Snapchat Settles FTC Charges of Misrepresenting Privacy and Security Features

Snapchat, a mobile app that lets users send photos and videos that self-destruct within ten seconds, settled FTC charges relating to the app's ephemeral message feature and the app's data collection and security features. This settlement is notable because some of the "misrepresentations" in Snapchat's privacy policy were due to new third-party technology used to access Snapchat pictures and photos. While Snapchat's privacy policy may have been accurate when Snapchat launched, the FTC claims it was no longer accurate once these new technologies were widely available. This settlement is a reminder that companies have to remain vigilant by testing and analyzing new technology and determining how such developments may affect their privacy policy.

Ephemeral Messages
The Snapchat app lets users send a photo or video to a friend. Before sending the photo or video, the sender chooses a time period - up to ten seconds - during which the recipient can view the photo or video. In product descriptions on the iTunes App Store and Google Play, Snapchat indicated that "You control how long your friends can view your message - simply set the time up to ten seconds and send. They'll have that long to view the message then it disappears forever. We'll let you know if they take a screenshot."

Snapchat also described the ephemeral nature of its messaging system in its FAQ :

"Is there any way to view an image after the time has expired?
No, snaps disappear after the timer runs out. ..."

Snapchat launched its mobile app for Apple devices in September 2011 and for Android devices in October 2012. According to the FTC, by early 2013 there were several low-cost and widely available methods to save a photo or video sent via Snapchat. In addition, there was at least one way for a recipient to take a screenshot of a photo or video without detection, preventing Snapchat from notifying the sender that a screenshot had been taken.

The FTC claimed that Snapchat's representations that messages sent using its service would disappear forever were false or misleading because some messages did not disappear forever. In addition, the FTC claimed that Snapchat's statement that senders would be notified if a recipient took a screenshot was also false or misleading.

Data Collection and Security
Snapchat also settled FTC charges that it collected users' contacts' information from their address books without notice or consent and transmitted users' location despite stating in its privacy policy that it did not "ask for, track, or access any location-specific information from your device at any time while you are using the Snapchat application."

The FTC also claimed that Snapchat failed to securely design its Find Friends feature. For example, Snapchat did not verify a user's phone number during registration, so an individual could create a Snapchat account with someone else's phone number. According to the FTC, consumers complained to Snapchat that they had disclosed photos containing personal information to unintended recipients and that accounts associated with their phone numbers had been used to send inappropriate or offensive snaps. The FTC claimed that Snapchat could have prevented the misuse and unintentional disclosure of consumers' personal information by verifying phone numbers using common and readily available methods.

Finally, the FTC claimed that Snapchat failed to implement effective restrictions on the Find Friends feature which led to the hacking of phone numbers and user names of 4.6 million Snapchat users.

"If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises," said FTC Chairwoman Edith Ramirez. "Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action."

Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.

 

 

Topics:  Data Collection, FTC, Mobile Apps, Mobile Privacy, SnapChat

Published In: Antitrust & Trade Regulation Updates, Communications & Media Updates, Consumer Protection Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Loeb & Loeb LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »