San Francisco’s Mass Transit Agency Accused of Illegally Collecting and Transmitting Smart Phone Data Through Security App

San Francisco’s public transportation agency and the creator of the agency’s suspicious activity reporting smart phone application have been accused of illegally collecting, tracking, and storing users’ personal information and location data without their consent, in violation of California statutory and constitutional protections. A putative class action complaint, which was filed this week in a California federal court, has alleged that the San Francisco Bay Area Rapid Transit District (“BART”) and Elerts Corp, a private software developer, created and made available to the public a free smart phone application that secretly collected users’ unique mobile identification numbers and allowed BART and Elerts to track a user’s location, amassing data that effectively removed any user anonymity. This conduct allegedly has violated California’s Cellular Communications Interception Act, Consumers Legal Remedies Act, and privacy rights guaranteed in Article I of the California Constitution.

According to the complaint, BART and Elerts joined forces in 2014 to launch BART Watch, a free Android and iOS smartphone application that allows users to discretely and – if the user chooses, anonymously – report suspicious activity in the BART system to the BART Police. However, BART Watch’s software allegedly contains code that accesses and shares a user’s personal data – such as the phone’s International Mobile Equipment Identity number – and other unique information, including GPS data, with the application’s servers. These actions allegedly occur even if a user submits a report to BART Police anonymously. Despite this, the complaint has alleged that BART Watch’s End User License Agreement and other access permissions pages do not seek consent from the user to collect and transmit this information. The plaintiff has alleged that these practices “are abnormal in the transit app industry and run contrary to California norms.”

The named class action plaintiff, a user of BART Watch since 2016, has sought damages and injunctive relief in the form of compelling BART and Elerts to: (1) stop collecting unique user identification and location data, (2) purge their records of all existing data, and (3) inform the plaintiff and putative class members of parties who received access to the collected information.

Takeaway: In light of increased public awareness of the capturing of cellphone user data by app makers and controversial “stingray” trackers, developers of digital tools that collect user information should pay close attention to this suit. In particular, any rulings interpreting the California’s 2015 Cellular Communications Interception Act may provide important guidance to companies collecting cell phone data.


What’s next for the advertising industry? Blockchain

Industries are increasingly harnessing blockchain technology in new and innovative ways.   Blockchain – a digital record, or ledger, of transactions – has the potential to revolutionize the way in which we conduct business across a variety of sectors, including the advertising industry.  The application of Blockchain technology in the advertising industry is in its nascent stages.  But as the technology is more frequently deployed for advertising industry uses, it will become necessary for industry stakeholders to understand Blockchain’s advantages and, perhaps more importantly, appreciate its potential risks.

What is Blockchain?

Blockchain is a digital record, or ledger, of transactions.  Each transaction is stored with other related transactions in a unit of data called a “block”.  These blocks are securely linked to one another in chronological order, forming the so-called “chain” of records that link back to the beginning of that particular ledger.

How does it work?

Blockchains are decentralized ledgers maintained by networks of personal computers.  To participate in a Blockchain network, a user must operate a software client that will connect them to that Blockchain.  The software client allows the user to record transactions, and also lends computing power to the network to help build new blocks of records.

Participants build new blocks of records by investing computer time to solve complex mathematical problems—a form of math called “cryptography”.  Only after these math equations are solved, then double-verified by a consensus of participants in the given network, can the block (i.e., the new record of a transaction) be added to the existing chain (i.e., the ledger of all transactions associated with the subject asset).

Though a simplification, the foregoing illustrates how a network of strangers can collectively maintain an accurate and transparent ledger of secure online records for any type of transaction, arguably eliminating the need for a “trusted” third party to act as the middleman.

Why should the advertising industry care?

Distributed ledgers like Blockchain solve important problems in Internet commerce:

  • Transparency: Blockchain could make tracing the whereabouts of a digital asset more like performing a real property title search.  Like the grantor-grantee index in land records, the Blockchain records every transaction involving a particular digital asset.  For advertising, the technology can be deployed to monitor ad placements and conduct real-time audits of ad delivery.
  • Marketing: Blockchain has the ability to help advertisers engage consumers in new and exciting ways.  One widely-reported use of Blockchain as a marketing tool involved a fashion label that enabled customers to authenticate a rare selection of handbags, and to learn the story behind each bag—who owned it, modelled it, and where it originated.
  • Consumer Data: Maintaining transaction data in a decentralized manner may offer security and anonymity benefits not currently available to brands and their agencies.

