United States: 2016 Mobile Data Privacy And Security Update And 2015 Review

To say that mobile device usage has reached a tipping point would be an understatement. There are now more mobile devices than people in the world, a staggering 7.9 billion mobile devices for 7.4 billion people on Earth. In the U.S., more time is spent on mobile media than on desktop and other media, 2.8 hours per day per person. Mobile devices are dominating consumers' media consumption: 80 percent of Internet users own a smartphone, and other "smart" devices are quickly gaining ground. The proliferation of mobile devices and apps has touched nearly every aspect of our lives and is playing an increasingly integral role in such wide-ranging areas as retail, health, finance, and home security.

As consumers embrace mobile technology, companies have more access than ever to a wide range of sensitive personal information. Not surprisingly, consumer concerns about the privacy and security of their data are at an all-time high: a recent survey shows that 89 percent of consumers reportedly have avoided companies that do not protect their privacy, and 45 percent are now more worried about online privacy than they were a year ago. This post updates our 2014 Mobile Privacy and Security Trends and What to Look for in 2015 article and examines recent developments in mobile marketing, mobile payments, and the Internet of Things (IoT), as well as the ever-evolving mobile legal and regulatory landscape.

MOBILE TRENDS

A. Mobile Marketing

With consumers spending ever more time on mobile devices, marketers are finding them where they are. Advertisers spent an estimated $68.69 billion on mobile advertising in 2015, with spending expected to top more than $195 billion by 2019. With 90 percent of mobile consumers using location-based services to get directions and local recommendations, location-based advertising has skyrocketed and is expected to reach $15 billion by 2018. While these certainly are high figures, when compared with the total amount spent on Internet advertising, mobile still has plenty of room to grow. Figures for 2014 show that of the $50 billion spent on Internet advertising that year, mobile accounted for about only 25 percent.

Additionally, social media marketing, estimated at $24 billion in 2015, continues to be a lucrative investment for advertisers. Given that nearly 70 percent of mobile users in the 18-29 age group access social media sites on their mobile devices, marketers are adapting advertisements for mobile consumption. Native advertising and paid endorsements have become popular trends in social media and mobile marketing, with 90 percent of advertisers reportedly using native ads and 70 percent of Internet users reportedly wanting to learn about products through content instead of traditional ads.

Companies and advertisers also are increasingly developing mobile apps to reach consumers. According to Red Hat's Mobile Maturity Survey 2015, 52 percent of companies now have a fully implemented mobile strategy, with 90 percent of surveyed companies reporting that investment in mobile apps would increase in 2016. Not only are web-based companies leading the charge, but in-store retailers also are increasingly leveraging mobile capabilities. More and more retailers are using in-store web beacons and other similar technologies to track consumers' in-store location data, analyze consumers' purchasing activity, and push relevant, real-time, in-store promotions to consumers.

B. Mobile Payments

Mobile payment systems are also on the rise. The value of purchases made on mobile devices is projected to grow from $52 billion in 2014 to $142 billion by 2019. While mobile commerce currently represents 22 percent of all U.S. digital commerce revenue, it is expected to jump to 50 percent by 2017. The Apple Pay mobile payment and digital wallet system illustrates the growing popularity of mobile payments, with more than a million credit cards registered for use with the service in the first three days of availability. Starbucks also has seen great success with its member loyalty program, which has driven mobile payments and resulted in Starbucks earning 90 percent of the $1.6 billion spent in U.S. stores via smartphones in 2013.

C. Internet of Things

Along with the rise of mobile devices, the IoT industry has grown exponentially. The term IoT refers to "things" such as devices or sensors – other than computers, smartphones, or tablets – that connect, communicate, or transmit information with or between each other through the Internet. It is hard to imagine any industry that has not been affected by this new form of technology, from wearable technology and health trackers, to smart thermostats, networked baby monitors, and connected cars. There will be an estimated 24 billion connected IoT devices by 2020, and nearly $6 trillion will be spent on IoT solutions over the next five years.

