FTC Shines a Light on Flashlight App’s Geolocation Data Sharing

In the agency’s first action involving geolocation data, Goldenshores Technologies, LLC, settled charges with the Federal Trade Commission that the company failed to adequately disclose that users’ location information was shared with third parties.

Noting that “Brightest Flashlight Free” app is “one of the most popular” apps for Android mobile devices, the FTC said that Goldenshores deceived the “tens of millions” of users that downloaded the app. The company’s privacy policy informed users that Goldenshores would collect data, providing a list of the types of information that would be gathered. But since at least February 2011, the company neglected to mention that geolocation information would be shared with third parties, including ad networks, the FTC alleged.

In addition, Goldenshores offered users a deceptive choice, the FTC said. After downloading the app, the first time users opened it, they were presented with the company’s End User License Agreement and a choice to “Accept” or “Refuse” the terms. The decision was illusory with regard to data collection, the agency claimed, because even before the user accepted the terms the app was already collecting and sharing their unique device identifier and exact geographic location.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a press release about the settlement. “But this flashlight app left them in the dark about how their information was going to be used.”

Under the terms of the proposed settlement, the defendants – Goldenshores and Erik M. Geidl, manager of the company – would be required to delete any personal information collected from users. Future misrepresentations about the collection and sharing of customer information, including the level of control given to consumers about how their data is used, would be prohibited. Finally, Goldenshores promised to add a just-in-time disclosure regarding geolocation data requiring affirmative express consent from users before the collection, use, and sharing of the information.

The proposed consent order is open for public comment until January 6, 2014.

To read the complaint and the proposed consent order in In the Matter of Goldenshores Technologies, LLC, click here.

Why it matters: The Goldenshores action signals focus by the agency on the intersection of consumer privacy and geolocation data, an issue previously recognized by Sen. Al Franken (D-Minn.). Last year Sen. Franken introduced the Location Privacy Protection Act, which would have required mobile apps to receive user permission before collecting and sharing location data. Although the bill was approved by the Senate Judiciary Committee in a voice vote, it also faced opposition from the Interactive Advertising Bureau, which argued the law would have posed technological challenges for the mobile industry.

back to top

Internet of Things Open for Comment

A recent Federal Trade Commission workshop on the Internet of Things was only the beginning.

After spending a day discussing the burgeoning ecosystem, the agency is now requesting comment on some of the topics discussed about the “ability of everyday devices to communicate with each other and with people.”

Specifically, the FTC wants to learn more about the potential benefits for consumers from the Internet of Things. Counterbalancing the benefits, the agency asked about the privacy and security challenges posed by the new technology. “How can privacy and security risks be weighed against potential societal benefits (such as improved health-care decision-making or energy efficiency) for consumers and businesses?” the FTC asked.

As discussed during the workshop, the agency questioned what the appropriate role of the Fair Information Practice Principles should be in the Internet of Things, and what steps companies can take – prior to releasing a product or service on the market – to limit potential security problems.

Notice and choice for consumers may also present unique challenges within the Internet of Things, the FTC acknowledged, asking what options companies have when providing effective notice and choice is impossible.

The agency also queried what effect the Internet of Things may have on data de-identification or anonymization and how companies can reach consumers without an ongoing relationship. For example, how can consumers be notified if a software update or security patch is available for a product?

The deadline for filing comments with the agency is January 20, 2014.

To learn more about the workshop, from the agenda to videos of the proceedings, click here.

Why it matters: At the workshop, FTC speakers indicated that the agency plans to release a report on the Internet of Things in 2014 with recommended best practices for smart devices. While Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, also said the agency does not intend to issue new regulations on the topic, the FTC asked for comment on whether “new use-restrictions [are] necessary to protect[ ] consumers’ privacy,” as well as sought input on how the FTC should “encourage innovation in this area while protecting consumers’ privacy and the security of their data.”

back to top

Spotify Sued Over Automatic Renewals

According to a new class action suit filed in California, music streaming service Spotify violated state law by failing to obtain affirmative consent from users before enrolling them in an automatic renewal program.

Spotify offers users two membership options: the Unlimited plan, which gives users the ability to listen to music ad-free on their desktop and/or laptop for $4.99 per month, and the Premium plan, which for $9.99 per month offers the same service on multiple devices (such as a desktop, laptop, and cell phone). When Melissa Bleak accepted an offer for a one-month trial of the Premium service in August, she provided her credit card. Since then, her card “has been charged and continues to be charged, every month, on a recurring basis,” according to her complaint, without her express permission.

