It’s 3 AM: Do You Know What Your Website Is Doing? Tips for Reducing Regulatory and Litigation Risk Stemming From Website Technologies

Patricia Carreiro
Carlton Fields
Contact
LinkedIn
Facebook
X
Send
Embed

Carlton Fields

Website technologies run the gamut from session replay to pixels and other digital advertising technologies. These technologies are ubiquitous and deployed by organizations around the world to enhance the experience of visitors to those organizations’ websites and improve marketing outcomes.

Despite these legitimate uses, regulators and class action plaintiffs are taking aim at these technologies, leading to considerable compliance and litigation risk. Consider the following examples:

  • Sephora’s $1.2 million settlement with the California attorney general for its alleged failure to process opt outs of cross-context behavioral advertising, including respecting Global Privacy Control signals.
  • FTC settlements with GoodRx ($1.5 million) and BetterHelp ($7.8 million) related to their alleged disclosure of website users’ information to advertising providers.
  • Video Privacy Protection Act litigation ballooning against companies in seemingly every industry concerning those companies’ alleged use of Meta Pixel, Google Analytics, and similar tools.
  • Litigation alleging HIPAA violations based on health care providers’ use of digital advertising technologies.
  • Litigation alleging session replay and chatbot technologies violating wiretapping statutes.

Given this landscape, organizations should consider the following three steps to reduce their compliance and litigation risk:

  • Inventory the technologies and related settings currently deployed on your website and how any data is being collected, used, or disclosed. Different settings can require different privacy notices and consents. If needed, engage a consultant to scan the website and prepare a report.
  • Assess current settings and practices against:
    • Applicable privacy laws and regulations, based on the location of the organization, employees, customers, marketing audiences, and website visitors.
    • Existing privacy notices and consents.
    • The contracts in place with technology providers and any recipient of information from the tracking technologies. For health care organizations, this might involve reviewing the business associate agreements with those third parties.
  • Make any advisable adjustments to address any potential issues revealed by the above. For example, updating existing disclosures, contracts, and methods for documenting consent to the practices disclosed (e.g., privacy policies, terms of use). Ask yourself:
    • Are tracking technologies disclosed?
    • How are any consents obtained and stored?
    • Are up-to-date class action waivers and arbitration provisions included in your terms of use?
Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Carlton Fields | Attorney Advertising

Written by:

Carlton Fields
Carlton Fields
Contact
more
less

Carlton Fields on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide