Uber’s Privacy Mess Results in Legislative Inquiry
Providing a lesson in how not to handle a privacy policy, car service app Uber is now facing questions from the Senate Subcommittee on Privacy, Technology and the Law.
The mess began when an Uber executive suggested that the company uses information gathered from its service to find dirt on journalists critical of the service. An element of the program dubbed the “God view” allows an employee to track the precise geolocation of passengers in Uber vehicles.
Trying to calm the storm, the company posted its previously undisclosed privacy policy online and a spokesperson stated that use of geolocation data as suggested by the executive would violate the policy.
But as the story went viral, Sen. Al Franken (D-Minn.), who was seemingly concerned with more than journalists, sent a letter to Uber CEO Travis Kalanick asking for answers about the company’s privacy policy and its use of geolocation data.
“To whom is the so-called ‘God view’ tool made available and why?” Sen. Franken asked in the letter. “What steps are you taking to limit access?”
Sen. Franken expressed “serious concerns” about “the scope, transparency, and enforceability of Uber’s policies,” since Uber has not submitted evidence that its practices match or support what the spokesperson stated.
The legislator wondered whether the executive faced disciplinary action, whether and under what circumstances an employee would face discipline for a violation of the privacy policies, and whether any employees had been disciplined on such a basis.
Sen. Franken also noted that the language of the policies suggests that Uber maintains personal information and geolocation data indefinitely, even after an account is terminated. “Why? What limits are you considering imposing?” the letter asked.
Uber must respond to the lawmaker by December 15.
To read Sen. Franken’s letter to Uber, click here.
Why it matters: What is the lesson from Uber’s situation? An undisclosed privacy policy and inopportune comments can result in a major PR nightmare and a legislative inquiry. Companies should recognize that privacy is a hot-button issue and act accordingly. They should establish and follow a policy, share it with customers, and refrain from making comments about using data inappropriately.
back to top
FDA’s Menu Labeling Rules Final
The Food and Drug Administration has released the final version of its menu labeling rules that instruct restaurants, grocery stores, and vending machine operators on how to list calorie information on menus.
“Americans eat and drink about one-third of their calories away from home and people today expect clear information about the products they consume,” FDA Commissioner Margaret Hamburg said in a statement about the final rules. “Making calorie information available on chain restaurant menus and vending machines is an important step for public health that will help consumers make informed choices for themselves and their families.”
The guidance finalizes a 2010 proposal issued by the FDA in accordance with Section 4205 of the Patient Protection and Affordable Care Act, which amended the Food, Drug, and Cosmetic Act.
Establishments with 20 or more locations doing business under the same name and offering substantially the same menu items – including fast-food restaurants, grocery stores, and movie theaters – are covered under one rule; a second rule applies to the operators of vending machines.
Covered entities must “clearly and conspicuously” declare the number of calories for each standard menu item as it is typically prepared, and present the calorie information and the suggested caloric intake in the context of an overall diet. Menus and menu boards are required to include the following statement: “2,000 calories a day is used for general nutrition advice, but calorie needs vary.”
Seasonal items, daily specials, and condiments are exempt.
The final rule requires that covered establishments provide additional nutrition information in writing upon request. The information must include the total calories, total fat, calories from fat, saturated fat, trans fat, cholesterol, sodium, total carbohydrates, fiber, sugars, and protein contained in a product.
The agency said it made some changes based on the more than 1,100 comments to its proposal. For example, labeling is now allowed for individual servings of multiserving dishes, such as pizza by the slice. In a controversial move, the FDA also added alcoholic beverages that are listed on the menu in covered establishments.
To read the final food labeling rule for covered establishments, click here.
To read the final food labeling rule for vending machines, click here.
Why it matters: The final rules were issued later than originally expected, and the FDA is allowing covered entities more time to achieve compliance. Restaurants and other establishments will have one year to comply, while vending machine operators were given two years.
back to top
State AGs Weigh In on Telemarketing Sales Rule
The Federal Trade Commission needs to update and strengthen the Telemarketing Sales Rule, according to a letter from 38 state attorneys general, to reflect the “realities of today’s marketplace.”
Sent on behalf of the National Association of Attorneys General, the letter responded to four specific topics presented by the FTC when it issued a request for public comment as part of the agency’s review of the TSR.
The TSR should be amended to specifically prohibit the use of preacquired account information that is obtained through telemarketing, the AGs wrote. The 2003 amendments to the rule stopped short of a complete ban, and the attorneys general said the use of such data remains a serious problem, particularly for vulnerable groups like the elderly and non-English-speaking consumers.
“[T]he best way to ensure that a consumer has consented to a transaction is to prohibit the use of preacquired account information, and to require that the entire transaction be recorded so that law enforcement will be able to analyze telemarketers’ disclosures in their full context,” according to the letter. The AGs analogized to the prohibition on “data pass” for online transactions and said a similar ban should be put in place in the telemarketing context.
Negative option features should also be addressed in an updated TSR, the AGs said. The Rule should include a requirement that negative option terms be stated separately from the other terms of the offer and contain a provision that permits a separate audible acceptance to the negative option terms. In addition, telemarketers should be required to send a confirmation to the consumer about enrollment in the negative option feature that “clearly and conspicuously set[s] forth the terms of the negative option plan.”
The existing consumer protections of the Rule should be expanded to cover inbound telemarketing calls that are triggered by general media advertising, the letter added. It included examples of consumer complaints received by AGs in Illinois, Indiana, and Vermont about such scams.
Other changes suggested in the letter: a requirement that sellers and telemarketers create and maintain call records (with the AGs bemoaning having to “issue subpoena after subpoena” to obtain call records) as well as restrictions on certain “novel” payment methods.
At a minimum the agency should restrict the use of remotely created checks and payment orders, as well as cash-to-cash money transfers and cash reload mechanisms as payment in telemarketing transactions. The regulators also support an outright ban on the methods they said are frequently used in fraudulent telemarketing transactions.
The letter also expressed support for the FTC’s efforts to hold money transfer companies responsible for facilitating fraud through the use of their payments systems.
To read the letter from the state AGs, click here.
Why it matters: The AGs expressed a long-standing “keen interest” in the area of telemarketing and negative option marketing fraud. They noted that their offices are often on the “front line” in “fielding consumer complaints, taking up investigations, and pursuing legal actions against those who prey on victims through telemarketing and negative options scams.” The state regulators advocated a host of additional TSR restrictions that include a prohibition on the use of preacquired account information, a ban on certain payment methods, as well as a requirement that call records be maintained.
back to top
Noted and Quoted . . . Goldstein Offers Cautionary Notes to Marketers Based on FTC’s Second ROSCA Case
In an article penned for Response Magazine on December 2, 2014, Manatt’s Advertising, Marketing and Media Division Chair Linda Goldstein underscores the significance of the Federal Trade Commission’s most recent Restore Online Shoppers’ Confidence Act (ROSCA) action, which signals the agency’s intent to use ROSCA as a means of targeting negative option programs offered online.
The case involved the marketing of credit monitoring programs that offered consumers “free” access to their credit scores followed by a recurring monthly fee. The defendants agreed to pay $22 million for consumer refunds in a settlement with the FTC and the state attorneys general in Illinois and Ohio.
Linda wrote, “While at first blush this case may, with the exception of the ROSCA element, seem like just another in the long history of cases brought against negative option programs, a close reading of the complaint and the consent order reveal some interesting points.”
To read Linda’s full analysis in the Response Magazine article, click here.
back to top