More to come

The increasing digital nature of the advertising industry has complicated the way the industry conducts business.  From transparency to efficiency, engagement to big data, stakeholders are searching for ways to wrangle the ad business’s moving parts. Blockchain can be a reliable and trustworthy system for helping the industry do just that.

Digital media are now caught by French regulation and in particular by stringent transparency requirements

By virtue of the French “Sapin” law of January 29, 1993, France has become one of the most transparency-regulated media markets in the world, and remains so today.

With the new Decree No 2017-159 of February 9, 2017, the protection of advertisers is further strengthened by extending the transparency requirements of the Sapin law to digital media as well.


In the early 90s, the French media market was negatively affected by a number of abuse practices that become part of everyday practices (e.g., double invoicing, fictitious invoicing, over-invoicing).

At that time, media agencies could act as a wholesaler by purchasing advertising space on their own behalf and re-selling it to advertisers. This scheme facilitated possible abuses, as the advertisers did not receive any invoices from the media owners and therefore often were neither aware of the real price of advertising space paid by the media agency, nor aware of any potential discounts granted to it.

In order to prevent such abusive practices and to eradicate corruption in the relationship between advertisers and media agencies, the French Sapin law established the principle of transparency by imposing to the media agency the status of an “agent” under French law.

Principal mechanisms established by the Sapin law

The principle of transparency established by the Sapin law was implemented by a series of prohibitions and obligations, notably:

  • Media agencies must be subject to the status of an agent – “mandat” (i.e., act in the name of and on behalf of the advertiser) and must sign with the advertisers a specific written agreement which specifies the services to be provided and the payment terms. The “mandataire” has similar duties to the fiduciary under common law, although acting in the best interests of the principal is implied under French law.
  • Any direct payment or benefit from the media owners to the media agencies is strictly forbidden
  • Media agencies must disclose in their general terms of sale any financial ties with media owners
  • Media agencies must provide the advertisers (i) with reports on the media diffusion, within one month following such diffusion, and (ii) with detailed invoices relating to the purchase of advertising space, specifying every advantage granted by the media owners

Failure to comply with these rules is severely punished with a fine of up to 300.000 euros, and a possible exclusion from public procurements for up to five years.

The increasing need to regulate the transactions in the digital media market

The French legislator ensured from the beginning that the Sapin law would have a broad territorial scope of application, by stating that it applies as soon as the advertising message is created for a French enterprise and is mainly received on the French territory, regardless of the agency or the media owner’s place of establishment. However, initially, the transparency regulations were aimed at the so-called traditional media, i.e., television, radio and press, which were the main media at the time of the adoption of the Sapin law. This means that, up to 2017, the digital media market was not affected by this regulation.

Faced with the constant increasing number of transactions in the digital media market, the French government has decided to regulate and control online transactions in a general context where French regulatory bodies are (i) scrutinizing the use of user data for “intelligent advertisement”, (ii) looking closely into the terms of use of digital platforms from a consumer protection and privacy prospective, and (iii) enforcing against these digital players. For example, the French Competition Authority announced, on May 23, 2016, the beginning of investigations on the sector of digital advertisement, focusing especially on the weight and strategies used by large media companies such as Facebook and Google.

It is against this background that the so-called Macron law No 2015-990 of August 6, 2015, extended the scope of Sapin law to digital media, referring to a Council of State decree on the need to specify the terms of such extension.

The new implementation Decree of February 9, 2017

The much-awaited application Decree was published 18 months after the enactment of the Macron law.

  1. Article 1 of the new implementation Decree No 2017-159 of February 9, 2017, gives a clear definition of digital advertising services. According to the Decree, this term encompasses services related to the diffusion of advertisements on any devices with internet access, such as computers, mobile phones and digital panels.
  2. Pursuant to article 2 of the Decree, the media owners will have to provide the advertisers with (i) a report detailing the date and place of diffusion of the advertisements, (ii) the global price of the advertising campaign, and (iii) the unitary price of each advertising space that is invoiced.
  3. Article 3 of the said Decree establishes a specific reporting obligation in case of digital advertising campaigns that rely on real-time  services purchasing methods, notably by auction mechanisms where the web-user’s profile and the optimization of the message performance are the determining criteria. The media owners shall communicate to the advertiser a report with information on (i) the effective implementation of the advertising services and (ii) the technical quality of such services, and on (iii) the means implemented to protect the image and the reputation of the advertiser.
  4. Article 4 of the new Decree specifies that it is not applicable to media owners established in another EU or EEA Member State, provided that they are subject to similar report obligations in their Member State of origin. As transparency obligations are to-date less propagated in other EU States, French regulations should apply to media owners based in another EU State once the advertising message is made for a French enterprise and is received mainly on the French territory. This constitutes one of the main points of discussion, in particular by digital media platforms. Large media companies such as Facebook and Google would therefore be obliged to substantially amend their current practices. A particular vigilance will have to be put on the involvement of holding companies owning the media-buying agencies in that respect.

