United States: The Download - February 2012
Last Updated: February 28 2012

Edited by Stuart P. Ingis and Michael A. Signorelli

INDUSTRY DEVELOPMENTS

DAA Launches a Consumer Education Campaign

In January 2012, the Digital Advertising Alliance ("DAA") launched an education campaign to inform consumers about interest-based advertising and how to take greater control of their online privacy. The DAA is a coalition of the nation's leading media and marketing trade associations, including the Association of National Advertisers, the American Advertising Federation, the American Association of Advertising Agencies, the Direct Marketing Association, the Interactive Advertising Bureau, and the Network Advertising Initiative. The DAA administers a self-regulatory program that calls for entities engaged in online behavioral advertising to provide enhanced transparency via the Advertising Option Icon and consumer control.

The campaign, known as "Your AdChoices," was created pro bono by the Salt Lake City office of MRM, a member of McCann Worldgroup. The campaign builds upon the DAA's two-and-ahalf year effort to develop and implement cross-industry best practices and effective solutions for providing notice and choice with respect to collection and use of data through its Advertising Option Icon (see image below).

The campaign includes banner advertising that links to an information website, www.youradchoices.com, which features three educational videos and a user-friendly consumer choice mechanism. The consumer choice page enables consumers to opt out of interest-based advertising from the companies that participate in the DAA's Self-Regulatory Program. Companies that participate in the Program are donating ad inventory space to deliver the banner ads to consumers across the Internet. DAA expects to deliver hundreds of millions of ad impressions in 2012.

HEARD ON THE HILL

House Energy & Commerce Subcommittee Identifies Legislative Priorities for 2012

Rep. Bono Mack (R-CA), Chairman of the Commerce, Manufacturing, and Trade Subcommittee of the House Energy and Commerce Committee, recently identified her priorities for the Subcommittee for 2012. She said the Subcommittee will continue to examine Internet privacy issues and to evaluate whether legislation is necessary. In 2011, the Subcommittee held several hearings on consumer privacy and data security. Chairman Bono Mack is expected to continue to press to move the SAFE Data Act – a data breach notification bill she introduced last year.

Other priorities for the Subcommittee include stimulating manufacturing in the United States, creating new jobs, and spurring innovation. The Subcommittee will also focus on streamlining the U.S. government's federal agencies and regulatory codes. The Subcommittee will explore ways to eliminate unnecessary regulation to foster a business friendly environment.

Rep. Markey Releases Draft Mobile Device Privacy Bill

In the wake of questions about software developed by CarrierIQ, Congressman Ed Markey (D-MA) has prepared a draft "Mobile Device Privacy Act." As drafted, the legislation would task the Federal Trade Commission ("FTC") with setting a host of regulations on "monitoring software" for mobile phones.

The bill defines "monitoring software" broadly, as software that "has the capability automatically to monitor the usage of a mobile telephone or the location of the user and to transmit the information collected to another device or system, whether or not such capability is the primary function of the software or the purpose for which the software is marketed." The bill would apply even if the software is not activated or used. However, information transmitted from a phone to that phone's commercial mobile or mobile broadband service provider would be excluded.

Within one year, the FTC would be required to promulgate regulations requiring clear and conspicuous disclosures to consumers about "monitoring software" installed on mobile phones. These disclosures would be provided at the time of device sale, service sale, or software installation, and would be provided by phone vendors, service providers, phone manufacturers, operating system providers, or website and online service operators as appropriate.

The FTC would also promulgate regulations requiring such companies (1) to obtain consumers' prior express consent to any data collection or transmission by such software; (2) to establish an information security program for any data received from such software; and (3) to file, with both the FTC and Federal Communications Commission ("FCC"), a copy of any contract for sharing data from such software between companies.

The bill would create a private right of action allowing plaintiffs to seek up to $1,000 in statutory damages for each violation, or treble damages for willful or knowing violations. The new requirements could also be enforced by state authorities, the FTC, and the FCC.