Users who upgrade to the Unlimited or Premium plans on their desktop or laptop computers select the desired plan and a payment method, and a statement appears: “You authorize Spotify to automatically bill your credit card each month, until you cancel your subscription. No refunds or credits for partial monthly subscription periods. You can cancel your subscription at any time by logging into your account and follow [sic] the cancellation instructions.”

Those who upgraded via a free 30-day trial link were told: “If you do not cancel your subscription before the end of the free trial the credit card you provide will automatically be charged the Spotify Premium subscription fee of US $9.99 + $0.00 sales tax per month, until you cancel. You can cancel at any time by logging into your Spotify account and follow the cancellation instructions.”

Despite these statements, Bleak claimed the company’s auto renewal plan violated Section 17602(a)(2) of California’s Business and Professions Code because users did not affirmatively consent to the terms. Spotify failed to provide a link to the terms and conditions of its service and failed to provide a mechanism such as a box for users to click that they agreed to the terms, Bleak said.

Bleak’s amended complaint noted that her suit only pertains to users who enrolled in the service via their desktop or laptop – the Spotify application requires a user to check a box stating that he or she has agreed to the terms of service.

In addition to damages and/or full restitution in the amount of the subscription payments made by all California residents who paid for the Premium and Unlimited plans on their desktop or laptop computers since December 2010, the suit seeks injunctive relief to stop Spotify’s auto renewal program.

Although Bleak originally filed her putative class action in state court, Spotify already filed a motion to remove the case to federal district court pursuant to the Class Action Fairness Act. Federal jurisdiction is appropriate because the proposed class is composed of more than 100 members and the aggregate amount in controversy exceeds $5 million, the company said. California residents spent more than $9.5 million via auto renewal payments for the Premium plan in 2013 alone, Spotify said – putting “substantially more” than $5 million in controversy.

In its motion, Spotify also said it “denied Bleak’s allegations of liability, injury and damages and will oppose certification of the putative class.”

To read the motion to remove and the complaint in Bleak v. Spotify, click here

Why it matters: Companies that offer automatic renewals should endeavor to make clear and conspicuous disclosures of all material terms of their programs or face the possibility of regulatory action or a class action suit.

back to top

Still on Sale? Retailer Faces Yet Another Inquiry into Sale Pricing

Jos. A. Bank Clothiers is dealing with yet another investigation into its advertising and marketing practices.

Having weathered inquiries from attorneys general in Florida, Georgia, and New York, the men’s clothing store chain recently received a subpoena from Ohio Attorney General Mike DeWine. The new investigation was revealed in the company’s quarterly earnings report earlier this month.

“We endeavor to monitor and comply with all applicable laws and regulations . . . to ensure that our advertising, marketing and promotional activities comply with all applicable legal requirements, many of which involve subjective judgments,” according to the report.

Jos. A. Bank is already facing legal action in the state of Ohio from a consumer class action. That suit claims the “regular price” listed by the company was “grossly inflated” to cover for the cost of offering consumers free suits in a buy one, get three free deal.

Outside of Ohio, the company has dealt with other legal woes based on its promotional materials. In 2004, the retailer paid $425,000 to settle charges of deceptive pricing in New York for having merchandise “perpetually ‘on sale,’ ” making the sale price actually the real price. A subsequent investigation was launched in 2011 by the state’s new Attorney General, Eric Schneiderman.

Jos. A. Bank’s most recent report states other challenges for the company with an investigation by Georgia’s Office of Consumer Protection, while a subpoena and inquiry from Florida’s AG “requiring the production of certain information relating to our advertising and sales promotion practices” is now closed.

Why it matters: The myriad of legal actions Jos. A. Bank is currently tackling provides an important lesson for advertisers: review promotional materials to avoid violations of relevant state law and potential regulatory or consumer legal action.

- See more at: http://www.manatt.com/ThreeColumn.aspx?pageid=28295&id=530816#sthash.j1NbsxCC.dpuf

FTC Shines a Light on Flashlight App’s Geolocation Data Sharing

In the agency’s first action involving geolocation data, Goldenshores Technologies, LLC, settled charges with the Federal Trade Commission that the company failed to adequately disclose that users’ location information was shared with third parties.

