Adler nurani

Facebook MarketingLegal and Regulatory Compliance

Socialize Toronto: Monetizing Social MediaJanuary 27, 2012

Presenters: Fazila Nurani, PrivaTech Consulting David M. Adler, Leavens Strand, Glover & Adler, LLC

Empowering Organizations to Minimize Privacy Risks

Objectives

• Understanding the legal framework and regulator outlook on Facebook in Canada and the U.S.

• Key questions from participants.

• New developments in Canada and the U.S.


Context• Facebook boasts

over 800 million active users.

• About 17 million Canadian and 150 million American “monthly active users”

• Default privacy settings only changed by 15-20% of users.


Canada’s Privacy Laws• Privacy laws apply to personal information

collected, used and disclosed in the course of commercial activities.

• Mix of federal and provincial laws:• Personal Information Protection and Electronic Documents

Act, 2001– federally regulated businesses, and provinces without their own private sector privacy law.

• B.C. Personal Information Protection Act, 2004• Alberta Personal Information Protection Act, 2004• Quebec Act Respecting the Protection of Personal Information

in the Private Sector, 1994• Health privacy laws: Alberta, Saskatchewan, Manitoba,

Ontario, New Brunswick, Newfoundland


OPCC’s Take on Facebook• The Office of the Privacy Commissioner of Canada

investigated Facebook’s practices in August of 2009. Key findings: Sharing of personal information with third-party developers

creating Facebook applications raises serious privacy risks. Distinction between account deactivation and deletion not clear. Lack of transparency in Facebook’s privacy policy.

• September 2010 – OPCC stated the issues raised have been resolved to her satisfaction, and at the same time announced her investigation of the “Like” button.

• Stoddart: “Facebook is one of several rapidly growing and evolving Internet giants that are presenting ongoing challenges to privacy regulators around the globe.”


Social Media Court Cases in Canada

General Trends:

• Blurring the divide between publicand private life.

• The more friends/fans you have, the less the “expectation of privacy”.

• Stretching the law to fit the social media context.

• Focus on fairness.• Courts are turning to international cases for

guidance.


Privacy in The United States

General Observations:

• US: No Privacy Framework in place

• FTC: Federal Agency Safeguarding Consumer Privacy

• Internet’s “Implicit Bargain” = “Free” Content in exchange for Marketing

• Online Behavioral Advertising (OBA)

• Industry Self Regulation / “Do Not Track”


Social Media Cases

Consumer Deception/Privacy Risks

• Twitter (2010-2011)

• First FTC Social Media Case• Charges: hackers gained unauthorized admin

control• Result:

• 20 yr ban on misleading consumers • Info Security Program subject to audit for 10 yrs


Social Media Cases, Cont.

Consumer Deception/Privacy Risks• Facebook (2011)

• Charges: deceived consumers about public availability of private info

• Result: • Bar on misrepresenting privacy and security• Affirmative Consent Required for Privacy

Overrides• 30 Day access limit for deleted accounts• Create & maintain comprehensive privacy

program• Third-party audits every 2 yrs for next 20 yrs


Social Media Cases, Cont.

Consumer Deception/Privacy Risks• Data Breach Notification Laws

• Federal: Data Accountability and Trust Act (DATA)• State:

• www.ncsl.org• CA: Consumers can request copy of a Web

Site’s Data Breach Notification Polcy

http://www.ncsl.org/


Participants – Top 3 Questions


New Developments and Path Forward• Ongoing class action lawsuit against Facebook launched

in a Manitoba court claiming the social media site misled users into letting their personal information be sold for a profit.

• December 6, 2011 – OPCC released Guidelines for online behavioural advertising.

• Coming into force soon – Canada’s new anti-spam law, the Fighting Internet and Wireless Spam Act (“FISA”)• Opt-in model for commercial electronic messages.• New definitions for “family” and “personal”

relationships may pose cost implications for social media marketers.


Privacy Trends in the U.S.• Federal Privacy Legislation

• “Do Not Track” bill from Sen. John D Rockefeller (D-W.Va.)

• “privacy bill of rights” from Sens. John McCain (R-Ariz.) and John Kerry (D-Mass.)

• FTC Guidelines

• Online Behavioral Advertising Principals

• Industry Initiatives


Summary• Privacy Rights

• Will continue to evolve in the U.S.

• Will be subject to new federal (and possibly state) regulation

• Action Items

• Develop a Social Media Policy

• Review/Update your Firm’s Privacy Policy

• Conduct Due Diligence on digital marketing partners to understand how consumer information is: 1) gathered, 2) stored, & 3) shared

Questions…?


Fazila Nurani, B.A.Sc.(E.Eng.), LL.B, CIPP/CSenior Counsel and Lead Trainer

PrivaTech ConsultingPhone: 1-905-886-0751

Fax: 1-905-886-9974_____________

David M. AdlerLeavens, Strand, Glover & Adler, LLC203 North LaSalle Street, Suite 2550

Chicago, Illinois 60601Direct: (866) 734-2568Fax: (312) 275-7534

www.ecommerceattorney.com

Technology

Adler nurani