Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Last year, the Federal Trade Commission (FTC) released a staff report on Cross-Device Tracking, which added to the FTC's efforts to regulate emerging issues in the ever-evolving area of online behavioral advertising. The advertising in question involves the collection of data from a particular computer or device regarding a user's Internet-viewing behavior over time and across non-affiliate websites. Ostensibly, this technology obtains user preferences or interests. Cross-device tracking is the logical next step for this technology.
This cross-device tracking enables online behavioral advertising to be coordinated across a user's various devices such as smartphones, tablets, computers, game consoles and Internet-connected televisions. Using both behavioral advertising and cross-device tracking has grown since the release of the FTC study and shows no signs of stopping in 2018.
Within the guidance, the FTC acknowledges the benefits of both behavioral and cross-device tracking, but remains concerned with the privacy and consumer protection challenges raised by these systems. On the one hand, the FTC cites the benefits of a seamless experience for consumers across their devices, such as when they check email, read a book or watch a movie. Cross-device tracking also enables improved fraud detection and account security by providing companies with more options to protect a consumer by identifying a new device and requiring authentication through a known device. On the other hand, however, the FTC raises concerns over consumer transparency with the technology, particularly given that the scope of cross-device technology in this space is not understood by a majority of the public.
|A large issue with both behavioral advertising and cross-device tracking is that the approach to the practice is not uniform. Vendors for financial services firms can create many different user experiences and deploy various technologies that can accomplish the goal in different ways. For example, a vendor can track a user through traditional cookies, flash cookies, Web beacons and countless other technologies, all of which may require different opt-out methods. A vendor can also positively identify the same user across multiple devices using login information or other personally identifiable information commonly called the “deterministic method.”
Alternatively, a vendor can track and identify a probable user through non-personal data, such as an IP addresses. This practice is known as a “probabilistic method.” As the proprietor of a website, a vendor must understand the technology and the methods being utilized by its marketing partners to properly disclose the practices and technology to the proprietor's consumers. This requires a level of due diligence that many proprietors fail to perform. Without proper controls and policies governing these practices, a website proprietor's regulatory, reputational and litigation risks all increase dramatically.
For those in the financial services industry, these leaps in technology can pose greater threats to those utilizing the services than those in less heavily regulated industries. For example, if lenders employed these technologies to capture data that contain contact information, the lenders can find themselves in violation of federal consumer protection regulations such as the Fair Debt Collections Protection Act (FDCPA), the Telephone Consumer Protection Act (TCPA), Equal Credit and Opportunity Act (ECOA), or the Dodd-Frank Act protections under the Unfair Deceptive or Abusive Acts (UDAAP) regulations.
Lenders are put under greater scrutiny regarding how they are using and storing the data collected and how these processes are disclosed to their consumers. Legal and compliance departments within lenders are often surprised at the magnitude of regulatory liability these practices can create. For example, if your advertising department has free reign to create the parameters of whom your institution is targeting for behavioral advertising, will any thought be given to the fair lending impact those choices may have? In another hypothetical, is your marketing department deploying technology that may return contact information for borrowers? If so, is your institution aware of how that data is stored and utilized? If not, the lender may be facing violations under the TCPA and the FDCPA.
|To avoid these risks, address privacy concerns and improve consumer transparency regarding cross-device tracking and behavioral advertising, financial services industry professionals should take the following steps:
With the technology that drives data collection evolving daily, the regulators of financial serves are taking notice. The best way to avoid the reputational, litigation and regulatory risks associated with this space is to: 1) fully (if not, over-) disclose your activity and technology to your consumers; 2) maintain strict controls over the deployment of the services and technology; and 3) maintain a robust third-party vendor oversight function, which contemplates the regulatory implications that occur within the digital marketing space.
*****
Craig Nazzaro is Of Counsel in the Atlanta office of Nelson Mullins Riley & Scarborough LLP. His practice areas include Alternative Lending & Other Non-Bank Financial Services, FinTech, and Payments & Digital Commerce. Dowse Bradwell “Brad” Rustin, IV, is a partner in the firm's Greenville, SC, office whose practice areas include Banking & Financial Services, FinTech and Payments & Digital Commerce. Elizabeth A. DeVos is an associate in the firm's Greenville, SC, office. Her practice areas include Banking and Financial Services, FinTech, Consumer Financial Services, and Payments & Digital Commerce.
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.