• In This Issue

    Editors: Linda A. Goldstein | Jeffrey S. Edelstein | Marc Roth

    The Buzz Over Privacy Continues with Google FTC Settlement

    Marking the first time the Federal Trade Commission has required a company to implement a comprehensive privacy program, the agency entered into a proposed settlement with Google over its Buzz social networking feature.

    Last February Google launched Buzz to instant criticism. When originally presented, Buzz was automatically added to all users of Gmail, Google’s e-mail system. The program then turned users’ frequent e-mail contacts into followers and made photos and information public by default.

    The Electronic Privacy Information Center filed a complaint with the FTC, and consumers filed a federal class action lawsuit alleging privacy violations. The suit later settled for $8.5 million.

    According to the FTC complaint, Google used deceptive tactics and violated its own privacy policy.

    At the time Buzz was launched, Google’s privacy policy stated that “When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.”

    The FTC alleged that the company used the information for social networking purposes without advance permission. By offering options like “Turn off Buzz” to users, Google also misrepresented that clicking on those options would permit users to decline enrollment in the network, when in reality they would still be enrolled in certain features.

    The FTC also maintained that Google violated the substantive privacy requirements of the U.S.-EU Safe Harbor Framework because it failed to give consumers notice and choice before using their information for a purpose different from that for which it was collected under the privacy framework.

    Under the terms of the proposed settlement, Google agreed to obtain consent from users prior to sharing their information with third parties, and to establish and maintain a comprehensive privacy program.

    The company will also be audited every two years for the next 20 years so that its privacy and data protection practices can be evaluated, and it is barred from future misrepresentations that it complies with the Safe Harbor Framework, or with its own privacy or confidentiality policies regarding users’ information.

    The proposed settlement will be open for public comment until May 2.

    In a blog post, Alma Whitten, Director of Privacy for Google Product & Engineering, wrote that the company doesn’t “always get everything right. The launch of Google Buzz fell short of our usual standards for transparency and user control – letting our users and Google down.”

    Apologizing for the mistakes made with Buzz, Whitten wrote that the company is “100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all users going forward.”

    To read the FTC’s complaint against Google, click here.

    To read the proposed consent order, click here.

    Why it matters: “When companies make privacy pledges, they need to honor them,” Jon Leibowitz, Chairman of the FTC, said in a statement about the proposed settlement. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.” The requirements of the proposed settlement represent several firsts by the agency: the first time the FTC has required a company to implement a comprehensive privacy program, and the first time it alleged substantive failure to comply with the U.S.-EU Safe Harbor Framework. The settlement suggests that the FTC will take privacy-related enforcement actions in the future, and will announce what types of measures – like the requirement that consumers opt in to data sharing – the agency would like to see companies take.

    back to top

    Power Balance Reaches $57 Million Settlement Over False Marketing

    Power Balance has agreed to a potential $57 million settlement in a federal class action suit that alleged the company falsely marketed its bracelets, wristbands, pendants, and other accessories claiming they gave wearers physiological benefits like improved balance, strength and flexibility.

    The suit alleged that since 2007, Power Balance falsely advertised its accessories with claims like “Power Balance holograms are designed to work with your body’s natural energy field,” “Use of the Power Balance results in lots of endurance and stamina,” and “Power Balance holograms are embedded with frequencies that react positively with your body’s natural energy field to improve balance, strength and flexibility.”

    Denying any wrongdoing or liability, Power Balance agreed to refund consumers the full retail price of their purchase (up to 10 accessories per consumer), plus an additional $5 to cover shipping and handling. With an estimated 1.7 million Power Balance products sold in the United States, the parties estimated the value of the proposed settlement to be in excess of $57 million.

    In addition, Power Balance agreed to change its marketing and advertising practices. Under the proposed settlement, the company will not represent in any advertising that its products will “improve balance, strength or flexibility” or that its products “work with your body energy,” unless it is able to provide evidence that supports the representations.

    Live demonstrations that Power Balance held to exhibit the benefits of its accessories will also end, and the company said it would remove some video postings of demonstrations.

    Looking for judicial approval at the April 25 hearing, the parties emphasized in their joint filing that the terms of the settlement are “above and beyond the amount class members would be entitled to if Power Balance was ordered, as restitution, to disgorge.”

    To read the proposed settlement in Batungbacal v. Power Balance, click here.

    Why it matters: The suit marks the third action taken against Power Balance over the advertising of its products, after consumer protection actions were also taken in Australia and France. Facing charges from the Australian Competition and Consumer Commission, the company admitted that it has “no credible scientific evidence that supports our claims,” while the French consumer protection agency levied a fine of 350,000 Euros for unsubstantiated claims.

    back to top

    FTC Commissioner: Do-Not-Track Not Endorsed by Agency

    Federal Trade Commissioner J. Thomas Rosch wrote an op-ed for Advertising Age on March 24, 2011, declaring that the concept of a “do-not-track” mechanism for online behavioral advertising “has not been endorsed by the agency – or even properly vetted.”

