Posted on

UK ICO Issues Guidelines for Online Compliance – C is for Cookie

The Information Commissioner’s Office in the United Kingdom, in furtherance of the European Union’s “browser cookie” laws (EU Privacy and Communications Directive), has just published a set of guidelines that commercial enterprises will need to comply with when the new law goes into effect May 26. Because the laws’ requirements relate to technology and marketing, the intention of the new guidelines is to provide guidance on compliance for businesses.

For background, in case you haven’t been following this closely, in November 2009, the European Parliament amended the Directive of Privacy and Electronic Communications 2002/58/EC (sometimes referred to as the e-Privacy Directive) that mandated that websites give consumers the right to opt out of receiving cookies (in most cases by changing settings on their web browsers). The 2009 amendments reversed the requirement, setting the default as “opt in.” Consumers will have to give permission (informed consent) to a website in advance, to allow a cookie to be placed on their computer.

The UK ICO’s guidance makes it clear that all businesses, private and public, will be required to get consent from the user, in advance of having a browser cookie downloaded and installed on the consumer’s computer. In addition, the ICO has amended the UK Privacy and Electronic Communications Regulations to mandate that clear and thorough information – to ensure informed consent – is provided to end users, explaining why their information is being stored and how it will be used by the commercial enterprise. Expect to see consumer-directed information soon, alerting consumers as to what their rights are and what to expect as businesses comply with the new law and regulations.

As you probably know if you are a loyal and longstanding reader, Legal Bytes in 2009 reported that the major players in the online advertising industry had issued self-regulatory principles concerning online behavioral advertising (Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles), and intended to create an industry self-policing mechanism, as well as disclosures to consumers concerning the use of their personal information. The self-regulatory mechanisms in the United States – these being similar – have followed an “opt out” approach to consumer privacy and the control of personal information. For multinational and international businesses worried about compliance (and that includes all you web browser publishers) – well, it’s complicated.

As always, if you need guidance for your advertising, marketing, privacy or data protection efforts, call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work. Our lawyers deal with these issues every day.

Posted on

Do Not Track – Diving Deeper Into the Quicksand

Coming on the heels of a bill aimed at preventing children from being tracked, introduced by Rep. Ed Markey (D-Mass.) (see, Rep. Markey Releases a Kids Do Not Track Discussion Draft Bill): Today, Jay D. Rockefeller (D-W.Va.), Chair of the Commerce, Science & Transportation Committee in the U.S. Senate, introduced a Do Not Track Online bill that would empower the FTC to promulgate rules “that establish standards for the implementation of a mechanism by which an individual can simply and easily indicate whether the individual prefers to have personal information collected by providers of online services, including by providers of mobile applications and services . . . ”

A copy of the proposed legislation is available here for you to download and read Do Not Track Online Act of 2011 – Proposed Rockefeller Bill (PDF). Of course, if you need legal guidance, advice or representation as these bills are introduced and make their way through the legislative process, don’t hesitate to call us. We are here to help.

Posted on

The Tip of the Iceberg – ‘Do Not Track’ Kids Bill Proposed

After several months of anticipation, Rep. Ed Markey (D-Mass.) released his Kids “Do Not Track” discussion draft bill. At face value, this bill appears to have a narrow focus of online behavioral activities toward children, which we normally define under the Children’s Online Privacy Protection Act (“COPPA”) as any individual younger than 13. However, such is not the case. This bill would amend COPPA to expand some marketing provisions to teens under age 18, and may, in effect, require better age screens, given teen savvy (and their propensity to lie about their age).

If enacted, this bill has the potential to create complications when marketing to the crucial college age and young adult market as more sophisticated age screens will require all to enter information that they might not want to share online.

To read the entire Rimon Alert and find out more, just check out Rep. Markey Releases a Kids Do Not Track Discussion Draft Bill.

Posted on

Dear WikiLeaks, Here We Come. Sincerely, The Wall Street Journal.

The Wall Street Journal just announced it has established a secure mechanism that allows “newsworthy” materials to be uploaded to its separate, but internal, secure servers. The new service, Safehouse, is a logical outgrowth of the age-old newsgathering function. That noted, one can only imagine everyone scratching their heads saying, “What took you so long?” considering the international notoriety garnered by the most visible recent leak-gathering organization, WikiLeaks.

Legal Bytes was certainly not alone in highlighting the WikiLeaks phenomenon (see IMHO – Wiki Wiki True to Its Meaning), so it’s a bit surprising that traditional news organizations had not previously moved aggressively into the digital technology age with their news-gathering activities. That said, kudos to the industry for opting to enter the digital age on the input side of the process and create competition in this arena, just as competition among journalists has existed for centuries.

