Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

Internet LawFeaturesLaw Firm Marketing and Business DevelopmentTechnology Media and TelecomCybersecurity Law & Strategy

Online Marketing Practices Continue to Pose Regulatory Threats for the Financial Services Industry

By Craig Nazzaro, Brad Rustin and Elizabeth A. DeVos
February 01, 2018

Last year, the Federal Trade Commission (FTC) released a staff report on Cross-Device Tracking, which added to the FTC's efforts to regulate emerging issues in the ever-evolving area of online behavioral advertising. The advertising in question involves the collection of data from a particular computer or device regarding a user's Internet-viewing behavior over time and across non-affiliate websites. Ostensibly, this technology obtains user preferences or interests. Cross-device tracking is the logical next step for this technology.

This cross-device tracking enables online behavioral advertising to be coordinated across a user's various devices such as smartphones, tablets, computers, game consoles and Internet-connected televisions. Using both behavioral advertising and cross-device tracking has grown since the release of the FTC study and shows no signs of stopping in 2018.

Within the guidance, the FTC acknowledges the benefits of both behavioral and cross-device tracking, but remains concerned with the privacy and consumer protection challenges raised by these systems. On the one hand, the FTC cites the benefits of a seamless experience for consumers across their devices, such as when they check email, read a book or watch a movie.
Cross-device tracking also enables improved fraud detection and account security by providing companies with more options to protect a consumer by identifying a new device and requiring authentication through a known device. On the other hand, however, the FTC raises concerns over consumer transparency with the technology, particularly given that the scope of cross-device technology in this space is not understood by a majority of the public.

The Drawbacks

A large issue with both behavioral advertising and cross-device tracking is that the approach to the practice is not uniform. Vendors for financial services firms can create many different user experiences and deploy various technologies that can accomplish the goal in different ways. For example, a vendor can track a user through traditional cookies, flash cookies, Web beacons and countless other technologies, all of which may require different opt-out methods. A vendor can also positively identify the same user across multiple devices using login information or other personally identifiable information commonly called the “deterministic method.”

Alternatively, a vendor can track and identify a probable user through non-personal data, such as an IP addresses. This practice is known as a “probabilistic method.” As the proprietor of a website, a vendor must understand the technology and the methods being utilized by its marketing partners to properly disclose the practices and technology to the proprietor's consumers. This requires a level of due diligence that many proprietors fail to perform. Without proper controls and policies governing these practices, a website proprietor's regulatory, reputational and litigation risks all increase dramatically.

For those in the financial services industry, these leaps in technology can pose greater threats to those utilizing the services than those in less heavily regulated industries. For example, if lenders employed these technologies to capture data that contain contact information, the lenders can find themselves in violation of federal consumer protection regulations such as the Fair Debt Collections Protection Act (FDCPA), the Telephone Consumer Protection Act (TCPA), Equal Credit and Opportunity Act (ECOA), or the Dodd-Frank Act protections under the Unfair Deceptive or Abusive Acts (UDAAP) regulations.

Lenders are put under greater scrutiny regarding how they are using and storing the data collected and how these processes are disclosed to their consumers. Legal and compliance departments within lenders are often surprised at the magnitude of regulatory liability these practices can create. For example, if your advertising department has free reign to create the parameters of whom your institution is targeting for behavioral advertising, will any thought be given to the fair lending impact those choices may have? In another hypothetical, is your marketing department deploying technology that may return contact information for borrowers? If so, is your institution aware of how that data is stored and utilized? If not, the lender may be facing violations under the TCPA and the FDCPA.

Best Practices

To avoid these risks, address privacy concerns and improve consumer transparency regarding cross-device tracking and behavioral advertising, financial services industry professionals should take the following steps:

  1. Be transparent about your data collection and use practices by truthfully disclosing your tracking activities. Draft and deploy both an enterprise-wide privacy policy and an online privacy policy.
  2. Provide choice mechanisms that give consumers control over their data and, when you offer such choices, ensure that they are respected. To the extent opt-out tools are provided, any material limitations on how they apply or are implemented regarding cross-device tracking must be clearly and conspicuously disclosed.
  3. Provide heightened protections for sensitive information, such as financial information, meaning express consent should be granted by a consumer prior to engaging in cross-device tracking on these and other sensitive topics.
  4. Maintain reasonable security over the collected data. Companies should keep only the data necessary for their business purposes and they should properly secure the data they collect and maintain.
  5. Create controls around which departments can unilaterally deploy third-party online marketing vendors. Many times, smaller lenders may be unaware of what their marketing departments are doing within the digital space and may be unaware of the regulatory risks these activities could create.
  6. When negotiating the scope of services with digital advertising vendors, ensure that your legal and compliance partners review any change in technology or scope.
  7. Review your online privacy disclosure annually to ensure the necessary updates are made to the policy.

Conclusion

With the technology that drives data collection evolving daily, the regulators of financial serves are taking notice. The best way to avoid the reputational, litigation and regulatory risks associated with this space is to: 1) fully (if not, over-) disclose your activity and technology to your consumers; 2) maintain strict controls over the deployment of the services and technology; and 3) maintain a robust third-party vendor oversight function, which contemplates the regulatory implications that occur within the digital marketing space.

*****
Craig Nazzaro is Of Counsel in the Atlanta office of Nelson Mullins Riley & Scarborough LLP. His practice areas include Alternative Lending & Other Non-Bank Financial Services, FinTech, and Payments & Digital Commerce. Dowse Bradwell “Brad” Rustin, IV, is a partner in the firm's Greenville, SC, office whose practice areas include Banking & Financial Services, FinTech and Payments & Digital Commerce. Elizabeth A. DeVos is an associate in the firm's Greenville, SC, office. Her practice areas include Banking and Financial Services, FinTech, Consumer Financial Services, and Payments & Digital Commerce.

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.