Noting that “Brightest Flashlight Free” app is “one of the most popular” apps for Android mobile devices, the FTC said that Goldenshores deceived the “tens of millions” of users that downloaded the app. The company’s privacy policy informed users that Goldenshores would collect data, providing a list of the types of information that would be gathered. But since at least February 2011, the company neglected to mention that geolocation information would be shared with third parties, including ad networks, the FTC alleged.

In addition, Goldenshores offered users a deceptive choice, the FTC said. After downloading the app, the first time users opened it, they were presented with the company’s End User License Agreement and a choice to “Accept” or “Refuse” the terms. The decision was illusory with regard to data collection, the agency claimed, because even before the user accepted the terms the app was already collecting and sharing their unique device identifier and exact geographic location.

“When consumers are given a real, informed choice, they can decide for themselves whether the benefit of a service is worth the information they must share to use it,” Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, said in a press release about the settlement. “But this flashlight app left them in the dark about how their information was going to be used.”

Under the terms of the proposed settlement, the defendants – Goldenshores and Erik M. Geidl, manager of the company – would be required to delete any personal information collected from users. Future misrepresentations about the collection and sharing of customer information, including the level of control given to consumers about how their data is used, would be prohibited. Finally, Goldenshores promised to add a just-in-time disclosure regarding geolocation data requiring affirmative express consent from users before the collection, use, and sharing of the information.

The proposed consent order is open for public comment until January 6, 2014.

To read the complaint and the proposed consent order in In the Matter of Goldenshores Technologies, LLC, click here.

Why it matters: The Goldenshores action signals focus by the agency on the intersection of consumer privacy and geolocation data, an issue previously recognized by Sen. Al Franken (D-Minn.). Last year Sen. Franken introduced the Location Privacy Protection Act, which would have required mobile apps to receive user permission before collecting and sharing location data. Although the bill was approved by the Senate Judiciary Committee in a voice vote, it also faced opposition from the Interactive Advertising Bureau, which argued the law would have posed technological challenges for the mobile industry.

Internet of Things Open for Comment

A recent Federal Trade Commission workshop on the Internet of Things was only the beginning.

After spending a day discussing the burgeoning ecosystem, the agency is now requesting comment on some of the topics discussed about the “ability of everyday devices to communicate with each other and with people.”

Specifically, the FTC wants to learn more about the potential benefits for consumers from the Internet of Things. Counterbalancing the benefits, the agency asked about the privacy and security challenges posed by the new technology. “How can privacy and security risks be weighed against potential societal benefits (such as improved health-care decision-making or energy efficiency) for consumers and businesses?” the FTC asked.

As discussed during the workshop, the agency questioned what the appropriate role of the Fair Information Practice Principles should be in the Internet of Things, and what steps companies can take – prior to releasing a product or service on the market – to limit potential security problems.

Notice and choice for consumers may also present unique challenges within the Internet of Things, the FTC acknowledged, asking what options companies have when providing effective notice and choice is impossible.

The agency also queried what effect the Internet of Things may have on data de-identification or anonymization and how companies can reach consumers without an ongoing relationship. For example, how can consumers be notified if a software update or security patch is available for a product?

The deadline for filing comments with the agency is January 20, 2014.

To learn more about the workshop, from the agenda to videos of the proceedings, click here.

Why it matters: At the workshop, FTC speakers indicated that the agency plans to release a report on the Internet of Things in 2014 with recommended best practices for smart devices. While Jessica Rich, Director of the FTC’s Bureau of Consumer Protection, also said the agency does not intend to issue new regulations on the topic, the FTC asked for comment on whether “new use-restrictions [are] necessary to protect[ ] consumers’ privacy,” as well as sought input on how the FTC should “encourage innovation in this area while protecting consumers’ privacy and the security of their data.”

Spotify Sued Over Automatic Renewals

According to a new class action suit filed in California, music streaming service Spotify violated state law by failing to obtain affirmative consent from users before enrolling them in an automatic renewal program.

Spotify offers users two membership options: the Unlimited plan, which gives users the ability to listen to music ad-free on their desktop and/or laptop for $4.99 per month, and the Premium plan, which for $9.99 per month offers the same service on multiple devices (such as a desktop, laptop, and cell phone). When Melissa Bleak accepted an offer for a one-month trial of the Premium service in August, she provided her credit card. Since then, her card “has been charged and continues to be charged, every month, on a recurring basis,” according to her complaint, without her express permission.

