Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

FACE Act Introduced

By Bradley S. Shear
September 02, 2013

The Forbidding Advertisement Through Child Exploitation Act (FACE Act) of 2013 was introduced in Congress on July 10, 2013 by U.S. Congressman John J. Duncan, Jr. (R-N) to help protect the personal privacy of children and teens. The official title as introduced states: “To prohibit providers of social media services from using self-images uploaded by minors for commercial purposes.”

The FACE Act states: “(a) provider of a social media service may not intentionally or knowingly use for a commercial purpose a self image uploaded to such a service by a minor.” http://1.usa.gov/17Nl6Uf. The Act empowers the Federal Trade Commission (FTC) to promulgate regulations under section 553 of title 5 of the United States Code to implement the Act. This aspect of the legislation is extremely important because it appears to provide the FTC the flexibility to create regulations that will enable it to account for changes in technology.

Enforcement

To be effective, legislation should have adequate enforcement mechanisms. This bill appears to enable not only the FTC, but also state attorneys general and/or state officials and agencies to enforce the Act. According to the bill, a “state may enforce the act by bringing a civil action to: enjoin such act or practice; enforce compliance with such section or such regulation; obtain damages, restitution, or other such compensation on behalf of residents of the State; or obtain such other legal and equitable relief as the court may consider to be appropriate.”

The Act specifically states that it would not preempt states or political subdivisions of a state from enacting a law that provides minors greater personal privacy protection. At first glance, this appears to provide the potential to create burdensome regulations on cloud providers and their clients; however, cloud computing vendors have been able to flourish despite being required to adhere to different privacy laws in each state. For example, at least 46 states, including the District of Columbia, Guam, Puerto Rico and the Virgin Islands have data breach notification statutes. (A list of those states with links to their security breach notification laws is available from the National Conference of State Legislatures (NCSL).)

According to a GigaOM article about Gartner's Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, 4Q12 Update that was released earlier this year, “the U.S. is predicted to remain number one in overall cloud services deployment-by a wide margin-into 2016.” See, “Gartner: Public Cloud Services to Hit $131B by 2017.” Therefore, despite almost every state in the U.S. enacting its own data breach notification statutes (whose provisions may vary widely state by state), cloud computing providers have still been able to offer to clients compliant cost effective solutions.

States Take Charge

While the FTC's recent updates to the Children's Online Privacy Protection Act (COPPA) provide our children more privacy protections, state attorneys general, along with state officials or agencies, may be in a better position to protect the digital privacy of our children. See, “FTC Strengthens Kids' Privacy, Gives Parents Greater Control over Their Information by Amending Children's Online Privacy Protection Rule.” For example, while multiple EU data protection authorities are pursuing enforcement actions against Google because of its March 1, 2012 privacy policy change; so far the FTC has declined to do so. See, “European Data Protection Authorities Threaten to Fine Google,” The Irish Times.

In contrast, in 2012 the National Association of Attorneys General (www.naag.org) sent a letter (signed by 36 state attorneys general) expressing their concern about Google's privacy policy change. See, “Attorneys General Express Concerns over Google's Privacy Policy.” In July, 23 state attorneys general signed onto a follow up letter that stated, “[w]e are still greatly concerned about the way Google collects consumer information” and “[w]e also think more needs to be done to enable consumers to review and delete data that has been collected about them from specific Google products.” See, “Maryland Says Google Privacy Policy Doesn't Go Far Enough,” The Baltimore Sun.'

In addition to the actions spearheaded by the NAAG, California's Attorney General Kamala Harris has been active regarding protecting those who utilize mobile apps. Her office's recent report on mobile apps “provides guidance on developing strong privacy practices.” See, “Attorney General Kamala D. Harris Issues Guidance on How Mobile Apps Can Better Protect Consumer Privacy.” Harris also created the Privacy Enforcement and Protection Unit'to enforce federal and state privacy laws. Other states, such as Massachusetts, have introduced legislation (H 331) that would ban cloud computing service providers who contract with K-12 schools from processing student data for commercial purposes. See, http://1.usa.gov/176bzYz.

Conclusion

Even though some state attorneys general and state lawmakers around the country are working to protect the digital privacy of children, more tools are needed to ensure that children are not exploited. The FACE Act's introduction is important because it demonstrates that legislators realize that enacting stronger digital privacy laws is not only best for society, but that it will resonate with voters on election day.

While it may take several legislative sessions for the FACE Act to move forward due to the acrimony on Capitol Hill, it demonstrates that lawmakers still believe we have an expectation of privacy in the Digital Age. It would not surprise me if the FACE Act's introduction encourages state lawmakers to introduce similar bills in their respective legislatures around the country. Therefore, it is imperative that the cloud computing industry work with stakeholders to ensure that our children's personal digital data is not utilized for commercial purposes.


Bradley S. Shear is a lawyer in Bethesda, MD, and an Adjunct Professor at George Washington University. A member of this newsletter's Board of Editors, he practices cyber and social media law, privacy and advertising law, and copyright and trademark law. Shear advises state and federal lawmakers around the country on digital media law and public policy issues. He can be reached at www.shearlaw.com.

