FTC Announces Settlement with Twitter and Article 29 Working Party Issues Opinion on Behavioral Advertising
Today, the FTC announced its settlement with Twitter on the charges relating to the 2009 security breach involving the comprise of a Twitter employee’s account. The FTC settlement specifically highlighted Twitter’s failure to put in place common sense security procedures, such as hard to guess passwords, expiring passwords, and restricting administrative controls to only employees that needed them. Under the settlement, Twitter will be barred from making misleading statements on security, privacy, and confidentiality of information for 20 years and it will need to go through biennial third-party security audits for 10 years. You may read more about the settlement from the FTC website.
Unrelated to the FTC settlement, the Article 29 Working Party released an opinion on behavioral advertising. A29WP reiterated that the behavioral advertisers and the cookies or other devices they used were governed by Article 5(3) of the E-Privacy Directive. The use of such devices and any information that may be deemed personal information will also be governed by the Data Protection Directive. Thus, the A29WP pushed for opt-in consent for the use of such technology. Additionally, the opinion stated that “to keep data subjects aware of the monitoring, ad network providers should: i) limit in time the scope of the consent; ii) offer the possibility to revoke it easily and iii), create visible tools to be displayed where the monitoring takes place.” The A29WP is also soliciting comments as to the ways of achieving opt-in consent without burdening web users with too many notices. You may read the full text of the opinion here.