use of HTML5 to track iPhone and iPad users • 6/20/11 Confidential Settlement (not on a class basis) • Interclick class action lawsuit over “history sniffing” re-spawning flash cookies and hidden code to monitor online users. • CFAA dismissed b/c no quantification of $ damages • No $ damage required under NY Bus 349 due to misleading practices • Trespass still requires harm to value but sufficiently plead • Dismissed contract claims for failure to allege denied benefit of contracted • Advertiser Defendants Dismissed for failure to state any wrongful acts
Most Recently Freeman v. AppleLalo v. AppleAcosta v. Apple and Diaz v. Apple The suits stem from a WSJ investigation that revealed several iOS and Android applications were transmitting age, gender, location and device identifier (UDID) information to third-party advertising companies. • Sept 1, 2011 Microsoft Suit (Federal Court Seattle) re Windows Phone 7 Smartphones tracking when camera is on • Arkansas State Computer Trespass Cases(December 30, 2010- January 10, 2011) • 17 consumer class actions
Are There Any Damages? • Quantcast and Clearspring Flash Cookie Class Action Settlement: $2.4 million
Self-Regulation • Effort to develop common practices for OBA activities across the Internet is being led by a coalition of the nation’s largest media and marketing trade associations: • Association of National Advertisers (ANA) • American Association of Advertising Agencies (AAAA) • American Advertising Federation (AAF) • Direct Marketing Association (DMA) • Interactive Advertising Bureau (IAB) • The self-regulatory program for online behavioral advertising includes several important components: • Advertising Option Icon • Consumer Choice Mechanism • Accountability and Enforcement • Educational Campaign • To learn more, visit www.aboutads.info.
ARS Polling Question • How Should Online Privacy Issues be Regulated? • Through governmental agencies, such as the FTC • By means of consumer protection statutes that support private litigation • Self-regulation by online companies with regulatory oversight • All of the above • Online privacy should not be regulated
Risk Management • Privacy Policies and Terms of Use or Terms of Service • Compliance’ doesn’t mean risk-free • Clearly marked ‘opt-out’ • Web 2.0 • If its ok in U.S., doesn’t mean its ok in EU • What are the goals of the marketing? • Do your customers understand what you are doing with the information?
Insurance Solutions How Does Insurance Apply to These Risks? • General liability advertising injury coverage • Professional liability for advertisers • Media or content liability policies • Privacy and Network SecurityPolicies
Predictions and Key Take-Aways • What will be the important online privacy statutes and regulations implemented in 2011 and beyond? • How will the courts apply these new rules and regulations? • Will OBA cease to exist or become more commonplace and accepted? • Will insurance products evolve to provide or exclude coverage for online privacy violations?
ARS Polling Question • How Did You Like This Panel? • I loved it! • It was the best presentation I have ever attended! • I laughed, I cried, I wish it weren’t over! • I thought Tony Blair was supposed to be on this panel!
Questions & Answers
Many thanks to … • Jim Adler • Laura Berger • Michael Born • Joe DePaul • Dominique Shelton • Adam Sills