Senate Subcommittee Holds Hearing on Video Privacy

The Senate Judiciary Committee's Subcommittee on Technology, Privacy and the Law held a hearing on "The Video Privacy Protection Act: Protecting Viewer Privacy in the 21st Century" on January 31, 2012. The hearing follows House passage of H.R. 2471, which would amend the Video Privacy Protection Act ("VPPA"). The VPPA generally prohibits the disclosure of certain customer records by a "video tape service provider." Under the House legislation, the VPPA would allow consumer consent to the disclosure of video rental records to be obtained online in advance of the disclosure, either for a set period of time or until the consent is withdrawn. The request for consent would be presented separately from other contract forms.

At the hearing, Sen. Leahy (D-VT) and Sen. Franken (D-MN) both expressed interest in updating the VPPA and specifically in extending the law to streaming video. Sen. Franken and Sen. Coburn (R-OK) joined in voicing concern that H.R. 2471 does not address whether companies can make it difficult for users later to revoke consent, and explored alternative consent models in their questions to witnesses. Sen. Franken also said that there may be a need to clarify that the VPPA private right of action can be used to enforce the law's data retention provisions.

Cybersecurity Legislation Introduced in Senate

On February 14, 2012, S. 2105, the Cybersecurity Act of 2012, was introduced by Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman (Ind.-CT); Ranking Member Susan Collins (R-ME), Commerce Committee Chairman Jay Rockefeller (D-WV), and Select Intelligence Committee Chairman Dianne Feinstein (D-CA).

The proposed Act does not include the controversial Internet "kill-switch" provision that hampered previous cybersecurity legislation. It keeps with the spirit of earlier legislative proposals by envisioning a public-private partnership for the protection of "critical infrastructure system," a term broad enough to encompass any "system or asset" designated by the Secretary of the Department of Homeland Security (DHS) pursuant to a procedure set forth in the Act. Critical infrastructure could include any system or asset if damage to it could reasonably result in the interruption of life-sustaining services, catastrophic economic damage to the United States, or severe degradation of national security or its capabilities. Owners/operators who think their systems were wrongly designated would have the right to appeal.

Critical infrastructure would be required to be secured through being regularly informed of cyber risks and threats, implementing measures that best satisfy cybersecurity performance requirements, and reporting significant cyber incidents affected covered critical infrastructure. The owners of a covered system would determine how best to meet the performance requirements and verify compliance, either by using a third party assessor or through self-certification. DHS would work with the owners and operators of designated critical infrastructure to develop risk-based performance requirements, looking first to current standards or industry practice.

The bill would consolidate power under DHS in a unified office called the National Center for Cybersecurity and Communications. It would also reform the Federal Information Security Management Act (FISMA), which governs the federal government's civilian systems.

AROUND THE AGENCIES

Federal Trade Commission Targeting Mobile Privacy Issues

The Federal Trade Commission ("FTC") has continued to take an active interest in mobile privacy issues, especially with regard to children. Mobile payments and mobile commerce are likely to be another focus of this ongoing effort, with the FTC Bureau of Consumer Protection recently transferring its team for mobile issues into its Division of Financial Practices.

Report Critiques Disclosures for Mobile Apps Aimed at Children

On February 16, 2012, the FTC released a staff report on children's mobile applications ("apps"), summarizing its conclusions in the title: "Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing." Intended to be part of a "warning call" to industry on the need to provide better information to parents, the report reviewed hundreds of promotional pages for apps available for children through online markets offered in app stores to determine what information was provided about the apps' data collection and sharing capabilities. The survey also covered apps' social media, rating, and parental control features. The FTC says that it will be conducting additional reviews in the coming months to determine whether some of the apps are violating the Children's Online Privacy Protection Act.

The report states that all members of the mobile ecosystem should play an active role in providing parents with easy access to basic information about data practices, and recommends that:

  • App developers should provide simple and short disclosures or icons to provide notice of certain activities; and
  • App stores should provide a more consistent way for developers to present this notice to parents.

Recognizing the challenge of providing disclosures within the small screen size of mobile devices, staff stated that this topic will be addressed as part of the FTC's planned workshop on updating its "Dot Com Disclosure" guides for online notices and disclosures.

Warning Letters on Background Screening Apps

The FTC has sent warning letters to the providers of six applications that can be used to obtain background information about individuals, allegedly including criminal history information. The letters expressed concern that such information could be used to make decisions about an individual's eligibility for employment, housing, or credit.

