Goldstein to Present on Native Advertising at ADAPT Summit, Feb. 23
At VMA Media's upcoming ADAPT Summit on February 23, Linda Goldstein, partner and chair of Manatt's Advertising, Marketing and Media practice, will discuss the native advertising ecosystem in the wake of the Federal Trade Commission's new guidance on native advertising. In a session titled, "What You Need to Know: New Federal Regulation Shakes Up the Native Advertising Ecosystem," Goldstein will offer insight into what could trigger regulatory scrutiny and explore what's in store on the native advertising enforcement front this year. The Summit will be held on February 21- 23, 2016, in Dana Point, CA.
back to top
Uber Drives Settlement With NY AG Over Data Breach, Privacy Violations
In a pair of settlements, ride-sharing company Uber agreed to pay a $20,000 fine for failing to report a data breach in a timely manner as required by New York law and promised to change its policies and procedures to better protect the privacy of riders.
New York Attorney General Eric T. Schneiderman was behind both actions. In 2014 he opened an investigation when it was revealed that employees could access the company's tracking system, dubbed "God View," which allowed real-time monitoring of information about affiliated vehicles, drivers, and passengers. In one instance, a reporter said an Uber executive met her when she stepped out of a vehicle with the comment, "There you are. I was tracking you."
The system was intended to help the operations team track supply and demand for rides, but the AG looked into the "inappropriate access and display" of rider geolocation information. During the course of the investigation, Uber eliminated the use of personal information from God View and agreed to make changes to its policies and practices with regard to data security.
Going forward, the company will maintain and store GPS-based location information in a password-protected environment and encrypt the data in transit. Access to the aerial-view system will be limited to designated employees with a legitimate business purpose. The policy will be enforced by technical access controls and through a formal authorization and approval process.
More generally, Uber will designate at least one employee to coordinate and supervise its privacy and security program and conduct annual employee training for workers responsible for handling private information. Protective technologies for the storage, access, and transfer of private information—with credentials required for access—will be added, with regular assessments of the effectiveness of the company's data security measures.
In a separate agreement with Schneiderman's office, the company will pay a $20,000 fine for failing to report a data breach in a timely manner. New York General Business Law Section 899-aa mandates that businesses provide notice of a breach "in the most expedient time possible and without reasonable delay." But Uber waited until February 26, 2015 to share with affected drivers and the AG's office that it discovered a breach in September 2014. A company engineer posted an access ID on a site accessible to the general public and an unaffiliated third party accessed the database, which contained information including Uber driver names and driver's license numbers.
Why it matters: The Federal Trade Commission isn't the only privacy regulator in town. State Attorneys General are increasingly turning their attention to data security issues, as demonstrated by the New York AG's actions. "This settlement protects the personal information of Uber riders from potential abuse by company executives and staff, including the real-time locations of riders in an Uber vehicle," Schneiderman said in a statement about the deals. "We are committed to protecting the privacy of consumers and customers of any product in New York State, as well as that of employees of any company operating here. I strongly encourage all technology companies to regularly review and amend their own policies and procedures to better protect their customers' and employees' private information."
back to top
With Big Data Comes Big Responsibility, FTC Report Cautions
In a new report, the Federal Trade Commission warned businesses about the use of "big data," cautioning that taking advantage of big data analytics could result in outcomes that are exclusionary or discriminatory.
"Big data's role is growing in nearly every area of business, affecting millions of consumers in concrete ways," FTC Chairwoman Edith Ramirez said in a statement. "The potential benefits to consumers are significant, but businesses must ensure that their big data use does not lead to harmful exclusion or discrimination."
"Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues" examined how data is used by businesses after being collected and analyzed. The agency considered research, public comments, and information from a 2014 workshop on big data, as well as a recent seminar on alternative scoring products.
While the report highlighted innovative uses of big data in providing benefits to consumers (such as access to credit for underserved populations and increased educational attainment), it also addressed possible risks that could result from biases or inaccuracies about certain groups. For example, the data could be used to target vulnerable consumers for fraud or expose sensitive information. The agency noted that various federal laws may also come into play, including the Fair Credit Reporting Act, the Federal Trade Commission Act, and the Equal Credit Opportunity Act.
To help businesses address such concerns, the FTC offered four policy questions for consideration that were designed "to help companies determine how best to maximize the benefit of their use of big data while limiting possible harms."
The FTC suggested companies ask themselves: (i) How representative is your data set? (ii) Does your data model account for biases? (iii) How accurate are your predictions based on big data? and (iv) Does your reliance on big data raise ethical or fairness concerns?
Answers to the questions will help businesses guide their use of big data, the report said. For example, data sets with missing information about particular populations may tend to disadvantage a member of that population and hidden biases may lead to a disparate impact on certain individuals, the agency explained.
