Privacy policy
Subscribe to Privacy policy's Posts

FTC Enforces Facebook Policies to Stop Jerk

The Federal Trade Commission (FTC) recently accused the operator of (Jerk) of misrepresenting to users the source of the personal content that Jerk used for its purported social networking website and the benefits derived from a user’s purchase of a Jerk membership.   According to the FTC, Jerk improperly accessed personal information about consumers from Facebook, used the information to create millions of unique profiles identifying subjects as either “Jerk” or “Not a Jerk” and falsely represented that a user could dispute the Jerk/Not a Jerk label and alter the information posted on the website by paying a $30 subscription fee.  The interesting issue in this case is not the name of the defendant or its unsavory business model; rather, what’s interesting is the FTC’s tacit enforcement of Facebook’s privacy policies governing the personal information of Facebook’s own users.

Misrepresenting the Source of Personal Information

Although Jerk represented that its profile information was created by its users and reflected those users’ views of the profiled individuals, Jerk in fact obtained the profile information from Facebook.  In its complaint, the FTC alleges that Jerk accessed Facebook’s data through Facebook’s application programming interfaces (API), which are tools developers can use to interact with Facebook, and downloaded the names and photographs of millions of Facebook users without consent. The FTC used Facebook’s various policies as support for its allegation that Jerk improperly obtained the personal information of Facebook’s users and, in turn, misrepresented the source of the information.  The FTC noted that developers accessing the Facebook platform must agree to Facebook’s policies, which include (1) obtaining users’ explicit consent to share certain Facebook data; (2) deleting information obtained through Facebook once Facebook disables the developers’ Facebook access; (3) providing an easily accessible mechanism for consumers to request the deletion of their Facebook data; and (4) deleting information obtained from Facebook upon a consumer’s request.  Jerk used the data it collected from Facebook not to interact with Facebook but to create unique Jerk profiles for its own commercial advantage.  Jerk’s misappropriation of user data from Facebook was the actual source of the data contrary to Jerk’s representation that the data had been provided by Jerk’s users.

Misrepresenting the Benefit of the Bargain

According to the FTC, Jerk represented that purchase of a $30 subscription would enable users to obtain “premium features,” including the ability to dispute information posted on Jerk and alter or delete their Jerk profile and dispute the false information on their profile.  Users who paid the subscription often received none of the promised benefits.  The FTC noted that contacting Jerk with complaints was difficult for consumers:  Jerk charged $25 for users to email the customer service department.

A hearing is scheduled for January 2015. Notably, the FTC’s proposed Order, among other prohibitions, enjoins Jerk from using in any way the personal information that Jerk obtained prior to the FTC’s action – meaning the personal information that was obtained illegally from Facebook.

read more

McDermott To De-Mystify CalOPPA Compliance During February 25 Webinar

As we have previously discussed, California Governor Brown signed into law amendments to the California Online Privacy Protection Act (CalOPPA), the 2004 law that requires commercial websites, mobile apps and digital service providers to “conspicuously” post a “privacy policy” if the site or service collects personally identifiable information about California residents.  The amendments to CalOPPA add two new disclosure requirements for privacy policies required by CalOPPA:

  • The privacy policy must explain how the website “responds to ‘Do Not Track’ signals from web browsers or other mechanisms that provide California residents the ability to “exercise choice” about collection of their personally identifiable information. 
  • The privacy policy must disclose whether third parties use or may use the website to track (i.e., collect personally identifiable information about) individual California residents “over time and across third-party websites.”

Under amended CalOPPA, websites, mobile apps and digital service providers should have updated their privacy policies to include the new disclosure requirements by January 1, 2014. But, due to confusion about (among other things) what “Do Not Track” really means, many consumer-facing website operators and service providers in the digital and mobile space have not yet made the needed policy updates.

To learn more about CalOPPA and tips for complying with the new amendments, join Of Digital Interest’s editors Heather Egan Sussman and Julia Jacobson tomorrow (February 25th) at the 90-minute Track Me, Track Me Not: Complying with California’s Do Not Track Disclosure Requirements live webinar.

For details and to register, visit

read more

To Track or Not to Track

October 21, 2013 Digital advertising based on tracking users’ interests and related privacy concerns have been the subject of many recent news articles. What does this mean for businesses?  Evolving industry practices and new legislation relating to online privacy and user tracking likely require changes to online privacy practices and policies.

To read the full article, click here.

read more




2021 Chambers USA top ranked firm
LEgal 500 EMEA top tier firm 2021
U.S. News Law Firm of the Year 2022 Health Care Law