Under the Fair Credit Reporting Act ("FCRA"), companies that assemble or evaluate certain information on consumers for third party use in making such decisions may be deemed "consumer reporting agencies." As such, companies would have to comply with various legal obligations such as taking reasonable steps to ensure maximum accuracy and providing clients with notice of their FCRA duties. Consumer reporting agencies must also afford consumers copies of reports that are used as a basis for adverse action against them and the ability to contest information believed to be incorrect.

While the FTC stated that it has not determined whether the apps are violating the law, it encouraged the companies to review their products and procedures for legal compliance.

Planned Workshop on Mobile Payments

The FTC will convene a public workshop on April 26, 2012, to discuss mobile payment technologies and their consumer impact.

The agency is accepting public comments in advance of the workshop. The announcement of the workshop set out numerous potential discussion questions on topics such as current mobile payments technologies and business models, risks to consumers of these technologies, data practices, and international perspectives.

Federal Trade Commission Issues Closing Letter on Hyundai Blog Campaign

The Federal Trade Commission ("FTC" or "Commission") issued a closing letter on November 16, 2011, to Hyundai Motor America ("Hyundai"), ending its investigation into the company's blogging campaign that was intended to build interest in advertisements scheduled to premiere during the Super Bowl. The investigation had focused on whether bloggers, who were given gift certificates as an incentive to promote the Hyundai videos and comment on the advertisements, were or were not told to disclose to readers that they had received such compensation for their recommendations. The Commission initiated its investigation under the auspices of section 5 of the FTC Act, which the FTC interprets to require disclosure of a material connection between an advertiser and endorser when that relationship would not otherwise be apparent from the endorsement.

Without declaring that no violation of section 5 had occurred, the Commission ultimately closed the investigation after determining the following:

  • Hyundai did not know in advance that the gift certificates would be used as incentives, and of the few bloggers who received the gift certificates, some disclosed the incentive.
  • An employee of Hyundai's media firm, and not Hyundai, offered the incentives, which were contrary to the social media policies of both Hyundai and the media firm. (Hyundai's social media policy requires bloggers to disclose compensation they receive.)

The Commission also noted that the media firm had been quick to address the conduct of its employee.

The FTC's Hyundai closing letter marks at least the fourth instance in which the FTC has investigated endorsement issues under its revised Guides Concerning the Use of Endorsements and Testimonials in Advertising. In 2010, the FTC investigated Ann Taylor Stores Corp. for providing bloggers with gifts with the expectation that they would blog on a division of the company. The Commission eventually issued a closing letter and chose to forego seeking an enforcement action after finding that: the event where bloggers were provided with gifts was a one-time occurrence; some bloggers disclosed that they had received an incentive to blog (and a posted sign at the event had asked bloggers to disclose the gifts); and the company had adopted a written policy after the event requiring bloggers to disclose receipt of incentives. Also in 2010, the Commission settled two cases involving allegedly misleading endorsements. In the first case, the FTC settled with Legacy Learning Systems Inc. for engaging online affiliate marketers to pose as consumers who wrote product reviews without disclosing that they were paid for sales from their reviews. In the second case, the Commission settled with Reverb Communications, Inc. after its employees posed as consumers and wrote reviews about the company's products without disclosing their connection to the company.

Federal Communications Commission Modifies its Robocall Rules

On February 15, 2012, the Federal Communications Commission ("FCC") issued a Report and Order (the "Order") revising the FCC's autodialed and prerecorded telemarketing call regulations to conform with the Federal Trade Commission's ("FTC") analogous Telemarketing Sales Rule ("TSR"). To harmonize the FCC and FTC rules, the FCC has adopted the following requirements, which now set the standard for autodialed and prerecorded telemarketing calls (collectively, "robocalls"):

  • Prior express written consent for telemarketing robocalls to wireless numbers and residential lines, even where the caller and consumer have an established business relationship ("EBR");
  • Implementation of an automated, interactive opt-out mechanism for telemarketing robocalls, which would allow a consumer to opt out of receiving additional calls immediately during a robocall;
  • Adoption of a three percent call abandonment rate for each calling campaign, so that telemarketers cannot shift abandoned calls to certain campaigns, as is possible if calculation is made across multiple calling campaigns; and
  • Exemption of prerecorded calls to residential lines made by health care-related entities governed by HIPAA.

