The Federal Trade Commission’s (FTC) recent settlement against an online college savings program that used toolbars to collect personal information focused on what its members were actually giving away unwittingly – their personal information and data security – rather than on what they might be saving for college expenses. QBF scheme

The settlement in this case highlights the FTC’s continuous efforts to crack down on privacy and data security violations regarding the collection, use, and security of personal information. This time the focus was on the use of toolbars as a collection vehicle, and the related takeaways are in the form of important new rules for the use of toolbars or similar software for collecting personal information.

The Toolbar

The defendant online service provides a membership program that permits its members to contribute to a savings account for college expenses. The contributions to the savings account are in the form of rebates and discounts from products and services purchased by members from participating merchant partners. fivem host

As part of its service to members, the service offers a software toolbar that is supposed to assist members in finding participating merchants based on online searches. Downloading and installing the toolbar is a default setting for members because in some instances the user is required to uncheck the toolbar option in order to opt out of the toolbar download.

Members using the toolbar are offered an “Enable Personalized Offers Option” for their browsers that enables the collection of information about the websites they visit for purposes of identifying participating merchants that provide eligible offers and discounts.

This toolbar and the privacy promises accompanying it are the basis of the FTC’s lawsuit against the membership service.

Privacy Policy Statements

The membership program’s privacy policy stated that that the toolbar might “infrequently” collect some personal information. In addition, the privacy policy stated that a filter would remove personal information prior to transmission.

Significant to the FTC were additional statements in the privacy policy apparently intended to create trust from members including:

* [We are] “committed to earning and keeping your trust”;

* “We understand the need for… personal information to remain secure”;

* “We have implemented policies and procedures designed to safeguard your information”; and

* “We protect your data by… SSL, Data, and Password protection technology….”

The FTC’s Allegations

The FTC alleges that the membership service engaged in unfair and deceptive trade practices by:

* using a toolbar for the collection of personal information that exceeded the frequency and scope of the data collection promises by collecting extensive information including the names of all websites visited, all links clicked by the user and information that users entered into certain web pages, q.broker such as usernames, passwords, search terms, credit card information, expiration dates, security codes and social security numbers,

* transmitting data in clear text and thereby allowing third parties to easily intercept and steal data transmitted over the Internet,

* failing to disclose material facts to consumers regarding data collection and transfer practices, and

* failing to provide reasonable and appropriate security for the consumer information collected.

Conclusion – Important Settlement Takeaways

The settlement takeaways in this case are important for all Internet marketers that distribute toolbars or similar software (referred to by the FTC as “Targeting Tools”) for the collection of personal information.

Two settlement takeaways are noteworthy in terms of the FTC’s requirements for clear and prominent disclosures:

* timing – the disclosures must be before the installation of the toolbar or other similar software, and

* context – the disclosures must appear separately from any end user license agreement, privacy policy, terms of use page, or similar document; career opportunities traditional disclosures in these documents are no longer sufficient standing alone.

Although the settlement does not mention “Privacy By Design” per se, the settlement takeaways listed above are consistent with the FTC’s commitment to this new approach to privacy first announced in the FTC’s Preliminary Staff Report issued in December, 2010.

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.