Finally, the Decree will enter into force January 1, 2018. The entry into force of this new set of regulations therefore constitutes a landmark modification in the way advertisement spaces are sold in France.


Irish Butter Shortage Spreads Trademark Battle in Wisconsin

A Wisconsin federal judge issued a temporary restraining order last month against a Wisconsin creamery for their use of the “Irishgold” Irish butter trademark and associated packaging. Irish dairy distributor Ornua Foods North America Inc. filed suit for willful trademark infringement against Old World Creamery LLC and Eurogold USA LLC, asserting that Old World’s butter brand was created to intentionally ride on the coattails of, and is confusingly similar to, Ornua’s KerryGold butter.  The dispute between butter brands arose following a shortage of Irish butter in the state of Wisconsin. Following failed negotiations between the two butter entities to process Kerrygold locally in order to comply with Wisconsin dairy regulations, Kerrygold alleges that the makers of Irishgold created a nearly identical product to compete against it in the Wisconsin marketplace. In granting the TRO, the court determined that Ornua had a reasonable likelihood of success on the merits and that it would “suffer irreparable harm and loss to their services, reputation, and goodwill” if Defendants were permitted to continue to use the IRISHGOLD mark and associated packaging relating to their sale of Irish butter.

Takeaway: Advertisers should take care in developing packaging and color schemes which may be similar to competitors.


Popcorn Makers Fight Over Use of “Skinny”

Last month, snack food company Snyder’s-Lance filed a declaratory judgment action in North Carolina against Amplify Snack Brands and its SkinnyPop popcorn. Hours later, Amplify brought suit against Snyders-Lance in Texas, alleging trademark infringement over Snyders’ “Metcalf’s Skinny” popcorn and other snacks sold under the “Metcalf’s Skinny” brand name.  At issue is whether the term “Skinny” is descriptive, and thus fair game for snack foods, like Snyders and others to use to describe their “better-for-you” snack foods.  The parties are seeking declaratory and injunctive relief, treble damages, and attorneys fees.

Takeaway: Advertisers who wish to use the term “skinny” to describe food products should take care to ensure that no confusion exists with existing “skinny” products.

Another Wake Up Call for Transparency

On May 18, the Association of National Advertisers (ANA) released a critical study under a joint initiative led by Ad/Fin in cooperation with the ANA, the Association of Canadian Advertisers (ACA), and Ebiquity.  The study investigated the transparency and economics of programmatic media; particularly what percentage of an advertiser’s programmatic media spend actually went to “working” media (compared to supply chain data and transaction fees taken by the media agency, trading desk, demand-side-platform and supply-side platform).  Here are some key takeaways:

 – The project analyzed more than 16 billion media impressions purchased on behalf of 7 major advertisers.

– Across the full supply chain, the overall ratio of “working” to “non-working” spend was found to be 58/42 percent. In other words, for every dollar spent by an advertiser, only 58 cents actually purchased media inventory while 42 percent was lost as a “programmatic tech tax.”  Earlier studies reported the tax to be as high as 60%.  Regardless, it’s far too high.

– Another key takeaway was not from the advertisers that participated, but from the advertisers that did not participate.  The 7 participating advertisers represented the exception rather than the rule when it came to an advertiser’s ability to access and analyze programmatic data.  Due to a myriad of legal, technical and process roadblocks set up by players in programmatic advertising supply chain, 88% of advertisers interested and 75% of advertisers that signed up for the study could not (or chose not to) move ahead.

– Notwithstanding the excuses proffered to prevent or thwart access to data, the study establishes that those obstacles are not insurmountable as the 7 advertisers that participated prove.   The study shows that programmatic media buying can be transparent, accountable, measurable and auditable if advertisers take a few key steps and take control of their log level transaction data.