DATA PRIVACY AND SECURITY RISKS AND LEGAL AND REGULATORY TRENDS

While mobile and IoT devices offer immense real-time convenience and functionality, they raise commensurate privacy and security concerns about the collection and use of sensitive personal data. As consumers and the companies that market to them move to mobile, the regulators are following. In the past year, regulators increasingly have turned a watchful eye toward all things mobile.

A. Federal Trade Commission

The FTC has continued to focus on the mobile industry, in both its enforcement actions and educational workshops and reports. We summarize below the FTC's recent actions relating to the mobile industry.

Internet of Things

In January 2015, the FTC released a report titled The Internet of Things: Privacy and Security in a Connected World (the "IoT Report") following a 2013 FTC workshop by the same name. Echoing the FTC's core fair information practice principles (FIPPs), the IoT Report recommends a number of concrete steps companies can take to enhance and protect consumers' privacy and personal information collected by the multitude of Internet-connected devices, including:

(1) Build security into devices at the outset rather than as an afterthought in the design process.

(2) Train employees about the importance of security, and ensure that security is managed at an appropriate level in the organization.

(3) Ensure that outside services are capable of maintaining reasonable security, and provide reasonable oversight of the providers.

(4) When a security risk is identified, consider a "defense-in-depth" strategy whereby multiple layers of security may be used to defend against a particular risk.

(5) Consider measures to keep unauthorized users from accessing a consumer's device, data, or personal information stored on the network.

(6) Monitor connected devices throughout their expected life cycle, and where feasible, provide security patches to cover known risks.

(7) Limit the collection of consumer data, and retain that information only for a set period of time, not indefinitely.

(8) Notify consumers about their choices about how their information will be used, particularly when the data collection is beyond consumers' reasonable expectations.

The FTC also released a companion business guide to the IoT Report, titled Careful Connections: Building Security in the Internet of Things. This guide summarizes, in plain English, the best practices set forth in the IoT Report and encourages businesses to take reasonable steps to protect consumers.

Most recently, on March 31, 2016, FTC Chairwoman Edith Ramirez made remarks at an American Bar Association IoT Conference in Washington, D.C. suggesting that companies need to take steps to deal with the "significantly magnified" risks posed by the rapidly evolving IoT industry. Commissioner Ramirez stated, "In light of various studies showing consumers are deeply concerned about IOT's data collection, disclosure of sensitive information and their lack of control and awareness of who has access to the data that's collected, it's particularly important for IOT manufacturers to design devices that take into consideration unexpected uses of their IOT data, and the potential for misuse." Commissioner Ramirez emphasized the importance of developing IoT products with a "privacy by design" approach, and addressing issues as they arise throughout the product's life cycle. Commissioner Ramirez also stated that the FTC would hold a series of workshops this fall 2016 to look at the variety of consumer protection issues posed by drones, "smart" televisions, and ransomware.

Location-Based Tracking and Cross-Device Tracking

In April 2015, the agency reached a settlement with retail tracking firm Nomi Technologies, Inc. Nomi places sensors in retail stores to track customers' purchasing behavior by recording their mobile device's MAC addresses. Nomi's privacy policy promised that it would provide an opt-out mechanism at stores using its services, which, according to the FTC, implied that consumers would be informed when stores were using Nomi's tracking technology. In reality, the FTC alleged, Nomi failed to notify consumers when their mobile devices were being tracked and failed to provide the ability to opt out of the tracking. Under the terms of the settlement, Nomi is prohibited from misrepresenting consumers' options for controlling whether information is collected, used, disclosed, or shared about them or their devices, as well as the extent to which consumers will be notified about information practices.

