On December 4, 2017, the Network Advertising Initiative (NAI), a self-regulatory body comprised of more than 100 digital advertising companies that collect and use consumer information for online behavioral advertising (OBA),1 issued an update to its Code of Conduct (the “Code”).  The Code imposes notice, choice, accountability, data security, and use limitation requirements on NAI member companies.

The 2018 Code update is most significant for combining the NAI’s web-focused Code with its previously-separate mobile application code of conduct (the “App Code”) and incorporating the NAI’s prior guidance on cross-device tracking. These updates reflect the NAI’s recognition of the decreasing significance of the distinction between web and mobile advertising, with today’s advertisers increasingly savvy at tracking users and advertising effectiveness across devices, browsers, and platforms. The update also revises some terminology for greater clarity. The 2018 Code update went into effect on January 1, 2018.
Continue Reading NAI Issues 2018 Update to Its Code of Conduct

Last year, the U.S. Supreme Court issued a decision in Spokeo Inc. v. Robins, holding that a plaintiff bears the burden of establishing Article III standing by alleging an injury in fact that is concrete, particularized, and actual or imminent.1 The Court stated that “Article III standing requires a concrete injury even in the context of a statutory violation,” and that a plaintiff cannot “allege a bare procedural violation, divorced from any concrete harm, and satisfy the injury in fact requirement of Article III.”2

Following Spokeo, courts across the nation have been grappling with how to interpret and apply the decision. In particular, a jurisdictional divide has arisen regarding courts’ interpretations of the standing issue in Fair Credit Reporting Act (FCRA) consumer protection class actions. Courts in the Seventh and Eighth Circuits, for example, have tended to find no standing in FCRA cases.3 Conversely, the Ninth Circuit has leaned toward plaintiff-friendly findings of standing in FCRA cases.4 Thus, the post-Spokeo FCRA class action jurisprudence demonstrates the criticality of forum in determining a defendant’s likelihood of success in challenging standing.Continue Reading Post-Spokeo Jurisdictional Divide Continues as Northern District of California Rejects TransUnion’s Lack of Standing Argument

On July 3, 2017, the Federal Trade Commission (FTC) announced that it had settled charges that defendants Blue Global, an operator of dozens of consumer loan lead generation websites, and its founder and CEO, Christopher Kay, violated the FTC Act. The FTC alleges that the defendants had, among other practices, misled consumers about Blue Global’s data security practices and shared information characterized by the FTC as consumers’ “sensitive personal information” with a variety of potential bidders after promising to disclose such information only to “trusted lending partners” meeting specified criteria. As part of the settlement, the defendants are subject to a judgment for more than $104 million,1 must maintain stringent oversight of third-party recipients of consumers’ sensitive personal information, and are enjoined from disclosing a consumer’s sensitive personal information other than when specified conditions, including having obtained that consumer’s express, informed consent, are met.
Continue Reading FTC Cracks Down on Lead Generation Company’s Indiscriminate Sharing of Consumers’ Sensitive Data