In This Issue:

• New DAA App Brings Choice to Mobile
• Melanoma Detection Apps Settle With FTC
• LinkedIn to Pay $1.25M in Data Breach Suit

New DAA App Brings Choice to Mobile

Bringing consumer choice to mobile applications, the Digital Advertising Alliance released “AppChoices,” a free app that will allow consumers to opt out of tracking on mobile devices.

The DAA also launched the “DAA Consumer Choice Page for Mobile Web,” an “updated, mobile-optimized version” of the existing desktop consumer choice page.

“Our new mobile choice tools deliver the same reliable, independently enforced, privacy control experience where consumers and brands engage, both across the desktop Internet and on the go,” DAA Executive Director Lou Mastria said in a statement. The launch of the mobile privacy tools “reflects the DAA’s continued efforts to deliver consistent, privacy-friendly solutions backed by robust independent accountability.”

Eighteen ad-tech companies have agreed to participate and the app will be available through all major online mobile retailers. While the DAA’s desktop choice mechanism, known as AdChoices, currently features 122 companies, the group said the app will add companies after an initial test period.

Consumers who use the app can select which companies to target when making the choice to opt out. Consumers can also click on an individual company to read its privacy policy or learn more about the business.

“We believe these new tools for transparency and choice will lead to greater trust and engagement between brands and consumers no matter which screen is being used to interact,” DAA general counsel Stu Ingis said in a statement. “According to recent polling, seven in ten consumers want tools available that provide them transparency and choice over data collection wherever and however they access the internet, and nearly as many want to pick and choose which companies bring them relevant offers.”

To learn more about AppChoices, click here.

Why it matters: The DAA noted that self-regulatory bodies—specifically the Council of Better Business Bureaus and the Direct Marketing Association—will begin enforcement by the end of the summer pursuant to the group’s Mobile Guidance. While it remains to be seen whether the DAA’s AppChoices app attracts critical mass among online publishers and advertisers, the project nevertheless demonstrates industry’s continued desire and motivation to self-regulate rather than be regulated.

Melanoma Detection Apps Settle With FTC

Developers of mobile applications MelApp and Mole Detective, which claimed to detect the symptoms of melanoma, settled actions brought by the Federal Trade Commission in connection with their deceptive health claims.

The apps, priced at $1.99 (MelApp) and $4.99 (Mole Detective), instructed consumers to take a photograph of a mole with their smartphone cameras and upload the image to the app along with other information about the mole.

MelApp and Mole Detective promised to calculate the melanoma risk as low, medium, or high and claimed they could correctly analyze the risk of melanoma based on the photographs and a mathematical algorithm using “ABCDE” (Asymmetry, Border, Color, Diameter, and Evolution) criteria, even in its early stages. But the claims were deceptive in violation of Section 5 of the FTC Act, the agency said, as the marketers lacked evidence that the apps could actually detect melanoma at any stage.

Pursuant to the stipulated final judgment filed in Illinois federal court, the marketers of Mole Detective, Kristi Kimball and New Consumer Solutions LLC, are prohibited from claiming that a device—such as an app—can detect or diagnose melanoma unless the claim is truthful, not misleading, and supported by competent and reliable scientific evidence in the form of human clinical testing.

Defendants are further barred from making misleading or unsubstantiated health claims about products or services and must pay disgorgement of $3,930. Litigation is continuing against two additional defendants that assumed marketing responsibility for Mole Detective in August 2012.

In the MelApp case, Health Discovery Corporation is barred from making claims about a device’s ability to detect melanoma and other misleading claims, and must pay disgorgement of $17,693.

The actions also provided Commissioner Maureen Ohlhausen with the opportunity to reiterate her position regarding substantiation. “These matters are another example of the Commission using an unduly expansive interpretation of advertising claims to justify imposing an inappropriately high substantiation requirement on a relatively safe product,” she wrote in her dissent.

Ohlhausen agreed that the companies should provide adequate substantiation, but felt that the complaints and orders went too far, “demanding a high level of substantiation for a wide range of potential advertising claims.”

“This approach concerns me. Health-related apps have enormous potential to improve access to health information for underserved populations and to enable individuals to monitor more effectively their own well-being, thereby improving health outcomes,” Ohlhausen wrote. “The Commission should not subject such apps to overly stringent substantiation requirements, so long as developers adequately convey the limitations of their products. In particular, the Commission should be very wary of concluding that consumers interpret marketing for health-related apps as claiming that those apps substitute for professional medical care, unless we can point to express claims, clearly implied claims, or extrinsic evidence. If the Commission continues to adopt such conclusions without any evidence of consumers’ actual interpretations, and thus requires a very high level of substantiation for health-related apps, we are likely to chill innovation in such apps, limit the potential benefits of this innovation, and ultimately make consumers worse off.”

To read the complaint and stipulated final judgment in FTC v. Lasarow, the Mole Detective case, click here.

To read the administrative complaint and proposed consent order in In the Matter of Health Discovery Corporation, the MelApp case, click here.

To read Commissioner Ohlhausen’s dissenting statement, click here.

To read a statement from Chairwoman Ramirez and Commissioners Brill and McSweeny, click here.

Why it matters: The Director of the FTC’s Bureau of Consumer Protection, Jessica Rich, said the actions provide a twofold lesson for advertisers. “Truth in advertising laws apply in the mobile marketplace,” she said in a statement, adding that app developers and marketers “must have scientific evidence to support any health or disease claims that they make for their apps.”

LinkedIn to Pay $1.25M in Data Breach Suit

LinkedIn has agreed to pay $1.25 million to settle with a class of nearly 800,000 individuals who claim they overpaid for premium services, only to find that the site failed to provide adequate data security.

In June 2012, LinkedIn announced that hackers had stolen the passwords of approximately 6.5 million members and published them on a hacker Web site. Four putative class actions were filed in the following months and consolidated in a California federal court. The plaintiffs alleged that LinkedIn’s weak security allowed the hackers to obtain their personal information. By paying a monthly fee for what the site promoted as “premium services,” the class argued it was entitled to damages.

A federal court judge initially dismissed the action but two claims survived after an amended complaint was filed. The court then referred the case to private mediation and settlement talks began.

Following several months of negotiations, the parties reached a deal. LinkedIn agreed to pay $1.25 million to establish a fund for class member payments, class counsel fees (not to exceed one-third of the fund), administration expenses, and a $7,500 incentive award for the named plaintiff.

The class, which included LinkedIn users across the country who paid a fee for a premium subscription between March 15, 2006 and June 7, 2012, must submit a claim to receive a pro rata share of the settlement fund up to a maximum payment of $50.

If funds remain in the non-reversionary settlement fund after all payments to class members have been made, cy pres recipients—the Center for Democracy and Technology, the World Privacy Forum, and the Carnegie Mellon CyLab Usable Privacy and Security Laboratory—will receive such funds on a pro rata basis.

LinkedIn also provided prospective relief by agreeing to employ greater protection for users’ passwords for a five-year period.

To read the settlement agreement in In re LinkedIn User Privacy Litigation, click here.

To read the court’s order granting preliminary approval, click here.

Why it matters: The federal court judge overseeing the case granted preliminary approval to the deal and set a final fairness hearing for June 18. Given the years of litigation and the sizable settlement amount, the case demonstrates that companies must take all reasonable steps to prevent a costly data breach.