Sign Up for Alerts
Sign up to receive receive industry-specific emails from our legal team.
Sign Up for Alerts
We provide tailored, industry-specific legal updates to our clients and other friends of the firm.
Areas of Interest
May 16th, 2014
FTC Settles with Snapchat over Alleged Privacy and Security Violations
Snapchat Inc., developer of a popular mobile photo and video messaging app designed to bring the fabled self-destructing message to life, has agreed to settle FTC allegations that it misrepresented its privacy and data security practices - including that its messages could be made to "disappear forever" seconds after viewing.
The FTC complaint alleged that Snapchat made the following misrepresentations, among others:
- Although recipients could use third-party apps to save snaps indefinitely, Snapchat represented that senders of messages, or "snaps," could control how many seconds a recipient had to view the snap. The complaint alleged Snapchat did nothing to address this issue, even after receiving a security researcher's warning.
- Snapchat stored video snaps on recipients' devices in a location that remained accessible to recipients who connected their device to a computer and searched the device's file directory.
- Despite saying in its privacy policy that it did not track or access location information, Snapchat transmitted geolocation information from users of its Android app.
- Snapchat, via its "Find Friends" feature, collected information about iOS users' contacts without notice or consent, even though the company's privacy policy claimed that the app feature only collected the user's email, phone number, and Facebook ID solely for the purpose of finding friends.
- Snapchat failed to secure its "Find Friends" feature, resulting in a security breach permitting hackers to compile millions of Snapchat usernames and phone numbers. The company also failed to verify users' phone numbers, which resulted in users sending personal snaps to strangers who registered phone numbers that did not belong to them.
Under the terms of the settlement, Snapchat will have to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years. The company will also be prohibited from misrepresenting how it maintains the privacy, security, or confidentiality of user information. In its press release regarding the settlement, the FTC stated that this action is part of its ongoing effort to "ensure that companies market their apps truthfully and keep their privacy promises to consumers." The settlement should serve as yet another reminder that privacy policy promises are not made to be broken. Readers would do well to confirm that their policies accurately reflect the functionality of their website or app.
Read full FTC press release - "Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False".
For more information on this settlement or any other advertising or marketing law issues, please contact Greg Boyd at (212) 826 5581 or gboyd@fkks.com, Terri Seligman at (212) 826 5580 or tseligman@fkks.com, Claudine Wilson at (212) 705 4842 or cwilson@fkks.com, or any other member of the Frankfurt Kurnit Advertising Group. For more alerts and general announcements from our firm, follow us on Twitter.
Other Privacy & Data Security Law Alerts
Six Steps to Help Your Team Comply with the New SEC Public Company Cybersecurity Rules
On July 26, 2023, the Securities Exchange Commission (“SEC”) approved final Rules entitled Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure (the “Rules”). The Rules require certain cybersecurity incident disclosures on Form 8-K, generally within 4 business days after the determination that a cybersecurity incident is material. Read more.
August 1 2023
Five Action Items to Help You Prepare for the Wave of Privacy Enforcement Starting July 2023
Mark your calendars - July 2023 is an important month for US privacy enforcement. Read more.
June 21 2023
Washington “My Health My Data” Act Dramatically Alters Health Data Compliance Landscape
Washington State’s My Health My Data Act (“the Act”) introduces a sweeping set of obligations for nearly all entities that do business in the state and that handle “consumer health data,” a broad new class of health-related data separate from that regulated by the federal Health Insurance Portability and Accountability Act (“HIPAA”). Read more.
April 24 2023