Users who upgrade to the Unlimited or Premium plans on their desktop or laptop computers select the desired plan and a payment method, and a statement appears: “You authorize Spotify to automatically bill your credit card each month, until you cancel your subscription. No refunds or credits for partial monthly subscription periods. You can cancel your subscription at any time by logging into your account and follow [sic] the cancellation instructions.”

Those who upgraded via a free 30-day trial link were told: “If you do not cancel your subscription before the end of the free trial the credit card you provide will automatically be charged the Spotify Premium subscription fee of US $9.99 + $0.00 sales tax per month, until you cancel. You can cancel at any time by logging into your Spotify account and follow the cancellation instructions.”

Despite these statements, Bleak claimed the company’s auto renewal plan violated Section 17602(a)(2) of California’s Business and Professions Code because users did not affirmatively consent to the terms. Spotify failed to provide a link to the terms and conditions of its service and failed to provide a mechanism such as a box for users to click that they agreed to the terms, Bleak said.

Bleak’s amended complaint noted that her suit only pertains to users who enrolled in the service via their desktop or laptop – the Spotify application requires a user to check a box stating that he or she has agreed to the terms of service.

In addition to damages and/or full restitution in the amount of the subscription payments made by all California residents who paid for the Premium and Unlimited plans on their desktop or laptop computers since December 2010, the suit seeks injunctive relief to stop Spotify’s auto renewal program.

Although Bleak originally filed her putative class action in state court, Spotify already filed a motion to remove the case to federal district court pursuant to the Class Action Fairness Act. Federal jurisdiction is appropriate because the proposed class is composed of more than 100 members and the aggregate amount in controversy exceeds $5 million, the company said. California residents spent more than $9.5 million via auto renewal payments for the Premium plan in 2013 alone, Spotify said – putting “substantially more” than $5 million in controversy.

In its motion, Spotify also said it “denied Bleak’s allegations of liability, injury and damages and will oppose certification of the putative class.”

To read the motion to remove and the complaint in Bleak v. Spotify, click here

Why it matters: Companies that offer automatic renewals should endeavor to make clear and conspicuous disclosures of all material terms of their programs or face the possibility of regulatory action or a class action suit.

Still on Sale? Retailer Faces Yet Another Inquiry into Sale Pricing

Jos. A. Bank Clothiers is dealing with yet another investigation into its advertising and marketing practices.

Having weathered inquiries from attorneys general in Florida, Georgia, and New York, the men’s clothing store chain recently received a subpoena from Ohio Attorney General Mike DeWine. The new investigation was revealed in the company’s quarterly earnings report earlier this month.

“We endeavor to monitor and comply with all applicable laws and regulations . . . to ensure that our advertising, marketing and promotional activities comply with all applicable legal requirements, many of which involve subjective judgments,” according to the report.

Jos. A. Bank is already facing legal action in the state of Ohio from a consumer class action. That suit claims the “regular price” listed by the company was “grossly inflated” to cover for the cost of offering consumers free suits in a buy one, get three free deal.

Outside of Ohio, the company has dealt with other legal woes based on its promotional materials. In 2004, the retailer paid $425,000 to settle charges of deceptive pricing in New York for having merchandise “perpetually ‘on sale,’ ” making the sale price actually the real price. A subsequent investigation was launched in 2011 by the state’s new Attorney General, Eric Schneiderman.

Jos. A. Bank’s most recent report states other challenges for the company with an investigation by Georgia’s Office of Consumer Protection, while a subpoena and inquiry from Florida’s AG “requiring the production of certain information relating to our advertising and sales promotion practices” is now closed.

Why it matters: The myriad of legal actions Jos. A. Bank is currently tackling provides an important lesson for advertisers: review promotional materials to avoid violations of relevant state law and potential regulatory or consumer legal action.

Topics:  Advertising, Automatic Renewals, Data Collection, Data-Sharing, False Advertising, FTC, Geolocation, Jos. A. Bank, Mobile Apps, Spotify

Published In: Antitrust & Trade Regulation Updates, General Business Updates, Communications & Media Updates, Consumer Protection Updates, Privacy Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »