FTC to Companies: Inadequate Consumer Privacy Protections Will Be Silver Bullet to SilverPush Technology

Last week, the FTC issued another reminder of its intent to closely scrutinize the novel technologies embedded in apps and other consumer products to ensure that any data collected by the products is covered by the privacy policy provided with the products to consumers. On March 17, 2016, the FTC issued warning letters to twelve application developers regarding their use of software that monitors a device's microphone for audio signals in television advertisements. According to the FTC, the use of such software to collect information about the television-viewing habits of consumers without providing notice or obtaining their consent could constitute an "unfair or deceptive act or practice" in violation of Section 5 of the FTC Act. Accordingly, companies that elect to use this or similar technologies in the future, without obtaining the requisite consent from consumers, could—under the agency's theory—be found in violation of the FTC Act and, subsequently, subject to civil and criminal penalties.

The software at issue in the FTC's recent letters was developed by Indian technology company SilverPush. When installed, the software enables application developers to access SilverPush's "Unique Audio Beacon" technology, which allows mobile applications to listen to ultrasonic "audio beacons" embedded in television commercials through the device's microphone—even when the consumer is not actively using the application. At present, SilverPush claims that its "audio beacons" are not embedded in television advertisements targeting U.S. consumers; nevertheless, the FTC notes that the application developers to whom it sent warnings offer mobile applications containing SilverPush software that appears similar to that which is described above. According to the FTC, upon downloading the application, the consumer receives no disclosure about the functionality of such software. The FTC cautions the developers against allowing third parties to monitor the television-viewing habits of consumers through use of the developers' mobile applications—particularly if a developer's user interface or privacy policy fails to disclose this information or states or implies the opposite.

The FTC's action follows on the heels of several other privacy developments related to the use of interconnected smart televisions and mobile devices. For instance, within the past year-plus, multiple television manufacturers and entertainment companies have been sued in class actions under the Electronic Communications Privacy Act, the Video Privacy Protection Act, and state privacy statutes for the alleged collection and disclosure of consumer viewing habits and other sensitive personal information without consumers' knowledge or consent. In one such case, a class of consumers accused a television manufacturer of installing software on its smart televisions—without notice or consent—that tracks and records consumer viewing data, pairs the data with the consumer's IP address, and transmits the packaged information to a third-party advertising company so it can be sold for marketing purposes. In other cases, television manufacturers were accused of capturing voice commands through a smart television's voice recognition software, storing the information, and later transmitting it to third-parties. In each instance, it was alleged that the companies had engaged in "deceptive" acts and practices in violation of Section 5 of the FTC Act because their privacy policies supposedly did not make clear that such information would be collected, stored, and shared with third parties.

Although the technologies and data collection methods deployed in these cases vary, the FTC has expressed consistent concern over alleged deficiencies in companies' privacy policies and notice and consent procedures. Accordingly, the FTC's warning letters strongly caution application developers against misrepresenting their data collection practices and include a recommendation that the developers conform to FTC guidance on best practices for privacy disclosures in mobile applications.

Regulatory activity and scrutiny in the privacy area, as well as private litigation claims, likely will continue to grow at both the federal and state levels. These recent FTC actions serve as a reminder that, prior to a company introducing products and services that collect, use and/or share consumer information into commerce, the company may wish to revisit its privacy policies, data security practices, data collection and use practices, and customer notice and consent procedures to ensure they account for both the functionality of the product or service and current developments in state and federal privacy law.