On May 8, 2014, the US Federal Trade Commission (FTC) proposed for public comment its draft complaint and consent with mobile messaging service Snapchat, best known for promoting its “ephemeral” photo messaging site. (See our previous posting here.)
The FTC’s complaint claimed that Snapchat violated federal law (Section 5 of the FTC Act) with the following 6 false or deceptive claims:
- Contrary to Snapchat’s claims, “a message may not disappear forever after the user-set time period expires” due to widely publicized third-party apps, and a security flaw Snapchat purportedly was aware of (from a security researcher) for 10 months before addressing;
- Contrary to Snapchat’s statements, “a sender may not be notified if the recipient takes a screenshot of a snap” due to widely-publicized circumventions;
- Contrary to Snapchat’s implied representations, when a user selected “Find Friends,” Snapchat collected not only the phone number a user entered, but also the entire contents of all contacts in the user’s mobile device address book;
Under the proposed consent, Snapchat does not admit or deny any liability. If approved and to settle the matter, Snapchat would be:
- Prohibited from misrepresenting its products and services and treatment of personal information, or their privacy and security; and
- Required to implement a comprehensive privacy program that is subject to a third-party audit every 2 years for the next 20 years.
Note that the FTC has proposed a definition of “covered information” that includes not only name, address, e-mail address, or phone number, but also “a persistent identifier, such as a customer number held in a ‘cookie,’ a static Internet Protocol (“IP”) address, a mobile device ID, or processor serial number” or “precise geo-location data of an individual or mobile device, including GPS-based, WiFi-based or cell-based location information” or “an authentication credential, such as a user name or password” or “any communications or content that is transmitted or stored through [Snapchat’s] products or services.”
Sue Ross (firstname.lastname@example.org / +1 212 318 3280) is a lawyer in Norton Rose Fulbright’s US intellectual property practice.