Frankfurt Kurnit Klein & Selz

May 16th, 2014

FTC Settles with Snapchat over Alleged Privacy and Security Violations

Snapchat Inc., developer of a popular mobile photo and video messaging app designed to bring the fabled self-destructing message to life, has agreed to settle FTC allegations that it misrepresented its privacy and data security practices - including that its messages could be made to "disappear forever" seconds after viewing.

The FTC complaint alleged that Snapchat made the following misrepresentations, among others:

• Although recipients could use third-party apps to save snaps indefinitely, Snapchat represented that senders of messages, or "snaps," could control how many seconds a recipient had to view the snap. The complaint alleged Snapchat did nothing to address this issue, even after receiving a security researcher's warning.
• Snapchat stored video snaps on recipients' devices in a location that remained accessible to recipients who connected their device to a computer and searched the device's file directory.
• Despite saying in its privacy policy that it did not track or access location information, Snapchat transmitted geolocation information from users of its Android app.
• Snapchat, via its "Find Friends" feature, collected information about iOS users' contacts without notice or consent, even though the company's privacy policy claimed that the app feature only collected the user's email, phone number, and Facebook ID solely for the purpose of finding friends.
• Snapchat failed to secure its "Find Friends" feature, resulting in a security breach permitting hackers to compile millions of Snapchat usernames and phone numbers. The company also failed to verify users' phone numbers, which resulted in users sending personal snaps to strangers who registered phone numbers that did not belong to them.

Under the terms of the settlement, Snapchat will have to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years. The company will also be prohibited from misrepresenting how it maintains the privacy, security, or confidentiality of user information. In its press release regarding the settlement, the FTC stated that this action is part of its ongoing effort to "ensure that companies market their apps truthfully and keep their privacy promises to consumers." The settlement should serve as yet another reminder that privacy policy promises are not made to be broken. Readers would do well to confirm that their policies accurately reflect the functionality of their website or app.

Read full FTC press release - "Snapchat Settles FTC Charges That Promises of Disappearing Messages Were False".

For more information on this settlement or any other advertising or marketing law issues, please contact Greg Boyd at (212) 826 5581 or gboyd@fkks.com, Terri Seligman at (212) 826 5580 or tseligman@fkks.com, Claudine Wilson at (212) 705 4842 or cwilson@fkks.com, or any other member of the Frankfurt Kurnit Advertising Group. For more alerts and general announcements from our firm, follow us on Twitter.