The Forbidding Advertisement Through Child Exploitation Act (FACE Act) of 2013 was introduced in Congress on July 10, 2013 by U.S. Congressman John J. Duncan, Jr. (R-N) to help protect the personal privacy of children and teens. The official title as introduced states: “To prohibit providers of social media services from using self-images uploaded by minors for commercial purposes.”

The FACE Act states: “(a) provider of a social media service may not intentionally or knowingly use for a commercial purpose a self image uploaded to such a service by a minor.” http://1.usa.gov/17Nl6Uf. The Act empowers the Federal Trade Commission (FTC) to promulgate regulations under section 553 of title 5 of the United States Code to implement the Act. This aspect of the legislation is extremely important because it appears to provide the FTC the flexibility to create regulations that will enable it to account for changes in technology.

Enforcement

To be effective, legislation should have adequate enforcement mechanisms. This bill appears to enable not only the FTC, but also state attorneys general and/or state officials and agencies to enforce the Act. According to the bill, a “state may enforce the act by bringing a civil action to: enjoin such act or practice; enforce compliance with such section or such regulation; obtain damages, restitution, or other such compensation on behalf of residents of the State; or obtain such other legal and equitable relief as the court may consider to be appropriate.”

The Act specifically states that it would not preempt states or political subdivisions of a state from enacting a law that provides minors greater personal privacy protection. At first glance, this appears to provide the potential to create burdensome regulations on cloud providers and their clients; however, cloud computing vendors have been able to flourish despite being required to adhere to different privacy laws in each state. For example, at least 46 states, including the District of Columbia, Guam, Puerto Rico and the Virgin Islands have data breach notification statutes. (A list of those states with links to their security breach notification laws is available from the National Conference of State Legislatures (NCSL).)

According to a GigaOM article about Gartner's Forecast Overview: Public Cloud Services, Worldwide, 2011-2016, 4Q12 Update that was released earlier this year, “the U.S. is predicted to remain number one in overall cloud services deployment-by a wide margin-into 2016.” See, “Gartner: Public Cloud Services to Hit $131B by 2017.” Therefore, despite almost every state in the U.S. enacting its own data breach notification statutes (whose provisions may vary widely state by state), cloud computing providers have still been able to offer to clients compliant cost effective solutions.

States Take Charge

While the FTC's recent updates to the Children's Online Privacy Protection Act (COPPA) provide our children more privacy protections, state attorneys general, along with state officials or agencies, may be in a better position to protect the digital privacy of our children. See, “FTC Strengthens Kids' Privacy, Gives Parents Greater Control over Their Information by Amending Children's Online Privacy Protection Rule.” For example, while multiple EU data protection authorities are pursuing enforcement actions against Google because of its March 1, 2012 privacy policy change; so far the FTC has declined to do so. See, “European Data Protection Authorities Threaten to Fine Google,” The Irish Times.

In contrast, in 2012 the National Association of Attorneys General (www.naag.org) sent a letter (signed by 36 state attorneys general) expressing their concern about Google's privacy policy change. See, “Attorneys General Express Concerns over Google's Privacy Policy.” In July, 23 state attorneys general signed onto a follow up letter that stated, “[w]e are still greatly concerned about the way Google collects consumer information” and “[w]e also think more needs to be done to enable consumers to review and delete data that has been collected about them from specific Google products.” See, “Maryland Says Google Privacy Policy Doesn't Go Far Enough,” The Baltimore Sun.'

In addition to the actions spearheaded by the NAAG, California's Attorney General Kamala Harris has been active regarding protecting those who utilize mobile apps. Her office's recent report on mobile apps “provides guidance on developing strong privacy practices.” See, “Attorney General Kamala D. Harris Issues Guidance on How Mobile Apps Can Better Protect Consumer Privacy.” Harris also created the Privacy Enforcement and Protection Unit'to enforce federal and state privacy laws. Other states, such as Massachusetts, have introduced legislation (H 331) that would ban cloud computing service providers who contract with K-12 schools from processing student data for commercial purposes. See, http://1.usa.gov/176bzYz.

Conclusion

Even though some state attorneys general and state lawmakers around the country are working to protect the digital privacy of children, more tools are needed to ensure that children are not exploited. The FACE Act's introduction is important because it demonstrates that legislators realize that enacting stronger digital privacy laws is not only best for society, but that it will resonate with voters on election day.

While it may take several legislative sessions for the FACE Act to move forward due to the acrimony on Capitol Hill, it demonstrates that lawmakers still believe we have an expectation of privacy in the Digital Age. It would not surprise me if the FACE Act's introduction encourages state lawmakers to introduce similar bills in their respective legislatures around the country. Therefore, it is imperative that the cloud computing industry work with stakeholders to ensure that our children's personal digital data is not utilized for commercial purposes.


Bradley S. Shear is a lawyer in Bethesda, MD, and an Adjunct Professor at George Washington University. A member of this newsletter's Board of Editors, he practices cyber and social media law, privacy and advertising law, and copyright and trademark law. Shear advises state and federal lawmakers around the country on digital media law and public policy issues. He can be reached at www.shearlaw.com.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
Strategy vs. Tactics: Two Sides of a Difficult Coin Image

With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.

Major Differences In UK, U.S. Copyright Laws Image

This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.

'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers Image

In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.

Fresh Filings Image

Notable recent court filings in entertainment law.

The Article 8 Opt In Image

The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.