Scarinci Hollenbeck, LLC
The Firm
201-896-4100 info@sh-law.comThe FTC Snapchat Settlement and Your Company’s Privacy Policies
Author: Scarinci Hollenbeck, LLC|June 13, 2014
The FTC Snapchat Settlement and Your Company’s Privacy Policies
As it turns out, Snapchat messages do stick around. While this may not mean much to those over the age of 25, the company’s resulting settlement with the Federal Trade Commission (FTC) offers several useful lessons for New York and New Jersey businesses.
Snapchat is a mobile messaging application that allows users to send photos, video, and texts that have a predetermined shelf life of one to ten seconds. After the set time limit expires, the messages are supposed to “disappear forever” after being deleted from the recipient’s device and Snapchat’s servers.
The FTC Complaint
In its complaint, the FTC alleged that the messages could be retained in several ways. Recipients can take screenshots of the message, use third party apps to view and save messages, and access video messages stored outside the app’s “sandbox” by connecting the device to a computer.
The agency further maintained that Snapchat deceived consumers over the amount of personal data it collected. For instance, although the company’s privacy policy stated that it did not “ask for, track, or access any location-specific information from [a user’s] device at any time,” geolocation information was collected from Android users’ who activated the “Find Friends” feature. The app also collected iOS users’ contact information from their address books without notice or consent.
The FTC also alleged that Snapchat failed to take proper security measures to protect user data from misuse and unauthorized disclosure. During a recent attack, hackers were able to breach the app’s Find Friends feature and access a database of 4.6 million Snapchat usernames and phone numbers.
The Terms of the Settlement Agreement
Under the terms of its settlement agreement with the FTC, Snapchat is prohibited from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.” The app company will also be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.
The Message for New York and New Jersey Businesses
According to the FTC, the Snapchat enforcement action is part of an ongoing crackdown on mobile app privacy.
“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
As this case highlights, privacy policies cannot be an afterthought when designing a mobile application. Companies must carefully consider how they will collect and protect consumers’ personal information and follow through with those promises.
If you have any questions about this post or would like to discuss the issues involved, please contact me, Fernando M. Pinguelo, or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouseWatch.
Key Contacts
Let`s get in touch!
Related Posts
NJ OAG Enforcement Action Highlights Cyber Risks for Real Estate and Financial Companies That Failed to Protect Against Identity Theft
Are QR Codes Convenient or Risky? What Your Business Needs to Know
What’s a Credential Stuffing Cyberattack and Is Your Business Vulnerable?
Year in Review: Top Cybersecurity Law Developments in 2021
The FTC Snapchat Settlement and Your Company’s Privacy Policies
Author: Scarinci Hollenbeck, LLC
As it turns out, Snapchat messages do stick around. While this may not mean much to those over the age of 25, the company’s resulting settlement with the Federal Trade Commission (FTC) offers several useful lessons for New York and New Jersey businesses.
Snapchat is a mobile messaging application that allows users to send photos, video, and texts that have a predetermined shelf life of one to ten seconds. After the set time limit expires, the messages are supposed to “disappear forever” after being deleted from the recipient’s device and Snapchat’s servers.
The FTC Complaint
In its complaint, the FTC alleged that the messages could be retained in several ways. Recipients can take screenshots of the message, use third party apps to view and save messages, and access video messages stored outside the app’s “sandbox” by connecting the device to a computer.
The agency further maintained that Snapchat deceived consumers over the amount of personal data it collected. For instance, although the company’s privacy policy stated that it did not “ask for, track, or access any location-specific information from [a user’s] device at any time,” geolocation information was collected from Android users’ who activated the “Find Friends” feature. The app also collected iOS users’ contact information from their address books without notice or consent.
The FTC also alleged that Snapchat failed to take proper security measures to protect user data from misuse and unauthorized disclosure. During a recent attack, hackers were able to breach the app’s Find Friends feature and access a database of 4.6 million Snapchat usernames and phone numbers.
The Terms of the Settlement Agreement
Under the terms of its settlement agreement with the FTC, Snapchat is prohibited from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information.” The app company will also be required to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.
The Message for New York and New Jersey Businesses
According to the FTC, the Snapchat enforcement action is part of an ongoing crackdown on mobile app privacy.
“If a company markets privacy and security as key selling points in pitching its service to consumers, it is critical that it keep those promises,” said FTC Chairwoman Edith Ramirez. “Any company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
As this case highlights, privacy policies cannot be an afterthought when designing a mobile application. Companies must carefully consider how they will collect and protect consumers’ personal information and follow through with those promises.
If you have any questions about this post or would like to discuss the issues involved, please contact me, Fernando M. Pinguelo, or the Scarinci Hollenbeck attorney with whom you work. To learn more about data privacy and security, visit eWhiteHouseWatch.
