KEY LEGAL ISSUES IN TODAY S MOBILE MARKETING:



Similar documents
Mobile Marketing Key Legal Issues: Mobile Technology, Location-Based Services, Mobile Commerce

Contact Sport: Mobile Marketing To Sports Fans

IAPP PRIVACY ACADEMY

tell you about products and services and provide information to our third party marketing partners, subject to this policy;

TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS

SHORT FORM NOTICE CODE OF CONDUCT TO PROMOTE TRANSPARENCY IN MOBILE APP PRACTICES. I. Preamble: Principles Underlying the Code of Conduct

Privacy Policy. If you have questions or complaints regarding our Privacy Policy or practices, please see Contact Us. Introduction

TOY INDUSTRY CHECKLIST FOR MOBILE APPS AND PROMOTIONS

BBVA Wallet Application Privacy Policy

THE MOBILE MAJORITY: BUILDING PRIVACY BY DESIGN INTO MOBILE APPS

Zubi Advertising Privacy Policy

and Text Message Campaigns. Justine Young Gottshall Partner, InfoLawGroup

Privacy Policy. Effective Date: November 20, 2014

U.S. Mobile Payments Landscape NCSL Legislative Summit 2013

Privacy Law Basics and Best Practices

Innovation and Emerging Payments/FinTech

Online and Mobile Privacy Notice ( Privacy Notice )

PRIVACY POLICY Effective Date:, INTRODUCTION AND OVERVIEW

OVERVIEW OF MOBILE PAYMENT LANDSCAPE

Unless otherwise stated, our SaaS Products and our Downloadable Products are treated the same for the purposes of this document.

H&R Block Digital Tax Preparation, Online, and Mobile Application Privacy Practices and Principles

The Future of Maintaining State September 18, 2014 Presented By Marc Groman, Network Advertising Initiative Reed Freeman, Morrison & Foerster, LLP

PRIVACY POLICY. The effective date of this Privacy Policy is December 15, Last Updated September 29, Overview

Talen Energy Corporation Website Privacy Notice

Maximum Global Business Online Privacy Statement

OVERVIEW OF MOBILE PAYMENT LANDSCAPE Marianne Crowe Federal Reserve Bank of Boston NEACH September 10, 2014

Wrong Number: Hot Topics In TCPA Compliance & Litigation

Privacy Policy. Introduction. Scope of Privacy Policy. 1. Definitions

ACA is committed to protecting your privacy. ACA ( we, us or our ) safeguards your personal information to maintain member trust.

Behavioral (Interest Based) Advertising: State of the Industry going into 2014 November 7, 2013

DESTINATION MELBOURNE PRIVACY POLICY

SOLITEC products or services for which a separate privacy policy is provided.

Your Privacy Center. Online Privacy Statement. About the Information We Collect

This Privacy Policy applies to all of our sites. This Privacy Policy does not apply to our in store public WiFi.

RezScore SM Privacy Policy

Trext Details: Texting Best Practices, Legality and Security 1 For questions contact Kira McCoy: (303) kira@trext.com

Privacy Policy Last Updated September 10, 2015

PRIVACY POLICY. Mil y Un Consejos Network. Mil y Un Consejos Network ( Company or we or us or our ) respects the privacy of

PRIVACY POLICY. Your Personal Information will be processed by Whistle Sports in the United States.

Our collection of information

What Personally Identifiable Information does EducationDynamics collect?

This Webcast Will Begin Shortly

Thank you for visiting this website, which is owned by Essendant Co.

Privacy Policy I. THE INFORMATION WE COLLECT AND HOW WE USE IT

1. TYPES OF INFORMATION WE COLLECT.

Privacy Policy Version 1.0, 1 st of May 2016

RDM on Demand Privacy Policy

PRIVACY POLICY. What Information Is Collected

Mobile Financial Services

Information Collected. Type of Information Collected. We may collect two general types of information when you use the Site:

If you have any questions about our privacy practices, please refer to the end of this privacy policy for information on how to contact us.

