Advertising & Marketing
Subscribe to Advertising & Marketing's Posts

Brazil’s LGPD Takes Effect—With Early Enforcement

Brazil represents over half of all IT spend in Latin America, has the largest regional market for software outsourcing, employs a sizable IT workforce, manufactures consumer goods (including commercial airplanes and cars) and has an active consumer market of social media operated by global data aggregators. At a time when data privacy is becoming increasingly important to consumers, it seems only fitting that Brazil would adopt comprehensive privacy legislation to protect data privacy rights.

The General Data Protection Law, the first law of its kind in Brazil, is now in effect, and we are already seeing enforcement. Streamlining the legal framework on data protection, the law sets forth a number of requirements addressing legal bases for processing, individual rights, governance and accountability and data transfers.

Access the article.




A Sale or Not a Sale? The Digital Advertising Debate

The California Consumer Privacy Act (CCPA) requires businesses who engage in sales of personal information, to offer consumers the right to opt out of such sales through a “Do Not Sell My Personal Information” link or button on their websites. These “Do Not Sell” obligations present a particularly thorny question for businesses that participate in a digital ad exchange or otherwise use advertising tracking technologies on their websites. Because data elements such as IP address, cookie ID, device identifier and browsing history are considered “personal information” for purposes of the CCPA, the question is: does sharing that information with third-party ad tech providers constitute a “sale” of data?

The answer, so far, is a resounding “maybe.” In what follows, we expand on the issue and survey different approaches to this hotly contested question.

Why the Debate?

The CCPA defines a “sale” as “selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to another business or a third party for monetary or other valuable consideration.” The Network Advertising Initiative (NAI) broke this definition down into three main elements that, when satisfied, might make the case that digital advertising involves a “sale.”

    • The digital advertising must involve “personal information.” We know that it does because serving digital ads requires, at the very least, access to IP address and browsing history.
    • The digital advertising must involve the movement of personal information from a business to another business or third party. This is often true for digital advertising relationships, as ad tech intermediaries and other participants in the ad exchange often use the personal information they have received from businesses for their own purposes, thus taking many ad tech entities outside of CCPA’s “service provider” safe harbor.
    • The digital advertising must involve the exchange of monetary or other valuable consideration for the personal information. This is a fact-specific inquiry that will vary across contractual arrangements. For that reason, the NAI analysis states it would be difficult to broadly categorize all digital advertising activities as “sales.” However, the NAI cautions that if the recipients of personal information can retain the information “for profiling or segmenting purposes” (e.g., the ability to monetize the data independently), that could be evidence of a “sale” of data.

(more…)




Digital Health Year in Review: 2017 Trends and Looking Ahead to 2018

Throughout 2017, the health care and life sciences industries experienced a widespread proliferation of digital health innovation that presents challenges to traditional notions of health care delivery and payment as well as product research, development and commercialization for both long-standing and new stakeholders. At the same time, lawmakers and regulators made meaningful progress toward modernizing the existing legal framework in a way that will both adequately protect patients and consumers and support and encourage continued innovation, but their efforts have not kept pace with what has become the light speed of innovation. As a result, some obstacles, misalignment and ambiguity remain.

We are pleased to bring you this review of key developments that shaped digital health in 2017, along with planning considerations and predictions for the digital health frontier in the year ahead.

Read the full Special Report.




New Chinese Government Report Highlights Recent Data Protection Enforcement and Attitudes

In the final days of 2017, the vice chairman of the Standing Committee of China’s National People’s Congress (NPC) submitted a report to the Standing Committee of the NPC detailing the Network Security Law enforcement inspection project that began earlier in the year. This inspection had focused on five key points under the government’s overall data protection strategy:

  • Legal education
  • Supporting laws and regulations
  • Protection of critical information infrastructures and the application of graded protection for network security
  • Illegal network information
  • Personal information protections

(more…)




Artificial Intelligence in Health Care: Framework Needed

Although the incorporation of technology into human endeavours—commercial, political and personal—is a normal component of technological innovation, the advent of artificial intelligence technology is producing significant challenges we have not felt or understood with earlier innovations. For many years, for example, there has been speculation, research and public debate about the impact of the internet, the functioning of search engines, and online advertising techniques on commercial and political decisions.

The alleged “hacking” of the 2016 US presidential election, and the concerns about such activities in the 2017 European elections, will only heighten the interweaving discussions on free speech, national sovereignty, cyber security and the nature of privacy.

The use of artificial intelligence and machine-learning technologies has only added to the list of issues and areas of concern. The consequences of automobile accidents involving “self-driving” technologies, the “flash crashes” on securities markets due to algorithmic trading, and bias in systems designed to determine benefit eligibility, are requiring us to consider what happens when we defer judgment to machines, and highlighting the importance of quality in data sets and sensors.

Continue Reading

Read Full International News, Fall 2017




New York AG Settlement with App Developers Serves as a Warning for the Need for Evidence-Backed Commercial Claims

On March 23, 2017, the New York Attorney General’s office announced that it has settled with the developers of three mobile health (mHealth) applications (apps) for, among other things, alleged misleading commercial claims. This settlement highlights for mHealth app developers the importance of systematically gathering sufficient evidence to support their commercial claims.

Read the full article.




The TCPA: An Unexpected Deterrent to Patient Engagement Tools

In an age where providers are increasingly taking the management of their patient’s health online and out of the doctor’s office, the creation of scalable and nimble patient engagement tools can serve to improve patient experience, health care outcomes and health care costs. While the level of enthusiasm for these tools is at an all-time high, there is a growing concern about the unexpected deterrent to the adoption of these tools from an unlikely source: the Telephone Consumer Protection Act of 1991 (TCPA).