The revised rules do not affect existing FCC requirements for prerecorded informational calls, such as calls by or on behalf of tax-exempt non-profit organizations, political calls, and calls for other noncommercial purposes. These calls continue to require some form of prior express consent if placed to wireless numbers.

The revised rules will become effective based on the following schedule once the new rules are published in the Federal Register:

  • Twelve-month period for implementation of the "prior written express consent" requirement for autodialed or prerecorded telemarketing calls or messages to wireless or residential lines.
  • Twelve-month phase out for the existing EBR exemption for autodialed or prerecorded telemarketing messages to residential wirelines.
  • 90-day period for implementation of the automated, interactive opt-out mechanism requirements.
  • 30-day period for implementation of the revised abandoned call rule.

Department of Justice Clarifies Position on Internet Gambling Enforcement

The Office of Legal Counsel for the Department of Justice ("DOJ") has released a memorandum opinion repudiating its long-standing position on the applicability of the Wire Act to certain forms of internet gambling. The DOJ has now taken a position that intrastate online gambling other than sports betting, including poker and casino games, should no longer face criminal liability under the federal Wire Act.

The question at issue was whether proposals by New York and Illinois to sell lottery tickets online potentially violate the Wire Act. The Wire Act (18 U.S.C. § 1084) prohibits using an interstate wire communications facility, such as the telephone or Internet, to transmit "bets or wagers on any sporting event or contest." Although one court concluded that the Wire Act only applies to gambling on sporting events or sporting contests, i.e., sports wagering, the DOJ has consistently maintained the public position that the statute applies more broadly to any form of Internet gambling, including online poker and casino games. Due to the nature of the Internet, the New York and Illinois proposals, although intended to be intrastate, may involve out-of-state Internet transmissions, to payment processors located out of state, for example, or simply in the form of incidental transmissions of information that cross state lines.

The new memorandum now takes the position that the statute's prohibition is "more natural[ly]" read as only applying to sporting events and contests, and that this interpretation is consistent with the legislative history of the Wire Act.

The DOJ memorandum comes at a time when more states are considering intrastate, online gambling as a potential revenue stream. Nevada promulgated regulations at the end of 2011 that pave the way for licensed online intrastate gambling. Other jurisdictions, such as the District of Columbia and New Jersey, have also expressed interest in creating legal online gambling within their own borders.

IN THE COURTS

U.S. Supreme Court Decision in United States v. Jones

In United States v. Jones, a Fourth Amendment case pertaining to government surveillance, the U.S. Supreme Court on January 23, 2012, held that the government's installation of a GPS tracking device on a vehicle without the appropriate warrant, and the government's use of that device to monitor that vehicle's movement, constituted a search. Justice Scalia, writing for the majority and joined by Chief Justice Roberts and Justices Kennedy, Thomas, and Sotomayor, found that the government had conducted a search in violation of the Fourth Amendment when the police physically intruded on the defendant's private property by installing a GPS device on the defendant's car as part of the government's efforts to gather evidence of drug possession and distribution. Although the government had earlier applied for a warrant, the GPS device was not installed until after the expiration of the warrant. Based on evidence obtained through the surveillance, the defendant was convicted. Rather than rely on the most recent Fourth Amendment jurisprudence, which has centered on whether the government violated a person's "reasonable expectation of privacy," the majority focused on the Court's earlier emphasis on physical trespass. By doing so, the majority found that the physical intrusion to the car with the installation of the GPS device and the obtaining of information were sufficient to constitute an unconstitutional search.

In the concurring opinion, written by Justice Alito and joined by Justices Ginsburg, Breyer, and Kagan, the minority agreed that a Fourth Amendment violation had occurred, but took the position that that the case should have been analyzed through the "reasonable expectation of privacy" lens. The minority found that short-term surveillance on public streets would be reasonable, but that longer-term use of GPS monitoring would not comport with society's reasonable expectation of privacy. The minority noted that privacy expectations can evolve as technology changes, and observed that some people may value the tradeoff of increased convenience at the expense of privacy. The minority concluded, however, that "[i]n circumstances involving dramatic technological change, the best solution to privacy concerns may be legislative."

In an additional concurrence, Justice Sotomayor, who joined the majority, also wrote that in this digital age, it may be time to revisit the notion that a person has no reasonable expectation of privacy in information that he or she discloses to a third party. She expressed doubt that the public would accept disclosures of lists of websites people had visited to the government without a warrant.