PREPLY PRIVACY POLICY

Overview This Policy discloses the online data collection and usage policies and practices for this Site only, including an explanation of:

MOBILE MARKETING BEST PRACTICES

Rise Broadband Networks, Inc. Privacy Policy and Customer California Privacy Rights. Effective date: January, 2016

ARYZTA PRIVACY POLICY

Privacy Policy. Definitions

1.1 Personal Information is information about an identifiable individual such as your name, address, telephone number and address.

Website Privacy Policy

Mobile Location Analytics Code of Conduct

Web Sites Covered This policy covers NASBA.org and all other NASBA affiliated sites that link to this policy.

Privacy Policy. PortfolioTrax, LLC v1.0. PortfolioTrax, LLC Privacy Policy 2

Online Interest-Based Advertising: The Road Traveled and the Road Ahead

Online Privacy Policy

NorthStar Alarm Services. Website Privacy Policy

EXHIBIT 2. CityBridge Privacy Policy. Effective November 4, 2014

Privacy Policy and Notice of Information Practices

PCI DSS FAQ. The twelve requirements of the PCI DSS are defined as follows:

GUESTBOOK REWARDS, INC. Privacy Policy

Your use of this site is subject to the following privacy policy statement and the web site terms of service.

WHAT DOES THE FUTURE LOOK LIKE FOR MARKETING IN CYBERSPACE?

mobile payment acceptance Solutions Visa security best practices version 3.0

Privacy Policy. If you have any questions about this Policy or our privacy practices, please contact us by at

Advanced Diagnostics Limited ( We ) are committed to protecting and respecting your privacy.

The Digital Marketing Ecosystem: Trends, Risks and Obligations

Privacy Policy. Effective Date: September 3, 2015

NAI Mobile Application Code

ConteGoView, Inc. Privacy Policy Last Updated on July 28, 2015

We may collect the following types of information during your visit on our Site:

The Winnipeg Foundation Privacy Policy

Buying Smart / Selling Smart The 10 Biggest Legal Pitfalls in Lead Generation

3/17/2015. Overview HIPAA. Who s Covered? Who s Not Covered? PRIVACY & SECURITY. Regulatory Patchwork: Mobile Health

1. The information we collect and how we collect it.

BUSINESS CHICKS, INC. Privacy Policy

The Importance of Privacy and Consumer Accountability

AdvancedMD Online Privacy Statement

INTRODUCTION We respect your privacy and are committed to protecting it through our compliance with this privacy policy.

Online Lead Generation: Data Security Best Practices

CUSTOMER INFORMATION COMMZOOM, LLC PRIVACY POLICY. For additional and updated information, please visit our website at

Internet Explorer Services - What Makes Them Different?

Privacy Policy/Your California Privacy Rights Last Updated: May 28, 2015 Introduction

Staying Out of Trouble: Key Privacy, Data Security, and Advertising Mistakes That Can Put You in the Enforcement Crosshairs

TNHFMA 2011 Fall Institute October 12, 2011 TAKING OUR CUSTOMERS BUSINESS FORWARD. The Cost of Payment Card Data Theft and Your Business

PRIVACY POLICY. I. Introduction. II. Information We Collect

AMC PRIVACY POLICY INFORMATION COLLECTION

24 Highbury Crescent London N5 1RX UK Tel: + 44 (0) Fax: +44 (0)

Mobile Marketing Regulatory Compliance Lurking Dangers and Cautionary Tales. Andrew Lorentz Ronnie London Ken Payson

PRIVACY POLICY. Effective date: February 11, Holiday Privacy Statement

PRIVACY POLICY. FAIRWAY LEASING, LLC dba Aaron s Sales & Lease Ownership. Page 1 of 8

BEFORE THE CONSUMER FINANCIAL PROTECTION BUREAU

Transcription:

KEY LEGAL ISSUES IN TODAY S MOBILE MARKETING: Emerging Trends in Mobile Technology, Location-Based Services, and Mobile Commerce Mark Bisard, American Express Nate Hole, Loeb & Loeb LLP Brian Nixon, Loeb & Loeb LLP June 11, 2014

Agenda Emerging Trends in Mobile Marketing Mobile Advertising Wearables and the Internet of Things Mobile Commerce Mobile Privacy Key Regulations Affecting Today s Mobile Marketing Activities

The Big Picture Traditional marketing and advertising laws apply equally in the mobile environment. Making disclosures on the small screen is a challenge. The technology and regulation of mobile marketing is changing quickly, especially with respect to mobile commerce. Privacy and data security should be considered from the very beginning and should be revisited often. Most mobile marketing initiatives involve data collection. Changes in technology, regulation, new features/services, and partners will likely require changes to your privacy policy.