Many professionals in the health industry have come to share two misconceptions about the TCPA: first, that the TCPA only applies to marketing phone calls or text message “spam,” and second, that the TCPA does not apply to communications from HIPAA covered entities to their patients/health plan members. These misconceptions can be costly mistakes for covered entities that have designed their patient engagement outreach programs without include a TCPA compliance strategy.

Compliance Challenges

As discussed in a previous post, the TCPA was originally intended to curb abusive telemarketing calls. When applying the law to smarter and increasingly innovative technologies (especially those that we see in the patient engagement world), the TCPA poses significant compliance challenges for the users of these tools that arguably threaten to curb meaningful progress on important public health and policy goals.

Despite its initial scope of addressing robocalls, the TCPA also applies to many automated communications between health care providers and their patients, and between plans and their members. There is a diverse array of technical consent requirements that apply depending on what type of phone call you make. For instance, most auto-dialed marketing calls to cell phones require prior express written consent, meaning that the caller must first obtain written consent before making the call. To make compliance more compliance, callers remain responsible for proving consent and the accuracy of the numbers dialed.

Indeed, the TCPA presents a serious challenge for patient engagement tools, especially when violations of the TCPA can yield statutory damages of up to $1,500 per call or text message. While Federal Communications Commission orders over the past several years have added some clarity and a “safe harbor” for HIPAA-covered entities to help entities achieve compliance, there is still no “free pass” from the TCPA’s requirements. Therefore, covered entities and the business associates who work for them should not assume that compliance with HIPAA offers any security of defense against a successful claim under the TCPA.

(more…)




Employee consent to use of personal data reliable under German law

The German Federal Labor Court (Bundesarbeitsgericht (BAG)) has published the reasons for its two decisions about whether an employee can revoke consent given to his or her employer for public use of the employee’s image in photos, videos or other marketing materials (BAG 19 February 2015, 8 AZR 1011/13; BAG 11 December 2014 – 8 AZR 1010/13). The BAG held that (1) an employer can rely on an employee’s voluntary consent under German data privacy laws and (2) an employee must take into account the employer’s interests when justifying his or her revocation of a valid consent.  The BAG’s decisions are notable because they are contrary to the widely-held opinion that employee consent given in the context of the employment relationship is not completely voluntary.

German data privacy and copyright laws require an employer to obtain an employee’s consent to use the employee’s image in photos or videos developed for marketing or similar purposes.  The consent must be voluntarily given and not tied to the employee’s employment status.  Before the BAG’s decisions, some German data privacy law commentators argued that an employee’s consent is not always freely given because of the employee’s subordinate status in the employment relationship.

Now, under the BAG’s decisions, the existence of the employer-employee relationship does not cause an employee’s individual consent to be per se ineffective. The BAG determined that employees can freely choose whether to consent or not. If an employee believes that he or she is subject to discrimination for withholding consent, remedies are available under other German laws. The BAG emphasised that the consent must be in writing and include certain information to be valid and that whether the consent is subsequently revocable depends on the facts and circumstances.

Key Takeaway:

An employer should obtain individual written consent from an employee to use the employee’s image or likeness in marketing materials. To help prevent future revocation, the written consent must state (among other specific requirements) that the employer’s rights survive termination of the employment relationship.




Upcoming Webinar | Sweeps, Contests & Games in Social Media

Is a social media promotion part of your organization’s branding plans? Please join Julia Jacobson (McDermott partner and Of Digital Interest editor) and her co-panelists next Tuesday, July 28, 2015, at 2:00 pm for “Sweeps, Contests & Games in Social Media”. The webinar, the second in a three-part series hosted by the Brand Activation Association (a division of the Association of National Advertisers (ANA)) will explore endorsement, intellectual property and privacy legal issues, as well as the practical aspects of balancing brand wants with compliance needs and participation verification and fulfillment.

For more information, please click here.




FCC Releases Order Clarifying TCPA

Last Friday, July 10, 2015, the Federal Communications Commission (FCC) released Declaratory Ruling and Order 15-72 (“Order 15-72”) to address more than 20 requests for clarity on FCC interpretations of the Telephone Consumer Protection Act (TCPA). The release of Order 15-72 follows a June 18th open meeting at which the FCC adopted the rulings now reflected in Order 15-72 that are intended to “close loopholes and strengthen consumer protections already on the books.”

Keys rulings in Order 15-72 include:

  • Confirming that text messages are “calls” subject to the TCPA;
  • Clarifying that consumers may revoke their consent to receive robocalls (i.e., telemarketing calls or text messages from an automated system or with a prerecorded or artificial voice) “at any time and through any reasonable means”;
  • Making telemarketers liable for robocalls made to reassigned wireless telephone numbers without consent from the current account holder, subject to “a limited,one-call exception for cases in which the caller does not have actual or constructive knowledge of the reassignment”;
  • Requiring consent for internet-to-phone text messages;
  • Clarifying that “nothing … prohibits” implementation of technology that helps consumers block unwanted robocalls;
  • Allowing certain parties an 89-day (after July 10, 2015) window to update consumer consent to “prior express written consent” as the result of an ambiguous provision in the 2012 FCC Order that established the “prior express written consent” requirement; and
  • Exempting from the consent requirement certain free “pro-consumer financial- and healthcare-related messages”.

We are reviewing the more than 135 pages of Order 15-72, as well as the separate statements of FCC Commissioners Wheeler, Clyburn, Rosenworcel (dissenting in part), Pai (dissenting) and O’Rielly (dissenting in part). Please check back soon for more information and analysis.




STAY CONNECTED

TOPICS

ARCHIVES