When is your website or app covered by the Children’s Online Privacy Protection Act (“COPPA”) and the FTC’s COPPA Rule?  Although there are gray areas under COPPA, one clear way to fall under this law is to know that you’re collecting information from children under the age of 13 online.  That’s part of what landed Musical.ly, now known as TikTok, in trouble with the FTC – including a record-setting COPPA fine of $5.7 million.  COPPA isn’t limited to the kinds of video social network apps that Musical.ly provides; broadcasters’ websites and apps may end up falling under COPPA.

According to the FTC’s complaint, Musical.ly knew that it was collecting information from children under 13 (COPPA doesn’t apply to anyone else) for several reasons.  For instance, press articles described the popularity of Musical.ly among under-13 users, the company received hundreds of complaints from parents trying to close their kids’ accounts, and the company itself provided guidance to parents regarding their children’s usage of the app. 
Continue Reading FTC Obtains Record $5.7 Million Fine for Children’s Privacy Protection Act Violation

By now, you have probably heard that the European Union (EU) has a new data protection law on the books, the General Data Protection Regulation (GDPR) – but what are the new rules, and how might they apply to broadcasters? Below we address these and other commonly asked questions about the GDPR.

What is the GDPR? The GDPR is a new European privacy law that, as of May 25, 2018, generally governs how organizations – including those EU-based and many that are not – collect, use, disclose, or otherwise “process” personal information. While some limited exceptions exist (e.g., businesses with fewer than 250 employees are exempt from some requirements), the GDPR imposes an array of obligations on companies subject to it.

Who does the GDPR apply to? The GDPR clearly applies to companies established in the EU that collect personal information about individuals in the EU, but it also claims a broad extraterritorial reach. Indeed, it can apply to organizations, including broadcasters, without an EU presence. For instance, it can apply to broadcasters who collect or use data to provide services like streaming TV or radio to individuals in the EU. It also can apply to broadcasters who use website cookies and other online tracking mechanisms to “monitor” individuals in the EU (e.g., profiling for behavioral advertising). That said, it remains to be seen whether regulators will enforce the GDPR against companies that for the most part are not serving EU citizens and do not have EU operations, but may occasionally and unknowingly acquire data of an individual in the EU or an EU citizen in the United States.
Continue Reading What Do Broadcasters and Media Companies Need to Know About the GDPR?

Broadcasters and advertisers should take note of the more than 90 warning letters that the FTC sent out this week as a reminder of the need to disclose material sponsorship connections in social media promotions and endorsements.  The FTC has since 2009 announced a policy that any online content for which anything of value has been received must disclose that consideration – even social media posts (see our article here about that policy).  This is in the nature of the FCC’s sponsorship identification rules for broadcast content.   That same policy statement addressed the need for those making personal endorsements to make these sponsorship disclosures.  The recent warning letters are notable not only for their sheer number, but also because the warning letters were addressed to marketers and social media “influencers” – the individuals whose social media followings make their endorsements valuable.  To date, the FTC has only named marketers (Warner Brothers Home Entertainment and Lord & Taylor) in its social media endorsement cases.  Although the FTC did not say who received warning letters, its press release noted that the letters were “informed by petitions filed by Public Citizen and affiliated organizations” in September 2016.

By directing warning letters to marketers and influencers, the FTC is sending a firm reminder that both sides of a sponsorship arrangement need to disclose their connection, “unless the connection is already clear from the context of the communication containing the endorsement.”  Specifically, the FTC advises influencers that they must “clearly and conspicuously” disclose any material connection with a marketer; and marketers, in turn, should ensure that the influencers they sponsor disclose their material connections.
Continue Reading FTC Puts “Influencers” on Notice:  Disclose Marketing Relationships in Social Media Posts

It’s the holiday season, and many of us are turning our thoughts to celebrating with friends and family. It is also high season for shopping, which means the airwaves, social media, websites and print pages are full of opportunities to buy, sell, and advertise. Whether you consider that to be a feature or a bug,

There is nothing new about the FTC bringing enforcement actions based on deceptive advertising practices.  Those cases are the FTC’s bread and butter.  But in recent years the FTC has been pushing forward with cases that address the increasingly complex network of entities involved in marketing, including companies that collect, buy, and sell consumer information and play other behind-the-scenes roles in marketing campaigns.  The FTC has also taken a strong interest in deceptively formatted advertising, including “native” advertising that does not adequately disclose sponsorship connections.  A recent Court of Appeals decision highlights the potential for any internet company to be liable for a deceptive advertising campaign that it had a hand in orchestrating – even if the company itself does not create the advertising material.

The decision in this case, FTC v. LeadClick Media, LLC, comes from the U.S. Court of Appeals for the Second Circuit and is a significant victory for the FTC and its co-plaintiff, the State of Connecticut.  Specifically, the decision holds that online advertising company LeadClick is liable for the deceptive ads that were published as part an advertising campaign that it coordinated, even though LeadClick itself did not write or publish the ads.  In addition, the Second Circuit rejected LeadClick’s argument that its ad tracking service provided it with immunity from the FTC’s action under Section 230 of the Communications Decency Act (CDA).
Continue Reading Second Circuit Holds Marketing Campaign Organizer Liable Under FTC Act for Deceptive Representations of Its Marketing “Affiliates”