The presumption is the WSJ upload process will be secure and apparently anonymous – the accumulation of anonymous and pseudonymous tips, leaks and leads has long been part of every investigative reporter’s and journalist’s job. Other news organizations are also rumored to be working on similar services, although not having done an investigation myself, others perhaps may have already launched. The WSJ service will reportedly provide encrypted digital file transmissions and, according to the Safehouse website, will seek to minimize the amount of technical information (read that to mean, traceable information) that the service receives on its servers.

Joseph I. (“Joe”) Rosenbaum is a partner in the New York office of Rimon, global chair of its Advertising Technology & Media law group – oh, and is the editor, publisher and often author of posts on Legal Bytes.

Posted on

Free Speech on the Internet – India Goes Schizophrenic

Unreasonable restraints on free speech? India? Well, you decide. According to an article published today in the Pittsburgh Post-Gazette, storm clouds are brewing over just how far the government should and can go in restricting free speech on the Internet. Indeed—just how ambiguous the regulations can be such that interpretation becomes a subjective problem, enforceable at the discretion of regulators.

Unfortunately, the new rules (referred to as “Information Technology (Intermediaries Guidelines) Rules, 2011”) stem from a 2008 amendment, widely supported by Internet service providers (I.T. Act 2008) to an Indian information technology statute first enacted in 2000. For a history of the Indian legislation, see Information Technology Act 2000 (ITA-2000).

The Amendment removed intermediary liability of Internet service providers, many of whom are represented by the Internet and Mobile Association of India, for any content created by third parties and for which the ISP played no active role in creating. While the removal of passive ISP intermediary liability is one of growing consistency in the international community, the regulations broadly empowering officials to curtail free speech on the web are not.

Growing trend, justified by security? Aberration spawned by immediate and local concerns? Abuse of power? Reasonable trade-off for protection of society? Ahh, but whose society? Where is the balance? Who decides?

Take a look at the regulations, then you decide. But if you need legal guidance or have questions about regulations that apply to the Internet—internationally, multi-nationally or domestically, in almost any part of the world—let us know. We are here to help.

Posted on

ILO Publishes ‘Twitter Settles with FTC – Gets 20 Years’ Probation!’

On April 5, 2011, the International Law Office published a customized version of the March 14, 2011 blog on Legal Bytes, Twitter Settles with FTC – Gets 20 Years’ Probation! You can read it online or download your own copy of the ILO posting here: ILO Posts Twitter Settlement news.

Posted on

Sens. Kerry & McCain Introduce Commercial Privacy Bill of Rights Act

Sens. John Kerry (D-Mass.) and John McCain (R–Ariz.) have introduced a bill in Congress to legislatively enable a statutory bill of rights for consumers with respect to commercial privacy. You can read the full text of the Commercial Privacy Bill of Rights Act of 2011 (PDF), and Rimon will have a more complete analysis for your reading enjoyment soon; but the bill clearly intends to require that as little data about an individual is collected as possible, and give individuals a right to know how their information is being used. At first reading, the bill does not provide a private right of action, but does contemplate a self-regulatory program, perhaps a nod to the industry initiative that is highlighted in a recent Legal Bytes posting “OBA Self-Regulatory Initiative Gets Boost from Yahoo! & Google.” You can search for privacy, behavioral advertising and/or self-regulatory on our site and you will find more about this on the Legal Bytes blog.

It may be too early to tell just how much faith Congress has in the industry initiative. That said, it would seem somewhat foolish – given that the FTC and many Congressional leaders have argued for and applauded industry self-regulatory measures – not to afford an industry-sponsored, dynamic, self-regulatory program, a chance to work. As we’ve seen so many times before, along with the technology, consumers’ expectations of privacy, their tastes, commercial needs and sensitivities often change rapidly.

As always, if you need guidance for your advertising and marketing efforts, or privacy and data-protection counsel from lawyers who have experience and resources aligned to deal with these issues every day, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Italian Courts Order Yahoo! Italia To Keep the Links Missing

I picked up an interesting article published today in the International Law Office, and since the article is listed in the category of Information Technology, I thought some Legal Bytes readers with international interests and activities that are "content," "search" or "link" related might not see it.