Commissioner Maureen K. Ohlhausen issued a separate statement about the report. Although she stated the report "enriches the conversation about big data," she emphasized the need to "test hypothetical harms with economic reasoning and empirical evidence."
"To understand the benefits and risks of tools like big data analytics, we must also consider the powerful forces of economics and free-market competition," she wrote. "If we give undue credence to hypothetical harms, we risk distracting ourselves from genuine harms and discouraging the development of the very tools that promise new benefits to low income, disadvantaged, and vulnerable individuals."
To read the report, click here.
To read Commissioner Ohlhausen's statement, click here.
Why it matters: Although the actual number of companies using big data analytics remains unclear, the FTC is certain about its interest in the issue and the potential for an enforcement action if a business is found to have violated one of the laws discussed in the new report.
back to top
Be Still, My Heart: New Suit Says Fitbits Fail to Track Heartbeats as Promised
Fitbit has been hit with another consumer class action asserting false advertising claims, this time alleging that the fitness tracker fails to accurately monitor the users' heart rates.
"The heart rate monitoring function of the PurePulse Trackers is a material—indeed, in some cases, vital—feature of the product," the plaintiffs told the court. "Not only are accurate heart readings important for all of those engaging in fitness, they are critical to the health and well-being of those Class members whose medical conditions require them to maintain (or not to exceed) a certain heart rate."
According to the federal court action filed by three Fitbit users, the "PurePulse" technology in Fitbit's Charge HR and Surge models misreports the number of heartbeats, particularly during exercise. In a test performed by a cardiologist comparing the Fitbit technology to an electrocardiogram, the Fitbit was off by an average of about 25 beats per minute, the complaint alleged.
One plaintiff claimed the error was potentially dangerous. Colorado resident Teresa Black's personal trainer manually recorded her heart rate during a training session at 160 beats per minute. At the same time, her Charge HR indicated her heart rate was only 82 beats per minute, she claimed. "Black was approaching the maximum recommended heart rate for her age, and if she had continued to rely on her inaccurate PurePulse Tracker, she may well have exceeded it, thereby jeopardizing her health and safety," the suit alleged.
Despite these inaccuracies, Fitbit engaged in a widespread national advertising campaign touting its activity trackers with the heart rate monitoring feature with slogans such as "Every Beat Counts" and "Know Your Heart," the plaintiffs said. To reinforce the claims, commercials depicted the Fitbits being used for activity and fitness, including high-intensity workouts.
In additional counts, the plaintiffs challenged Fitbit's use of an arbitration agreement featuring a class action ban as a separate and actionable unfair and deceptive trade practice. Consumers are not informed of the agreement prior to purchase, the suit said, and are instead forced to agree to the Terms of Service pursuant to an online registration required for the PurePulse products to work.
"Fitbit's attempt to bind customers who bought PurePulse Trackers through third party online and brick and mortar stores to an arbitration clause and class action ban post-purchase when they register the product—which is required to make the product function as intended—is unconscionable, invalid, and unenforceable," the plaintiffs wrote.
Seeking to certify a nationwide class of purchasers, as well as subclasses in California, Colorado, and Wisconsin, the complaint requested injunctive relief and restitution, as well as compensatory, exemplary, punitive, and statutory penalties and damages.
To read the complaint in McClellan v. Fitbit, Inc., click here.
Why it matters: The company pledged to fight the case, noting in a statement that "Fitbit trackers are designed to provide meaningful data to our users to help them reach their health and fitness goals, and are not intended to be scientific or medical devices." Last summer, Fitbit faced similar false advertising allegations about sleep measurement claims for its products.
back to top
Noted and Quoted . . . Goldstein Dishes on Dish's $24 Billion Robocall Fine in Bloomberg and Wasserman Pens NewHope360 Article on Native Advertising Guide
Bloomberg interviewed Manatt's Linda Goldstein, a partner and chair of the firm's Advertising, Marketing and Media practice, for an article on the steep fines that Dish Network Corp. faces for alleged telemarketing violations. Dish faces almost $900 million in federal fines, as well as $23.5 billion that is being sought by four states that joined the U.S. in its suit against the company. "The damages add up very, very quickly," said Goldstein. "It's been pretty rare where courts have awarded the maximum that they could, but one can never predict these things." The article, "Dish $24 Billion Fine Seen as Long Shot for Robocall Fouls," was published on January 19. Read the article here.
Manatt's Ivan Wasserman, a partner in the firm's Advertising, Marketing and Media practice, authored an article for NewHope360 titled "A Holiday Gift From the FTC: Guidance on Native Advertising." Published on January 19, Wasserman's article focuses on the FTC's new guidance on native advertising. "Supplement and food companies should pay close attention to the FTC's guidance when evaluating whether, when, where and how to effectively disclose to consumers that content is sponsored," Wasserman points out. To read the detailed recommendations as to when and how disclaimers must appear, click here.
back to top