In November 2015, the FTC hosted a workshop focused on cross-device tracking of consumer behavior. The workshop focused on new methods the mobile industry has adopted to track consumer behavior, including "deterministic" tracking, which requires a consumer to sign into a platform to access its service. This allows the company to then link the consumer's various devices to a single account. Another method is "probabilistic" tracking, which involves the collection of information such as device type, operating system, fonts, and IP address to create a "digital fingerprint" of the user to link him or her to different devices. The FTC's workshop focused mainly on this probabilistic type of tracking, which is generally invisible to consumers and therefore poses privacy concerns. The FTC identified the following takeaways, which may shed light on the FTC's potentially emerging position on cross-device tracking: (1) companies need to work toward providing greater transparency, choices, and education for consumers; (2) companies should engage consumers in a way that will not cause consumers to lose trust in the marketplace; (3) data minimization policies and technologies will become more important as the amount of data collected about consumers increases; and (4) companies should be mindful of, and comply with, the privacy representations they make to consumers, both about their own actions and the actions of affiliated third parties. For more information, see this previous post on our blog.

Native Advertising and Paid Endorsements

Another area the FTC has recently focused on is native advertising and paid endorsements in the mobile environment. Native advertising is advertising that bears a similarity to the news, feature articles, product reviews, entertainment, and other material that surrounds it online. A related advertising trend is paid endorsements on social media, where advertisers will pay celebrities or "influencers" with a strong social media following to post pictures or videos of them with the advertiser's product. Last December, the FTC issued its long-awaited Enforcement Policy Statement on Deceptively Formatted Advertisements (the "Policy Statement") and its companion Native Advertising: A Guide for Businesses (the "Business Guide"). As discussed more fully in our previous post, the Policy Statement and Business Guide apply the FTC's long-standing consumer protection standards to the native context. The key takeaways from the Policy Statement are: (1) native ads should clearly be identified as consumer advertising; (2) promotional content is deceptive if it misleads consumers into believing it is independent or impartial; (3) qualifying information, such as the advertiser's connection to the content, must be clear, conspicuous, and prominent; and (4) the FTC will decide whether an ad is deceptive based on the net impression the ad conveys to the reasonable consumer in the context of the platform and any qualifying information in the ad.

Additionally, in June 2015, the FTC updated its frequently asked questions (FAQs) guidance to the FTC's 2009 Endorsement Guidelines (the "Guidelines"). The Guidelines FAQs provide helpful commentary on how to apply the agency's endorsement guideline standards to evolving forms of digital marketing and promotion. As we discussed in more detail in our previous post, the Guidelines FAQs provide greater clarity on when social media influencers and bloggers must make disclosures about their connection to the brand they are promoting.

The FTC has been actively enforcing its native advertising and endorsement guidelines in the past year. For instance, in September 2015, the FTC announced that it had settled charges against Machinima, Inc., that the online entertainment network had engaged in deceptive advertising by paying influencers to post YouTube videos endorsing Microsoft's Xbox One system and several games. The FTC alleged that the influencers paid by Machinima failed to adequately disclose that they were being paid for their seemingly objective opinions. As part of the final order, just recently approved by the FTC this March, the company is prohibited from misrepresenting in any influencer campaign that the endorser is an independent user of the product or service being promoted. Notably, Machinima must also ensure that all its influencers are aware of their responsibility to make required disclosures, by monitoring them and prohibiting payment to influencers who do not make such disclosures.

Most recently, on March 15, 2016, the FTC settled charges that Lord & Taylor deceived consumers by paying for native advertisements, including a seemingly objective article and Instagram post, without disclosing that the posts actually were paid promotions. The FTC also charged the company with paying 50 online fashion influencers to post Instagram pictures of themselves wearing the same dress design while failing to disclose they had paid each influencer thousands of dollars and given each influencer a dress in exchange for her endorsement. The agreement (1) prohibits Lord & Taylor from misrepresenting that paid commercial advertising is from an independent or objective source and misrepresenting that any endorser is an independent or ordinary consumer, (2) requires the company to disclose any payment or benefit given to an influencer or endorser, and (3) establishes a monitoring and review program for the company's endorsement campaigns.

Unauthorized Installation of Mobile Software

In June 2015, the FTC reached a settlement with Prized Mobile, a mobile app that grants users points for playing games or downloading affiliated apps, which can be spent on rewards such as clothes and gift cards. The app promised consumers that it would be free of malware and viruses. The FTC alleged that the app's actual purpose was to infect the consumers' mobile phones with malicious software to mine virtual currencies. As part of the settlement, the Prized Mobile app developer is banned from creating and distributing malicious software and must destroy all information about consumers collected through the marketing and distribution of the app.