The article summarizes a case in which Yahoo! Italia was held responsible for failing to remove links to infringing versions of a motion picture – thus, in the court’s view, resulting in contributory liability. What is also of interest is that the Italian court ordered Yahoo! in Italy to not only remove links to websites that "served" the allegedly infringing content, but also to remove any other websites that contained links to the websites serving that content – even if those websites had other links or provided other legitimate content, features and functions. Such a decision could have far-ranging implications since it goes to the heart of the ripple effect that linking has on legitimate content-sharing. It also raises the chilling specter of restricting access to otherwise legitimate, non-infringing content, features and functions based on a finding that there is a link to infringing material.

While one can make the case that such strong enforcement helps deter and ultimately prevent infringement, the breadth of the decision and the fact that a rights-holder can simply send a notice without requiring formal "proof" of infringement, means every link to every website that connects to an offending website could potentially be forced to de-link, and arguably bears some liability for contributory infringement. Think of the connections on social media, embedded players and links on the web – Wow!

If you want to read the entire article, you can access it right here Yahoo! Italia liable for searchable content. And as always, if you need advice from a U.S. lawyer who has done work with Italian companies and legal colleagues in Italy, call me, Joseph I. ("Joe") Rosenbaum, or any of the Rimon attorneys with whom you regularly work.

Posted on

Federal Grand Jury Seeks To Open Pandora’s Box

Knock Knock. Who’s there? Andover. Andover who? Andover those records Pandora.

So Pandora Media, Inc., the company that brings us the popular Pandora® Internet Radio, has reportedly received a subpoena from a federal grand jury looking into the practice of information-sharing involving smart phone applications. Pandora did indicate, however, it had been advised it was not a target of the grand jury investigation, and that it believed the legal request for the production of information had been served on an "industry-wide basis" to many other smart phone application publishers. Not much else is known about either the specific subpoenas (or is the correct Latin, "subpoenae"?) or the nature or focus of the federal investigation; but guessing that it relates to the sharing of information about location-based target-marketing practices, and the disclosure of information by and among ad publishing networks, can’t be far from the target.

The Advertising Technology & Media law practice group, in conjunction with our global regulatory practice and litigators when we need them, has experience in dealing with such subpoenae (or is the correct English "subpoenas"?). Think about knowing how to respond before you get served – with a subpoena or on a platter. OK. I’m still in the April Fool’s Day spirit. What can I say?

Posted on

OBA Self-Regulatory Initiative Gets Boost from Yahoo! & Google

Back in 2009, Legal Bytes reported that a coalition of the major players in the online advertising industry had gotten together and issued self-regulatory principles concerning online behavioral advertising (Advertising Industry Collaboration Releases Self-Regulatory Online Behavioral Advertising Principles). These principles were and remain intended to create an industry self-policing mechanism that provides, among other things, discipline and disclosures to consumers concerning the use of personal information.

Amidst much activity and debate – the good, the bad and the ugly – the industry has moved forward, creating a Digital Advertising Alliance (“DAA”) (and website), and enlisting the aid of the Council of Better Business Bureaus to develop and implement an enforcement process, much like the process that has worked quite successfully in traditional advertising for well more than 30 years! By the way, for the record, I refer to online behavioral advertising (OBA) as “digital behavioral advertising” or “DBA,” since excluding mobile and wireless would be a mistake, and “online” conjures up images of “wired.”

In a major show of support for the self-regulatory initiative, both Google and Yahoo! have announced they will begin using the “forward i” icon (shown below), promulgated by the DAA for its behavioral advertising.

Aside from the obvious boost to the industry’s self-regulatory efforts, the uniformity will help lessen the likelihood of consumer confusions regarding industry practices across the web. The DAA icon will also serve as a live link, taking users to user-based tools that a consumer can use to modify the behavioral and identified interest categories advertisers use to serve targeted advertising. The tools would also enable a consumer to opt out of receiving such advertising. Yahoo! actually will prevent partner sites from collecting consumer data if a consumer opts out, while Google will disable interest-based cookies and remove demographic and interest-related information from its Chrome browser when a consumer opts out.

Neither the industry’s self-regulatory program, nor the consumer tools available through the DAA’s program, were ever intended to stop data tracking (as you probably know, “do not track” is getting lots of play in Congress and the media lately). Microsoft and Mozilla have separately introduced modifications to their IE and Firefox browsers (i.e., HTTP header settings) that allow consumers to alter the settings and alert advertisers that they have opted out of tracking; although the settings do not block tracking per se, they will simply serve as notice to the companies that may be tracking user data of that consumer’s preference.

As always, if you need guidance for your advertising and marketing efforts or privacy and data protection from legal representatives who deal with these issues every day, feel free to call me, Joseph I. (“Joe”) Rosenbaum, or any of the Rimon attorneys with whom you regularly work.