Download - Adler nurani
Facebook Marketing Legal and Regulatory Compliance
Socialize Toronto: Monetizing Social Media
January 27, 2012
Presenters: Fazila Nurani, PrivaTech Consulting
David M. Adler, Leavens Strand, Glover & Adler, LLC
Objectives
• Understanding the legal
framework and regulator
outlook on Facebook in
Canada and the U.S.
• Key questions from
participants.
• New developments in
Canada and the U.S.
Context
• Facebook boasts
over 800 million
active users.
• About 17 million
Canadian and 150
million American
“monthly active
users”
• Default privacy
settings only
changed by 15-
20% of users.
Canada’s Privacy Laws
• Privacy laws apply to personal information
collected, used and disclosed in the course of
commercial activities.
• Mix of federal and provincial laws: • Personal Information Protection and Electronic Documents
Act, 2001– federally regulated businesses, and provinces
without their own private sector privacy law.
• B.C. Personal Information Protection Act, 2004
• Alberta Personal Information Protection Act, 2004
• Quebec Act Respecting the Protection of Personal Information
in the Private Sector, 1994
• Health privacy laws: Alberta, Saskatchewan, Manitoba,
Ontario, New Brunswick, Newfoundland
OPCC’s Take on Facebook • The Office of the Privacy Commissioner of Canada investigated
Facebook’s practices in August of 2009. Key findings: Sharing of personal information with third-party developers creating
Facebook applications raises serious privacy risks.
Distinction between account deactivation and deletion not clear.
Lack of transparency in Facebook’s privacy policy.
• September 2010 – OPCC stated the issues raised have been
resolved to her satisfaction, and at the same time announced her
investigation of the “Like” button.
• Stoddart:
“Facebook is one of several rapidly growing and
evolving Internet giants that are presenting ongoing
challenges to privacy regulators around the globe.”
Social Media Court Cases in Canada
General Trends:
• Blurring the divide between public
and private life.
• The more friends/fans you have,
the less the “expectation of privacy”.
• Stretching the law to fit the social
media context.
• Focus on fairness.
• Courts are turning to international cases for
guidance.
Privacy in The United States
General Observations:
• US: No Privacy Framework in place
• FTC: Federal Agency Safeguarding
Consumer Privacy
• Internet’s “Implicit Bargain” = “Free”
Content in exchange for Marketing
• Online Behavioral Advertising (OBA)
• Industry Self Regulation / “Do Not
Track”
Social Media Cases
Consumer Deception/Privacy Risks
• Twitter (2010-2011)
• First FTC Social Media Case
• Charges: hackers gained unauthorized admin control
• Result:
• 20 yr ban on misleading consumers
• Info Security Program subject to audit for 10 yrs
Social Media Cases, Cont.
Consumer Deception/Privacy Risks
• Facebook (2011)
• Charges: deceived consumers about public availability
of private info
• Result:
• Bar on misrepresenting privacy and security
• Affirmative Consent Required for Privacy Overrides
• 30 Day access limit for deleted accounts
• Create & maintain comprehensive privacy program
• Third-party audits every 2 yrs for next 20 yrs
Social Media Cases, Cont.
Consumer Deception/Privacy Risks
• Data Breach Notification Laws
• Federal: Data Accountability and Trust Act (DATA)
• State:
• www.ncsl.org provides a comprehensive state-by-
state list of data breach notification statutes
• CA: Consumers can request copy of a Web Site’s
Data Breach Notification Policy
New Developments and Path Forward
• Ongoing class action lawsuit against Facebook launched
in a Manitoba court claiming the social media site misled
users into letting their personal information be sold for a
profit.
• December 6, 2011 – OPCC released Guidelines for
online behavioural advertising.
• Coming into force soon – Canada’s new anti-spam law,
the Fighting Internet and Wireless Spam Act (“FISA”)
• Opt-in model for commercial electronic messages.
• New definitions for “family” and “personal”
relationships may pose cost implications for social
media marketers.
Privacy Trends in the U.S.
• Federal Privacy Legislation
• “Do Not Track” bill from Sen. John D Rockefeller (D-W.Va.)
• “privacy bill of rights” from Sens. John McCain (R-Ariz.) and
John Kerry (D-Mass.)
• FTC Guidelines
• Online Behavioral Advertising Principals
• www.ftc.gov/os/2009/02/P085400behavadreport.pdf
• Industry Initiatives
• WOMMA http://womma.org/ethics/disclosure/
Summary
• Privacy Rights
• Will continue to evolve in the U.S.
• Will be subject to new federal (and possibly state)
regulation
• Action Items
• Develop a Social Media Policy
• Review/Update your Firm’s Privacy Policy
• Conduct Due Diligence on digital marketing partners
to understand how consumer information is: 1)
gathered, 2) stored, & 3) shared
Questions…?
Fazila Nurani, B.A.Sc.(E.Eng.), LL.B, CIPP/C
Senior Counsel and Lead Trainer
PrivaTech Consulting
Phone: 1-905-886-0751
Fax: 1-905-886-9974
_____________
David M. Adler | Leavens, Strand, Glover & Adler, LLC
203 North LaSalle Street, Suite 2550
Chicago, Illinois 60601
Direct: (866) 734-2568
Fax: (312) 275-7534
www.ecommerceattorney.com
@adlerlaw