The Google Buzz social media initiative launched in February 2010 raised privacy concerns, whilst more recently the FTC took issue with questionable product reviews for Legacy Learning Systems’ teach yourself DVD sets. Hannah Willson reports.
Topic: Social media
Who: FTC, Google and Legacy Learning Systems
Where: United States
When: March / April 2011
Law stated as at: 5 May 2011
What happened:
Google Buzz – privacy
Those of you who are not Gmail users may not be familiar with Google Buzz – it's Google's attempt at social networking and results in a service somewhere in between Twitter and Facebook. That is not the reason it has been making the news, however. In Google's attempt to have a streamlined and 'user friendly experience straight out of the box' it decided to opt-in all Gmail users and set their profiles to public, including providing the names and email addresses of all their contacts, in some instances anything using the Picasa photo or Reader functions.
At first glance the ready-made group of friends created by Google Buzz was intuitive – it analysed who a user is in contact with most regularly and included them. However the default setting to 'public' could lead to anyone knowing who a user had been emailing, including those having an illicit affair, applying for alternative jobs etc.
In fact this new use of a user's personal data was in direct breach of Google's own privacy policy, which stated: "When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use."
Numerous complaints led to Google Buzz undergoing marked changes following its inception in February 2010. There is no longer an automatic 'circle for friends' but rather the contacts identified by Google Buzz are only recommended to a user to add as friends.
The complaints had a more far-reaching effect than causing some system changes to be implemented. The US Federal Trade Commission ("FTC") took regulatory action against Google Buzz for violating its privacy policy by using personal information for another service without the permission of the user.
The FTC also alleged that Google misrepresented that a user who clicked on the options 'Nah, go to my inbox,' and 'Turn Off Buzz' would not be enrolled in Buzz, when in fact they were still enrolled in certain features. Furthermore, the FTC charged that with respect to its European users, Google breached the key "notice and choice" principles of the US-EU Safe Harbor privacy framework.
Legacy Learning Systems – non transparent product reviews
Legacy Learning Systems ("LLS") are a provider of DVD-based instructional courses, such as 'Learn and Master Guitar'. LLS run an affiliate program whereby potential buyers are directed from an affiliate website via hyperlink to the LLS site. The affiliates would receive a commission of between 20% and 45% of the purchase price for any customer directed in this way.
One method the affiliates used to direct customers to the LLS website was by reviewing or endorsing the products online in articles, blog posts and other online editorial copy, however as these affiliates were effectively paid to provide these endorsements the law required them to disclose their relationship with LLS, which many of them failed to do or did so inadequately.
Although LLS had provisions in its agreement with the affiliates providing that they must comply with the FTC's rules on disclosures, the FTC did not consider this the same as ensuring that the affiliates did actually comply. Accordingly the FTC considered that LLS had violated the law by failing to disclose the material relationship. This shifted the burden onto LLS to implement a reasonable monitoring program to ensure that the affiliates clearly and prominently disclosed the relationship.
What the FTC did about it
The FTC took regulatory action against both Google and LLS for breaches of section 5 of the FTC Act and against Google for violation of the privacy requirements of the US-EU Safe Harbor framework.
The settlement arrived at between the FTC and Google is noteworthy for being the first time the FTC has imposed various sanctions.
Google was ordered to undertake a comprehensive privacy program that will include it undertaking regular privacy audits for the next 20 years and appears to be the first application of 'privacy by design' principles. The settlement also prohibits Google from misrepresenting the company's privacy practices with respect to 'covered information' or any other privacy compliance programs such as the Safe Harbor framework. Google must also provide its users with a notice and choice before sharing personal data with third parties in certain circumstances.
The LLS settlement requires them to pay $250,000 to the FTC and it must not make any future misrepresentations regarding the relationship between LLS and any endorser or user of a product or service. LLS must determine on a semi-annual basis the top fifty revenue-generating affiliates and monitor these on a monthly basis as well as a random sample of fifty of the remaining affiliates. In this way LLS was to ensure that they were complying with the regulations on disclosing material connections. LLS must also maintain reports and are under an obligation to terminate its relationship with any affiliate who is found to be acting inconsistently with the provisions of the consent order.
Why this matters:
The FTC has shown that they are taking a hard line with breaches of section 5 of the FTC Act in relation to consumers. Groundbreaking enforcement action has been taken against Google and media companies would be wise to learn from its errors and to consider the privacy issues in trying to make a user friendly and tailored service before going public.
The OFT has not been afraid to take action in similar circumstances to the LLC case. This was demonstrated by the Handpicked Media case at the beginning of 2011. Care must be taken by marketing companies not to breach the principles in the Data Protection Act and to ensure there are no misleading actions or omissions under the Consumer Protection from Unfair Trading Regulations 2008 ("CPRs"). Had LLS made the same mistakes in the UK, the OFT could have brought an action under the CPRs for an automatically unfair commercial practice.
To ensure that disclosures of a material connection for endorsements and testimonials are clear and prominent, the FTC provided the following guidance which is likely to have similar application in the UK:
(a) textual communications: Disclosures must be of a type, size and location sufficiently noticeable for an ordinary consumer to read and comprehend and in print that contrasts with the background on which they appear;
(b) oral communications: Disclosures must be made in a a volume and cadence sufficient for an ordinary consumer to hear and comprehend them;
(c) video communications: disclosures must be in writing in a form consistent with (a) and shall appear on the screen for a duration sufficient for an ordinary consumer to read and comprehend them; and
(d) in all instances disclosures must be presented in an understandable language and syntax, and in the same language as the predominant language used in the communication and with nothing contrary to, inconsistent with or in mitigation of the disclosures used in any communication of them.
