FTC Report Offers Recommendations to Social Media and Video Streaming Services

Want to receive these privacy recaps that matter to consent management, adtech and martech in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

UNITED STATES

FTC Report Offers Recommendations to Social Media and Video Streaming Services

An FTC staff report based on analysis of the data practices of social media and video streaming services was published, providing the FTC’s specific findings as well as recommendations in the areas of general collection, use, disclosure, minimization, retention, and deletion; advertising and targeted advertising; the use of automated decision-making technologies; practices relating to children and teens; and concerns relating to competition. Of note, the report found that many companies were collecting and indefinitely retaining large troves of data in ways consumers might not expect, that the technology powering advertising using personal data took place behind the scenes and out of view to consumers, that users lacked any meaningful control over how personal information was used for AI-fueled systems, and that many companies failed to adequately protect children, especially teens. 

The report recommended that companies: (1) implement more safeguards when it comes to advertising, especially surrounding sensitive data; (2) put users in control of–and be transparent about–the data that powers automated decision making; and (3) implement policies to ensure greater protection for children and teens, including providing parents/legal guardians a uniform, easy, and straightforward way to access and delete their child’s personal information.

TAKEAWAY

A particularly interesting part of the report is the section on targeting based on sensitive categories. The report notes that many of the companies assessed claimed in their policies to prohibit targeting based on sensitive categories, but that there was a lack of consistency about which categories were considered sensitive, which “makes it challenging for consumers and other stakeholders to understand the precise contours of the prohibited practices” and “could lead to uneven application of this prohibition and perhaps even instances where practices understood to be prohibited may occur.” Glaringly missing from this paragraph, though, was the sentence, “and to help fix this inconsistency, we, the FTC, are providing a clear definition of exactly what categories should be treated as sensitive data so that companies can apply it evenly.” The report merely offers the recommendation for companies to “construe the categories of information considered to be sensitive broadly.” The report does offer that “this lack of clarity and consistency may be yet another reason why a comprehensive federal privacy law giving consumers control over their information is necessary” (implying that such a law would provide clarity and consistency), but, in the meantime, the FTC cautions that “companies should not wait for new laws to take action.”

Understand how to manage sensitive data definitions and enforcement mechanisms across the regulatory landscape with this on-demand webinar from Sourcepoint. Watch it here.

EUROPE

ICO Reprimands Gaming Website Re Ineffective Consent as Part of Wider Audit

The UK Information Commissioner’s Office (ICO) issued a reprimand to Bonne Terre Limited (aka Sky Betting and Gaming) based on a finding that certain third-party tracking technologies were being deployed before visitors interacted with the website’s consent management platform (CMP), resulting in personal data being processed and made available to third parties for marketing purposes without visitors’ knowledge or consent. Although the ICO acknowledged that the company fixed the issue within one day after the ICO alerted it to the non-compliant practice, the ICO nevertheless issued a reprimand based on the infringement occurring prior to the fix, considering the “potential harms caused by the contraventions,” noting loss of autonomy and potentially a sense of manipulation or influence, loss of control of data subjects’ personal data, and intrusion into data subjects’ lives, including a possible sense of surveillance by way of unwanted targeted advertising. 

As part of the reprimand, the ICO recommends that Bonne Terre continue to review and monitor its processes to ensure that all non-essential cookies and tags are deployed on Bonne Terre’s domains only after valid visitor consent has been obtained. If future non-compliance is suspected, the ICO may take further formal regulatory action.

TAKEAWAY

In its announcement of the reprimand, the ICO notes that it is “working to crack down on websites that do not offer people a fair and informed choice over whether they want their personal information to be used for targeted advertising”, pointing out that gossip website Tattle Life will be investigated next for its use of cookies. The announcement also includes “a warning that there will be consequences if organizations breach the law, and people are denied the choice over targeted advertising”, urging “all organizations to assess their cookie banners now to make sure consent can be freely given before a letter arrives from the regulator.”

Uncover your marketing, data privacy and third-party cookie vulnerabilities with this guide from the experts at Sourcepoint. Download it here.

Want more of the privacy highlights that matter for consent management, adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.