Upload
mediabistro
View
476
Download
3
Embed Size (px)
DESCRIPTION
Citation preview
Facebook MarketingLegal and Regulatory Compliance
Socialize Toronto: Monetizing Social MediaJanuary 27, 2012
Presenters: Fazila Nurani, PrivaTech Consulting David M. Adler, Leavens Strand, Glover & Adler, LLC
Empowering Organizations to Minimize Privacy Risks
Objectives
• Understanding the legal framework and regulator outlook on Facebook in Canada and the U.S.
• Key questions from participants.
• New developments in Canada and the U.S.
Empowering Organizations to Minimize Privacy Risks
Context• Facebook boasts
over 800 million active users.
• About 17 million Canadian and 150 million American “monthly active users”
• Default privacy settings only changed by 15-20% of users.
Empowering Organizations to Minimize Privacy Risks
Canada’s Privacy Laws• Privacy laws apply to personal information
collected, used and disclosed in the course of commercial activities.
• Mix of federal and provincial laws:• Personal Information Protection and Electronic Documents
Act, 2001– federally regulated businesses, and provinces without their own private sector privacy law.
• B.C. Personal Information Protection Act, 2004• Alberta Personal Information Protection Act, 2004• Quebec Act Respecting the Protection of Personal Information
in the Private Sector, 1994• Health privacy laws: Alberta, Saskatchewan, Manitoba,
Ontario, New Brunswick, Newfoundland
Empowering Organizations to Minimize Privacy Risks
OPCC’s Take on Facebook• The Office of the Privacy Commissioner of Canada
investigated Facebook’s practices in August of 2009. Key findings: Sharing of personal information with third-party developers
creating Facebook applications raises serious privacy risks. Distinction between account deactivation and deletion not clear. Lack of transparency in Facebook’s privacy policy.
• September 2010 – OPCC stated the issues raised have been resolved to her satisfaction, and at the same time announced her investigation of the “Like” button.
• Stoddart: “Facebook is one of several rapidly growing and evolving Internet giants that are presenting ongoing challenges to privacy regulators around the globe.”
Empowering Organizations to Minimize Privacy Risks
Social Media Court Cases in Canada
General Trends:
• Blurring the divide between publicand private life.
• The more friends/fans you have, the less the “expectation of privacy”.
• Stretching the law to fit the social media context.
• Focus on fairness.• Courts are turning to international cases for
guidance.
Empowering Organizations to Minimize Privacy Risks
Privacy in The United States
General Observations:
• US: No Privacy Framework in place
• FTC: Federal Agency Safeguarding Consumer Privacy
• Internet’s “Implicit Bargain” = “Free” Content in exchange for Marketing
• Online Behavioral Advertising (OBA)
• Industry Self Regulation / “Do Not Track”
Empowering Organizations to Minimize Privacy Risks
Social Media Cases
Consumer Deception/Privacy Risks
• Twitter (2010-2011)
• First FTC Social Media Case• Charges: hackers gained unauthorized admin
control• Result:
• 20 yr ban on misleading consumers • Info Security Program subject to audit for 10 yrs
Empowering Organizations to Minimize Privacy Risks
Social Media Cases, Cont.
Consumer Deception/Privacy Risks• Facebook (2011)
• Charges: deceived consumers about public availability of private info
• Result: • Bar on misrepresenting privacy and security• Affirmative Consent Required for Privacy
Overrides• 30 Day access limit for deleted accounts• Create & maintain comprehensive privacy
program• Third-party audits every 2 yrs for next 20 yrs
Empowering Organizations to Minimize Privacy Risks
Social Media Cases, Cont.
Consumer Deception/Privacy Risks• Data Breach Notification Laws
• Federal: Data Accountability and Trust Act (DATA)• State:
• www.ncsl.org• CA: Consumers can request copy of a Web
Site’s Data Breach Notification Polcy
Empowering Organizations to Minimize Privacy Risks
Participants – Top 3 Questions
Empowering Organizations to Minimize Privacy Risks
New Developments and Path Forward• Ongoing class action lawsuit against Facebook launched
in a Manitoba court claiming the social media site misled users into letting their personal information be sold for a profit.
• December 6, 2011 – OPCC released Guidelines for online behavioural advertising.
• Coming into force soon – Canada’s new anti-spam law, the Fighting Internet and Wireless Spam Act (“FISA”)• Opt-in model for commercial electronic messages.• New definitions for “family” and “personal”
relationships may pose cost implications for social media marketers.
Empowering Organizations to Minimize Privacy Risks
Privacy Trends in the U.S.• Federal Privacy Legislation
• “Do Not Track” bill from Sen. John D Rockefeller (D-W.Va.)
• “privacy bill of rights” from Sens. John McCain (R-Ariz.) and John Kerry (D-Mass.)
• FTC Guidelines
• Online Behavioral Advertising Principals
• Industry Initiatives
Empowering Organizations to Minimize Privacy Risks
Summary• Privacy Rights
• Will continue to evolve in the U.S.
• Will be subject to new federal (and possibly state) regulation
• Action Items
• Develop a Social Media Policy
• Review/Update your Firm’s Privacy Policy
• Conduct Due Diligence on digital marketing partners to understand how consumer information is: 1) gathered, 2) stored, & 3) shared
Questions…?
Empowering Organizations to Minimize Privacy Risks
Fazila Nurani, B.A.Sc.(E.Eng.), LL.B, CIPP/CSenior Counsel and Lead Trainer
PrivaTech ConsultingPhone: 1-905-886-0751
Fax: 1-905-886-9974_____________
David M. AdlerLeavens, Strand, Glover & Adler, LLC203 North LaSalle Street, Suite 2550
Chicago, Illinois 60601Direct: (866) 734-2568Fax: (312) 275-7534
www.ecommerceattorney.com