– The study lays out an 11 point playbook to help advertisers get better programmatic transparency and accountability. Following these suggestions will help advertisers better negotiate contracts and insure the level of transparency enjoyed by the advertisers who did participate in the study.

CarSure Sued For DPPA Violations

CarSure, LLC, a Texas-based aftermarket automotive warranty seller, faces a lawsuit brought by a group of Wisconsin car owners who claim that the company violated the Driver’s Privacy Protection Act (“DPPA”) by purchasing the motor vehicle records of Wisconsin car owners from third-party data suppliers.

According to the suit, CarSure purchased data from a third-party supplier, particularly the motor vehicle records of vehicle owners with expiring manufacturer warranties, and then used that data to market its warranties through letters designed to appear official, but which, of course, were not—disclaiming any association with car makers or dealers in small print at the bottom of the letter. The plaintiffs are seeking approximately $2,500 in damages for each violation.

TAKEAWAY:  This case serves as another reminder that advertisers should be aware of the sources from which they obtain data.  Advertisers who purchase data from third parties should look under the hood to see where the data comes from before engaging with third party data suppliers.


Vitamin Shoppe Sued Over Supplement Claims

Last week a class action lawsuit was filed against Vitamin Shoppe, Inc. The plaintiffs asserted that Vitamin Shoppe misled consumers and made scientifically inaccurate claims with regard to its garcinia cambogia weight loss supplement in violation of California’s unfair competition law, false advertising law, and the Consumer Legal Remedies Act.

The lawsuit relies on the findings of a number of studies concerning the active ingredients in Vitamin Shoppe’s supplement, hydroxycitric acid and chromium. Specifically, the plaintiffs believe that these ingredients are not scientifically proven to effectively aid in long term weight loss or weight management. The plaintiffs request, among other remedies, that Vitamin Shoppe engage in a “corrective advertising campaign” and a court order requiring Vitamin Shoppe to recall and destroy all the allegedly misleading advertising materials and product labels associated with the supplement.

TAKEAWAY: Advertisers that make weight-loss claims should pay special attention to both the claims made and the substantiation provided, in light of the increased scrutiny by the class-action bar and regulators alike.

Health Care Providers Pay $1.35 Million in TCPA Fax Settlement

Although the spotlight is usually on unwanted phone calls and text messages when it comes to class actions under the Telephone Consumer Protection Act (TCPA), a recent settlement over the sending of faxes is a reminder to advertisers that all communications should be scrutinized for compliance.

Medical & Chiropractic Clinic Inc. had sued radiology provider SRA Ventures and cardiology and imaging service provider KMH Labs in Florida district court, alleging that advertising faxes sent by the companies did not include language giving the recipient the opportunity to opt out of future communications, as is required by the TCPA. While the TCPA allows faxes to be sent in the context of an established business relationship, which was present here, the opt-out language must be included. Defendants sent the allegedly non-compliant faxes to 1,805 unique fax numbers.

The $1.35 million settlement shall be provided for compensation to class members, who will receive up to $500 per fax advertisement received, and for attorneys’ fees.

Takeaway: When getting creative with communication to clients, advertisers should keep in mind the heavy penalties for violating the restrictions on phone calls, text messages, and faxes under the TCPA. Importantly, advertisers should remember that the TCPA provides a private right of action, which appears to be a boon for the class action plaintiffs’ bar.

Proposed Class Action Targets Advertising to Drivers Using DMV Info

A class action filed this month alleges that car warranty company NRRM LLC used information obtained from Department of Motor Vehicles (“DMV”) records to market to consumers in violation of the Driver’s Privacy Protection Act (“DPPA”).

The complaint alleges that NRRM’s third-party data suppliers provide it with personal information about drivers and their cars that they receive from state DMVs. NRRM then markets automobile service and repair warranties to these drivers using this information.

The DPPA restricts the uses that can be made of personal information derived from motor vehicle records. Permissible uses include use in the normal course of business by a legitimate business, but only to verify the accuracy of personal information or to correct information. Such information can also be used when written consent of the individual is provided, among other exceptions. The alleged advertising at the core of this lawsuit would not have fallen within any of the DPPA’s exceptions.

Takeaway: When using consumer information to target advertising, advertisers should always ask how the information was obtained and where it came from. Importantly, in the case of the DPPA, even if an advertiser itself did not obtain personal information from motor vehicle records, it can still be held accountable for prohibited uses if its third-party data supplier did.