Advertising Law -- Jan 02, 2013

by Manatt, Phelps & Phillips, LLP

In This Issue:

Does a Virtual Pet Site Violate COPPA?

In a complaint filed with the Federal Trade Commission, the Center for Digital Democracy (CDD) maintains that Mobbles, a virtual pet app, violated the Children’s Online Privacy Protection Act by gathering data from children without obtaining prior parental consent.  Designed for children ages 4 and older, the app allows users to collect, trade, and play with their virtual pets.  But it also collects a “host of personal data” from children, including e-mail addresses and location data, the group claims.

Mobbles was released in May for Apple and Android devices and has ranked among the top 100 grossing entertainment apps in Apple’s App Store in 24 different countries and in the top 10 in 10 different countries, the CDD noted.

One feature of an app to “collect new pets” pinpoints a child’s precise location on a satellite map that includes a street name and a range of house numbers.  Children can also earn virtual currency and in-game coupons by disclosing their e-mail addresses to subscribe to a Mobbles newsletter.

Although parental consent is not required when children create a user name to trade their pets or when they provide their e-mail address to receive the Mobbles newsletter, CDD notes that “Mobbles makes no attempt to provide direct notice to parents and offers no opportunity for parents to opt out of further use of their children’s information.”

“Thus, CDD urges that the FTC promptly initiate an investigation of Mobbles, bring an enforcement action to stop Mobbles from any further collection of children’s personal information, and to seek all other appropriate remedies.”

Alex Curtelin, Mobbles’s co-founder, told Online Media Daily that Mobbles does not sell data to third parties and retains as little information as possible.  However, citing a need “to post a clearer privacy policy and review privacy practices,” the company took the game offline.

To read the CDD’s complaint, click here.

Why it matters:  The CDD argues that the complaint is representative of the need for updates to COPPA in the digital age, as Mobbles is just one of many children’s apps that takes “unfair advantage of children’s developmental vulnerabilities.” As Dr. Kathryn Montgomery, professor of communication at American University, said in the CDD’s press release, “This complaint provides a glimpse into a much larger, rapidly growing children’s mobile market, in which companies are unleashing all of the available techniques for targeting kids.”

Legislative Updates: Geolocation bill and VPPA Updates Advance, ECPA Update Stalls

As the year comes to an end, lawmakers are scrambling to make progress on legislation addressing geolocation privacy and updates to the Video Privacy Protection Act and the Electronic Consumer Protection Act.

Sen. Al Franken’s (D-Minn.) Location Privacy Protection Act, which would require mobile apps to receive user permission before collecting and sharing location data, was approved by the Senate Judiciary Committee in a voice vote.  The bill now moves on to the full Senate for consideration.

Sen. Franken, Chairman of the Senate Subcommittee on Privacy, Technology, and the Law, introduced his bill last June, but the Committee reviewed a revised version of the bill  that would permit a one-time user approval and not a requirement that permission be sought each time data is shared or collected.

“If you want to find the best pizza place where you’re driving, you’ve got to provide your location,” Sen. Franken told the Minnesota Post.  “If the pizza app wants your location, of course you’re going to give the pizza app your location; otherwise they can’t do what they do.  But if someone else wants your location and wants your location everywhere you want to go, you might not want to give them that. So what we’re trying to say is, it’s your choice to protect your own privacy.”

The law would also criminalize “stalker apps” – applications that share the location of a cellphone without its user’s knowledge – with exceptions for law enforcement or parents monitoring their children.

Although the bill passed the Committee, it did receive some pushback. Sen. Chuck Grassley (R-Iowa) expressed concern that the law could “do serious damage to the tech sector.”  Referencing a letter from the Interactive Advertising Bureau opposing Sen. Franken’s law, he said that informing consumers about who is receiving their information poses a practical and technological challenge.