INTERNATIONAL

European Union Introduces Comprehensive Data Protection Regulation

On January 25, 2012, the European Commission (the "EC") formally unveiled its proposed "General Data Protection Regulation" (the "Regulation"). In its current form, the Regulation proposes sweeping changes too many of the fundamental tenets of the European Union's ("EU") 1995 Data Protection Directive.1

Like the 1995 Directive, the Regulation is intended to provide a comprehensive approach for the entire EU. It would replace the 1995 Directive. The proposal's status as a "Regulation" means it would become directly binding on all EU Member States upon passage. The stated purpose for using this vehicle is to "reduce legal fragmentation and provide greater legal certainty" and to harmonize the rules across Member States.

The Regulation has two parts—(1) a General Data Protection Regulation that would govern the protection of individuals with regard to the processing of personal data and the free movement of such data, and (2) a proposal directed towards "competent authorities" regarding the processing of personal data in connection with the investigation and prosecution of crimes.

The Regulation would maintain the long standing rights under the 1995 Directive for notice of data collection, as well as data access and correction rights. The Regulation also contains significant changes. Among these changes, the Regulation would implement the long-discussed "right to be forgotten." This would give the data subject the right to have personal data erased if the data is no longer necessary for the purposes for which it was collected or processed, if consent is withdrawn, if the storage period consented to has expired where there is no other legal ground for the data processing, if the data subject objects to processing, or if the processing does not comply with the Regulation. The Regulation also introduces a right of "data portability." Data subjects would be legally entitled to obtain an electronic copy of their personal data in a commonly used format that allows for further use.

The definition of "the data subject's consent" is modified in the Regulation to require "freely given specific, informed and explicit indication of his or her wishes by which the data subject, either by a statement or by a clear affirmative action, signifies agreement....". (Art. 4.)

The Regulation would expand many of the obligations now imposed upon data controllers to data processors as well. These obligations would also be imposed on data controllers located outside of the EU, if their processing activities are related to "the offering of goods or services" to EU data subjects, or "the monitoring of their behaviour." (Art. 3.)

In addition, the Regulation would impose a data breach notification requirement in the EU, requiring data controllers "without undue delay and, where feasible" to notify the local Data Protection Authority (DPA) of a data breach. Notification made outside a 24-hour window would require a "reasoned justification" for the delay. Notification would not be required if the controller demonstrates to the DPA that the data is subject to appropriate technological protection measures, i.e., if it was encrypted in some fashion. Notification to individuals would be required where the breach is likely to adversely affect the protection of personal data or privacy of the data subject. (Art. 32.)

Now that the Regulation has been formally proposed by the EC, there are still several steps in the process for adoption. The European Parliament and the Council (comprised of the governments of EU Member States) will review it and propose amendments. This cycle will repeat once more until the parties agree on amendments or convene a "conciliation committee" to try to find a solution. Either the Parliament or the Council can block the proposal if there is still no agreement on the joint text proposed by the conciliation committee. If not blocked, the proposal would go into effect two years after adoption.

Footnote

1. The Regulation and documents in support are available here: http://ec.europa.eu/justice/newsroom/data-protection/news/120125_en.htm.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

 
In association with
Recently viewed items tracks each article you read and gives you a quick link back to that article if you need to review it again.
To activate recently viewed, you just need to login or register with us above.
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
Free News Alert
 
News Alert|Login|Register
Register for Access and our Free Biweekly Alert
Close Me
Email Address
Company Name
Password
Confirm Password
Mondaq Topics -- Select your Interests
Accounting and Audit
Anti-trust/Competition Law
Consumer Protection
Corporate/Commercial Law
Criminal Law
Employment and HR
Energy and Natural Resources
Environment
Family and Matrimonial
Finance and Banking
Food, Drugs, Healthcare, Life Sciences
Government, Public Sector
Immigration
Insolvency/Bankruptcy, Re-structuring
Insurance
Intellectual Property
International Law
Litigation, Mediation & Arbitration
Media, Telecoms, IT, Entertainment
Privacy
Real Estate and Construction
Strategy
Tax
Transport
Wealth Management
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.