What is Mobile Marketing? Mobile Apps Text Messaging, Push Notifications and Coupons Location-Based Services and Offers The Internet of Things What is Mobile Marketing? Advertising in Third-Party Apps and Platforms Wearable Technology Sweepstakes Contests Reward Programs Payment Mechanisms

What s New Mobile Advertising

Wearables and the Internet of Things

Mobile Commerce

Mobile Commerce New Payment Methods, Old Issues Fragmented marketplace/differing user experiences Applying old rules to new models of commerce Sweepstakes / contests / lottery laws / consideration issues Virtual currency, prepaid access Gift card laws, unclaimed property obligations Endorsement & testimonial guidelines General mobile marketing guidelines (MMA, CTIA) Policies vary by platform / wallet Terms, guidelines, and approval process vary by mobile platform/os Social media sites have commerce-related restrictions

Mobile Technologies Drive Convergence

Consumer Privacy Challenges in Emerging Payments: More Companies Touching More Data Evolving Payments Ecosystem New players: Mobile payment providers, mobile network operator, third party apps Typical (magnetic stripe) credit card transaction Merchants: Name, item purchased, credit card number Credit card companies and payment network: Contact information, category of purchases, date, amount Mobile Payments Merchants: can get PII, email and phone, and purchase histories from mobile payments services Credit card companies and payment network: can receive purchase data Mobile payment providers: can collect contact information when consumers register 10

Mobile Privacy

Regulation of Mobile Marketing A Complex Ecosystem FTC Act / laws that regulate advertising and promotions Telephone Consumer Protection Act (TCPA) Privacy and data security laws and guidelines Wireless carrier standards and guidelines App Store and Google Play Policies and Guidelines Third-Party Platforms Industry Guidelines MMA, CTIA, AQA Government Guidelines FTC, NTIA, CA AG + International equivalents of each!

FTC Dot Com Disclosures Key takeaways: All of the old rules still apply Clear and conspicuous requirement applies equally to all marketing channels Proximity of disclosures is key as close as possible to the triggering claim (and consider the mobile experience) Clear, straightforward, accurate main messages require fewer disclosures Don t bury important things in Terms of Use or rely on disclosures FTC: if you can t make a required disclosure in a particular channel, don t use that channel for that message!

Text Messaging / TCPA Rule Changes (eff. Oct. 16, 2013) Prior express written consent required for prerecorded/ autodialed telemarketing calls to mobile phones. Express consent (not written) required for informational or nontelemarketing calls to mobile phones. No consent required for informational or non-telemarketing calls made to residential lines.

Evolution of Location-Based Marketing

CTIA Guidelines for Location-Based Services LBS Guidelines by CTIA (Wireless Association) Notice: meaningful notice of how users location information will be used and disclosed; what data is shared with 3rd parties Just-in-time notices for many data use cases Consent: obtain consent to use or disclose location information before initiating a location based service May be implied based on nature of service Pre-checked boxes generally not valid Right to terminate/revoke consent Security: reasonable administrative, physical and technical safeguards to protect location information from unauthorized access Retain information only as long as is necessary

Mobile Location Analytics Code of Conduct Issued by Sen. Charles Schumer / Future of Privacy Forum / 7 location analytics companies (Oct. 22, 2013) Notice: Conspicuous signage Clear, short, standardized privacy notices Choice: Opt-out mechanism, including a link to a site that provides a central industry opt-out Affirmative consent if (1) MLA data will be linked to a mobile device ID or (2) the consumer will be contacted Additional Principles: Do not collect personal information or unique device ID (including IMSI) unless promptly de-identified (or affirmative consent) No use of data for employment, healthcare, credit, insurance purposes Require downstream users of data to comply with the Code 17