More recently, in February 2016, the FTC reached a settlement with technology company Vulcun on charges that it unfairly replaced a popular web browser game with a program that installed applications on consumers' mobile devices without their permission. The FTC alleged that Vulcun's Google Chrome browser extension game, Running Fred, installed apps directly on the Android devices of consumers while bypassing the permissions process required by the Android operating system. The FTC's complaint charged that Vulcun's actions unfairly put consumers' privacy at risk. According to the FTC, "by bypassing the permissions process in the Android operating system, the apps placed on consumers' mobile devices also could have easily accessed users' address books, photos, location, and device identifiers." Under the terms of the settlement, Vulcun is required to tell consumers about the types of information a product or service will access and how it will be used, display any built-in permissions notice associated with installing a product or service, and get users' express affirmative consent before the installation or material change of a product or service

Children's Privacy and the COPPA Rule

In December 2015, the FTC reached two settlements with app developers on allegations that they violated the Children's Online Privacy Protection Rule (COPPA Rule). As we have blogged about previously, the FTC brought actions against app developers LAI Systems (also known as TapBlaze) and Retro Dreamer. In both actions, the FTC alleged that the app developers violated COPPA by allowing third-party advertisers to collect personal information from children under 13 through the use of persistent identifiers without first obtaining parental consent. The third-party advertisers then served targeted advertisements to those children. Under the terms of the settlement agreements, Retro Dreamer agreed to pay a $300,000 civil penalty, and TapBlaze agreed to pay a $60,000 civil penalty and post a link on its website that provides notice of its data policies. Both app developers are prohibited from engaging in practices that would further violate the COPPA Rule.

In addition to its COPPA enforcement actions, the FTC continued to examine data privacy and security issues relating to children. In 2015, the FTC conducted its third kids' app survey. The survey examined what information kids' app developers are collecting from users, whom they are sharing it with, and what disclosures they are providing to parents about their practices. The resulting report found that privacy policies on children's apps have become easier to locate, but it encouraged companies to make disclosures that accurately reflect what children's information the app collects.

Most recently, in January 2016, the FTC's Bureau of Consumer Protection posted a blog article warning parents about weak data security protections in Internet-connected baby monitors. Following its review of five baby monitors, the FTC found that each lacked sufficiently strong password requirements and that nearly half of the monitors did not encrypt the feed between the monitor and the home router. According to the FTC, these security vulnerabilities pose the risk of strangers hacking into the live baby monitor feed. The FTC's focus on this industry suggests further enforcement actions in the future.

B. Federal Legislation

In January 2015, Sen. Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-UT) reintroduced the GPS Act, which would create a process for government agencies to get a probable cause warrant to obtain geolocation information, as well as prohibit businesses from disclosing geographical tracking data about a customer to others without the customer's permission.

In February 2015, House Representatives Zoe Lofgren (D-CA), Ted Poe (R-TX), and Suzan Delbene (D-WA) reintroduced the Online Communications and Geolocation Protection Act. The act would require the government to obtain a warrant to access the contents of any wire or electronic communication that is stored, held, or maintained by an electronic communication service or remote computing service, as well as prohibit government entities from intentionally intercepting an individual's geolocation information that was obtained in violation of the act's prohibitions.

In November 2015, Senator Al Franken (D-MN) reintroduced the Location Privacy Protection Act of 2015, which would prohibit companies from collecting or disclosing geolocation information from an electronic communications device without the user's consent. It provides exceptions for parents tracking their children, emergency services, law enforcement, and other cases. The bill would also prohibit development and distribution of "stalking apps," establish an Anti-Stalking Fund at the Department of Justice, and take other steps to prevent geolocation-enabled violence against women.