“The mobile marketplace is a unique, yet highly complex technical ecosystem with multiple entities often behind a single service.  One application may have 10 or more different entities functioning behind the scenes to enable service, ad delivery, monetization, or analytics to help improve the user experience,” according to the IAB’s letter, which Sen. Grassley submitted to the Committee for the record.  “In a real-time automated delivery market, there is no technologically feasible or practical means for providing notice of each specific entity, as the entity changes in a moment’s notice.”

On December 20, 2012, the Senate unanimously passed H.R. 6671, which would update the Video Privacy Protection Act to facilitate the sharing of information regarding video rental habits on social media sites.  The updated law would allow the social networking and video rental sites to integrate so that users could share with friends the movies they have rented.

The Senate Committee also gave the nod to a bill containing updates to the 1986 Electronic Communications Privacy Act.  Changes to the ECPA would mandate that governmental authorities get a search warrant to obtain e-mails from suspects.  The current law, passed in 1986, predates the rise of e-mail and other forms of technological communication, making it easy for law enforcement officials to access data without a judge’s permission.  However, that update did not move forward in the House of Representatives on December 18, 2012.

Consent would expire after a two-year period or could be withdrawn at any time.

To read S. 1223, the Location Privacy Protection Act, click here.

To read H.R. 6671, the update to the VPPA, click here.

Why it matters: The movement of the bills through the Committee is viewed as progress for privacy advocates and may help speed their passage next session.

Dunkin’s “Best Coffee” Slogan Can’t Be Trademarked

In declining to approve a slogan trademark, the U.S. Patent and Trademark Office (USPTO) determined that the “Best Coffee in America” claim by Dunkin’ Donuts’ is merely “laudatory and descriptive.”

Dunkin’ Brands Group Inc. sought trademark protection for the phrase in the category of restaurant services, café services, snack bar services, and fast-food restaurant services.  The slogan had acquired distinctiveness, the chain argued, as it has been used in commerce for five years, beginning April 11, 2006.  The PTO disagreed and concluded that Dunkin’s “informational slogan is nothing more than a claim of superiority and is so highly laudatory and descriptive of the quality of the coffee featured in applicant’s restaurants, cafes and snack bars that applicant’s claim of acquired distinctiveness, based on five years’ use of the mark in commerce, is insufficient and unpersuasive.”  The examining attorney cited similar denials for claims like brew maker Sam Adams’s “The Best Beer in America” and Carvel’s attempt to register “America’s Freshest Ice Cream.”

He noted that, instead of indicating the source of Dunkin’s goods, the words simply tout the company’s goods as the best in America.  The mark “fits firmly in the category of marks identified…as being mere ‘puffery’ and incapable of functioning as a trademark.”  “‘Best Coffee in America’ touts simply that the coffee featured at applicant’s restaurants are superior to other coffees in this country.  While applicant may use this wording in promoting its restaurants and cafes and the coffee sold therein, the proposed mark does not function to indicate the source of applicant’s services or distinguish applicant’s services from those of others.”

To visit the USPTO’s decision, click here.

Why it matters:  Dunkin’ Donuts may continue to use the slogan, albeit without trademark protection.  A spokesperson told the Boston Globe that the company is “reviewing the filing and cannot speculate on future plans at this time.”  Dunkin’ Donuts has the right to contest the finding by the USPTO examining attorney, and if the decision is not reversed, has the option to appeal to the Trademark Trial and Appeal Board.  The finding was the company’s second trademark loss this year.  The USPTO earlier rejected registration for the phrase “Bagel Bunchkin” for the chain’s bite-size bagel pieces.

Takeoff: First California Suit Over Mobile Apps Hits Delta

Making good on her threat of legal action, California Attorney General Kamala Harris filed the first lawsuit against a mobile application for failing to have a privacy policy.

Harris, who has made privacy issues a focus of her term in office, targeted Delta Air Lines’ “Fly Delta” app.  When customers use the app to check in and make flight reservations, Delta collects information like a user’s name, phone number, gender, geolocation, passport number, debit or credit card information, and e-mail address.