Congressional Focus on Location Privacy Location Privacy Protection Act of 2014 (Franken) Requires consent prior to collection or sharing of location data Any company that collects location data from more than 1,000 devices must post online what data it collects, how it shares and uses the data, and how consumers can stop the collection or sharing Outlaws GPS stalking apps Congressional Hearings (May 5, 2014) FTC claims that self-regulation is inadequate: the opt-in standard is not being complied with on a regular basis

Mobile Privacy Guidance FTC, DAA, NAI Just-in-time disclosures Affirmative express consent before collecting sensitive consumer data

California AG Privacy Guidance Readability Use a format that makes the privacy policy readable (e.g., a layered format) Online Tracking/Do Not Track Clearly label the section of your privacy policy that describes your online tracking practices State whether third parties collect PII of consumers while they are on your site

The FTC has initiated many enforcement actions against online and offline companies for violating the FTC Act by: Not complying with a posted privacy policy Changing a privacy policy (perhaps to reflect new technology or new partners/vendors) and not giving consumers notice or the opportunity to opt out of the new policy Failing to adequately safeguard data Claiming to provide adequate security for data and then failing to do so Failing to adequately disclose what data is collected and for what purpose Failing to honor opt-out promises

v. FTC proposed consent judgment re: Collecting users contacts information from their address books without notice or consent Transmitting geolocation data (despite a privacy policy saying it would not track or access such data) Making promises about data security, but failing to secure its features (which led to hacking of 4.6 million users phone numbers and user names) Public comment period closed June 9, 2014 If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises. Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action. - FTC Chairwoman Edith Ramirez

FTC Settlement - Brightest Flashlight app The maker of the Brightest Flashlight Free mobile app settled charges that it transmitted users precise location and unique device ID to third parties, including advertising networks, and that the opt-out offered by the company was meaningless. (Dec. 2013)

Mobile App Short-Form Notices NTIA Code of Conduct encourages app developers and publishers to adopt a short form notice describing: the collection of these types of data (whether or not consumers know that it is being collected): Biometrics Browser History Phone or Text Log Contacts Financial Info Health, Medical or Therapy Info Location a means of accessing a long form privacy policy, if separate; the sharing of user-specific data, if any, with certain third parties; and the identity of the entity providing the app.

Mobile Payments: How Secure Are They? Data Storage Three common models for where and how to store mobile payments data: Secure element (encrypted chip in the phone, only bank can access & decrypt) Cloud / external server Encrypted in a file contained in the phone s memory (consumers can access & decrypt) Technology Near-Field Communication (NFC) Bluetooth Low Energy (BLE) QR/Bar Codes Text messages Authentication Password PIN Biometrics 25

FTC Report on Mobile Payments Key FTC Concerns: Dispute Resolution Data Security Privacy

Mobile Payments Regulation CFPB / FRB CFPB has suggested that additional regulations may be necessary to cover mobile payments. A mobile wallet could steer customers to suboptimal decisions due to vested interests of the mobile wallet provider or other underlying motives. FRB Report on Consumers and Mobile Financial Services (March 2013). Consumer survey indicates security is a major impediment to consumer adoption of mobile payments and mobile banking. 27

PCI Guidelines Updated PCI-DSS and PA-DSS Standards (November 2013) Recommends incorporating security into BAU activity PCI Mobile Payment Acceptance Security Guidelines For Merchants (February 2013) PCI Mobile Payment Acceptance Security Guidelines For Developers (September 2012) 28

Mobile Payments Industry Guidelines CTIA Best Practices and Guidelines for Mobile Financial Services Authentication & authorization (MFA, PIN, shared secrets, challenges, etc.) Limit liability for unauthorized transactions; consider controls to protect users (spending caps, etc.) Disclose material terms Consent to enrollment in MFS Security protocols (encryption, hashing, secure sessions, PIN, remote wipe/disabling) Access controls / fraud and identity theft protection Disclosure of collection and use of information Dispute resolution procedures ETA Best Practices and Guidelines for Mobile Payment Solutions Reinforces other industry guidance and requirements (PCI-DSS, etc.) 29

QUESTIONS? THANK YOU Mark Bisard Mark.Bisard@aexp.com @cyberesq Nate Hole nhole@loeb.com Brian Nixon bnixon@loeb.com CH 111459 LOEB & LOEB LLP 2014

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information