    “I have serious questions about the various do-not-track proposals,” Rosch wrote. In a concurring statement to the FTC privacy report issued last December, he stated “I said I would support a do-not-track mechanism if it were ‘technically feasible.’ By that I meant that it needed to have a number of attributes that had not yet been demonstrated. That is still true, in my judgment.”

    Rosch expressed his concerns with the concept of a do-not-track mechanism, which could potentially jeopardize competition and innovation, create a lack of consensus about exactly what “tracking” entails, and potentially lead to consumers’ loss of free content and relevant advertising they take for granted.

    He wondered whether “an overly broad do-not-track mechanism would deprive consumers of some beneficial tracking, such as tracking performed to prevent fraud, to avoid being served the same advertising, or to conduct analytics that foster innovation.”

    “Not only could consumers potentially lose access to free content on specific websites, I fear that the aggregate effect of widespread adoption by consumers of overly broad do-not-track mechanisms might be the reduction of free content, free applications and innovation across the entire Internet economy.”

    He warned against the “recent rush” to adopt untested do-not-track mechanisms and cautioned against “a reluctance to take on the harder task of examining more-nuanced methods of providing consumers with choice. It is always easier to just say ‘no’ with a blunt instrument, rather than to take the time and effort to consider all the ramifications of the different alternatives.”

    The implementation of do-not-track mechanisms could also give some companies in the browser market a monopoly or near monopoly, and could jeopardize competition, Rosch wrote.

    To read Rosch’s editorial, see the editorial section of Advertising Age on March 24, 2011 (subscription required).

    Why it matters: Commissioner Rosch’s editorial provides hope to those opposed to the idea of a do-not-track mechanism and supplies opponents with arguments against such a measure. “These are some of the questions for which I will be seeking definitive answers before I can support any particular do-not-track proposal. I am speaking only for myself because, as I emphasize, the commission has not yet voted to endorse any such proposal,” Rosch wrote.

    back to top

    LinkedIn Sued Over Cookies

    LinkedIn is facing a potential federal class action after a California resident claimed that the company allowed ad networks and other third parties to discover his name and connect it to tracking cookies.

    The suit alleges that LinkedIn user Kevin Low was “embarrassed and humiliated” by the disclosure of his personally identifiable browsing history, which he contends is “valuable personal property with a market value.”

    According to the complaint, LinkedIn intentionally and knowingly transmitted both personally identifiable browsing history and other personal information to third parties like advertisers, Internet marketing companies, data brokers, and Web tracking companies.

    The company assigns users unique identification numbers associated with their names when they sign up, and the pages on the LinkedIn site link and transmit users’ unique identification numbers with third party-tracking IDs, or cookies, the suit contends.

    Through the use of the unique user identification number, LinkedIn can connect a user’s personal information in their site profile, obtain information about other profiles they view and interact with, and provide that information to third parties that then connect Internet browsing history with the personal information in a LinkedIn account.

    “Consequently, anyone who has used the Internet to discreetly seek advice about hemorrhoids, sexually transmitted diseases, abortion, drug and/or alcohol rehabilitation, mental health, dementia, etc., can be reasonably certain that these sensitive inquiries have been captured in the browsing history and incorporated into a personal profile which will be packaged for sale to marketers who will then send targeted solicitations to them exploiting that information. If the user is on LinkedIn, their browsing history will be linked to their personal identification and served up to marketers for use as they see fit,” according to the complaint.

    According to the complaint, LinkedIn’s actions violate its own privacy policy regarding the sharing of personal information, as well as the provisions of the federal Stored Communications Act, the California state deceptive business law, and California common law regarding invasion of privacy.

    The suit seeks to certify a national class of LinkedIn users dating back to March 2007 and asks for injunctive relief and damages, including statutory damages of $1,000 per violation under the SCA.

    LinkedIn said in a statement that it plans to vigorously defend against the suit.

    To read the complaint in Low v. LinkedIn Corp., click here.

    Why it matters: With the lawsuit, LinkedIn joins other high-profile social networking sites in being accused of privacy violations. Given the focus on privacy by plaintiffs’ lawyers, legislators, and regulators, companies should evaluate their privacy policies and remain consistent with them.

    back to top

    Noted and Quoted...Linda Goldstein Cautions Brands on Twitter Imposters

    Advertising Age recently spoke with Linda Goldstein, Manatt's Advertising, Marketing & Media Division Chair, on the proliferation of unauthorized Twitter feeds using the names and likenesses of well-known brand mascots such as the Pillsbury Doughboy and Tony the Tiger. 

    If Twitter users are not profiting from the use of the brands’ character copyright, marketers likely cannot obtain legal damages for misrepresenting them.  However, “even if they are used for non-commercial purposes, I think it would be prudent for brands to be vigilant in protecting their assets because consumers might well believe there's some connection here,” said Ms. Goldstein.  To read more, see the April 11, 2011 issue of Advertising Age (subscription required).

    back to top