But according to the complaint, Delta violates the 2004 California Online Privacy Protection Act, which requires companies to post their privacy policies if they collect personal information such as names, phone numbers, and e-mail addresses from state residents.

Harris began her enforcement campaign earlier this year, when she reached an agreement with the six largest online app providers – Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research in Motion.  The companies agreed that the Act applies to mobile apps.  Facebook signed onto the agreement in June.

In late October, Delta was one of roughly 100 companies that received a warning letter cautioning recipients they would be sued if they did not bring their apps into compliance within 30 days.

According to the complaint, the company has been distributing an app that has been downloaded by consumers “millions of times” without a privacy policy since at least 2010.  The suit contends that while Delta has an online privacy policy on its Web site, it does not reference the app nor is it reasonably accessible to app users.  It is therefore insufficient to satisfy the law’s requirements.

Delta “does not have a privacy policy in the application itself, in the platform stores from which the application may be downloaded, or on Delta’s website.  Users of the Fly Delta application do not know what personally identifiable information Delta collects about them, how Delta uses that information, or to whom that information is shared, disclosed, or sold.”

The suit seeks to enjoin the app from being downloaded until a privacy policy is added and requests fines of up to $2,500 per download.

To read the complaint in People v. Delta, click here.

Why it matters:  The warnings are over and all mobile apps should have a privacy policy or be prepared to face a civil complaint from AG Harris.  In a press release, Harris said the Delta complaint is the first suit filed to enforce the 2004 law.  “Losing your personal privacy should not be the cost of using mobile apps, but all too often it is,” Harris said in the statement.  “California law is clear that mobile apps collecting personal information need privacy policies, and that the users of those apps deserve to know what is being done with their personal information.”

Kids’ Apps Get a Failing Grade From the FTC

Ten months after the release of its first staff report on children’s mobile apps, the Federal Trade Commission returned to the subject and found “little progress” has been made “toward giving parents the information they need to determine what data is being collected from their children, how it is being shared, or who will have access to it.”

The February report, “Mobile Apps for Kids: Current Privacy Disclosures are Disappointing” offered a “warning call to the industry,” cautioning app stores, in-app advertisers, and app developers to do more to provide parents with easily accessible, basic information about the mobile apps used by their children.

According to a second report released in December, very few answered the call.

“While we think most companies have the best intentions when it comes to protecting kids’ privacy, we haven’t seen any progress when it comes to making sure parents have the information they need to make informed choices about apps for their kids,” FTC Chairman Jon Leibowitz said in a press release about the report.  “In fact, our study shows that kids’ apps siphon an alarming amount of information from mobile devices without disclosing this fact to parents.”

“Mobile Apps for Kids:  Disclosures Still Not Making the Grade” reviewed 400 available children’s applications in the Apple and Google stores.  “Most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data,” the report concluded. Just 20 percent of the apps reviewed by the agency disclosed any information about the app’s privacy practices.

In addition, many of the apps surveyed by the FTC had interactive features – like advertising, the ability to make in-app purchases, or links to social media – which share data from the mobile device with ad networks or other third parties without disclosing the fact to parents.

More than half of the apps reviewed contained advertising (58 percent), but just 15 percent disclosed the presence of in-app advertising prior to download.  Sixty percent of the apps surveyed transmit data from a user’s device either back to the developer or to a third party, the agency found.

The report advised entities within the mobile app industry to design and employ the “best practices” found in the agency’s staff report on privacy to provide greater transparency about how data is collected, used, and shared in children’s apps, and to offer parents easy-to-understand choices about data collection and sharing in their kids’ apps.

To read the report, click here.

Why it matters:  Leibowitz said the agency plans to perform another survey in the future and “will expect to see improvement.”  “All of the companies in the mobile app space, especially the gatekeepers of the app stores, need to do a better job,” he cautioned.  The agency also announced that it is launching non-public investigations to determine if mobile apps are violating the Federal Trade Commission Act or the recently updated Children’s Online Privacy Protection Act.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.