C. State Regulator Actions and Legislation

In January 2016, the New York Attorney General's office announced that it had reached a settlement with the ride-hailing app Uber Technologies Inc. over its alleged tracking of riders and exposure of drivers' personal data. This follows intense scrutiny of the company started in 2014, after reports about its "God View" – which allowed Uber employees real-time access to customers' location information – surfaced. Under the terms of the settlement, Uber is required to encrypt riders' GPS information and adopt authentication measures before any employee can access riders' sensitive personal information. The New York Attorney General also fined Uber $20,000 for failure to provide timely notice to drivers and his office in the aftermath of a September 2014 data breach.

In California in 2015, the state legislature introduced a bill, AB886, which would have forced Uber, Lyft, and other ride-sharing apps to guard customers' personal information. The bill would have prohibited smartphone-ordered ride services from disclosing any passenger data except to combat fraud or other crimes. It also would have required the ride-sharing services to destroy all personal information when customers canceled their accounts. The bill died in committee in January 2016.

D. Mobile Industry Self-Regulation

In addition to federal and state laws and regulations, industry self-regulatory groups have developed their own regulations. The Interactive Advertising Bureau (IAB) has recently developed a Mobile Location Data Guide for Publishers, which advises companies to strike a balance between collecting accurate location data and delivering an optimal user experience (i.e., preserving battery life, reducing network activity).

Beginning September 1, 2015, the Digital Advertising Alliance (DAA) began enforcing its Application of Self-Regulatory Principles to the Mobile Environment (Mobile Guidance). The Mobile Guidance urges mobile app advertisers and publishers to be transparent in collection of multisite data, cross-app data, precise location data, and personal directory data. It also sets guidelines for app advertisers and publishers to give consumers control over how and when such data is collected. Entities that are not compliant with the Mobile Guidance risk being subject to DAA accountability mechanisms. For more information, see this previous post on our blog.

In 2015, the DAA also released two mobile tools for consumers, the AppChoices mobile app and the DAA Consumer Choice Page for Mobile Web. AppChoices is a free mobile app that allows consumers to opt out of the collection and use of cross-app data, other than for permitted uses, by listing third-party AppChoices participants that consumers may select. The DAA Consumer Choice Page for Mobile Web is a mobile-web-optimized tool that consumers can use to opt out of the collection of cookie-based data for interest-based advertising by selected participating third parties. For more information, see this previous client alert.

LOOKING FORWARD: MOBILE PRIVACY AND SECURITY IN 2016

2016 is shaping up to see a continuation and acceleration of the mobile trends of the past few years. More specifically, for the balance of 2016, we expect to see the following.

  1. Regulators will continue to follow companies and advertisers to mobile. Along with a steady rise in mobile marketing, we expect to see increased regulatory scrutiny of advertisers that engage in native advertising and paid endorsements, especially on mobile screens. As evidenced by the FTC's recent settlement with Lord & Taylor, advertisers that do not clearly disclose the nature of these ads are at risk of facing an FTC enforcement action.
  2. Advertisers and retailers will increase their use of location-based ads. With the number of mobile devices and the types of personal information users are comfortable sharing through their devices continuing to grow, advertisers will be able to craft more personalized and sophisticated real-time ads targeted at individuals' unique characteristics and preferences. Location-based tracking, including the use of web beacons, will continue to play a large role as advertisers and retailers continue to reach consumers where they are, in many cases even in their own stores. As the collection and use of location-based data grow, we also expect to see traction in the legislatures and from the regulators regarding the collection and use of location-based consumer data.
  3. Privacy by Design in IoT will become increasingly important. As consumer-facing companies continue to expand and experiment with IoT functionality and capabilities across all industry verticals, data privacy and security will continue to be ongoing concerns for consumers and regulators alike. As Commissioner Ramirez made clear in her recent remarks, the FTC especially will be looking to the IoT industry to address potential consumer data privacy and security concerns and implement security measures from the start, during the product development and design phase. Industries in consumer-facing verticals such as home security, child care, and transportation will be smart to get ahead of the curve and leverage data security and privacy as differentiators in the market rather than potential Achilles' heels.

Stay tuned throughout 2016 to read our analysis of the rest of the year's mobile trends!

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
 
In association with
Related Video
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.

Disclaimer

Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.

Registration

Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.

Cookies

A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Links

This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.

Mail-A-Friend

If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.

Security

This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.