Steven B. Roosa is a partner in our New York office and Kaylee A. Cox is an associate in our Washington, D.C office.
On Friday, October 14, 2016, plaintiffs filed a privacy-focused, putative class action complaint against a National Football League (NFL) team, a mobile app company, and an audio-beacon technology company, alleging violations of the Electronic Communications Privacy Act (ECPA). Specifically, plaintiffs contend that the NFL team's mobile app surreptitiously records end-users' conversations to enable its beacon technologies.
According to the complaint, the app determines users' precise location by leveraging microphones that are built into smartphone devices and by listening for nearby audio beacons. These audio beacons are, in turn, used to deliver targeted advertisements to the end-user.
While traditional beacon technology utilizes Bluetooth radio signals to determine consumers' location, plaintiffs allege that the app in question employs audio-based beacon technology. In the audio beacon environment, speakers are placed and mapped to various locations, and each speaker emits a unique audio signal. In order to "hear" a particular audio beacon, a device must be in the vicinity of the speaker, allowing the app to ultimately ascertain the location of the device (and, as a result, the end-user) based on proximity to the speaker. To function properly, the audio beacon technology requires a microphone to continuously listen for these audio signals.
Plaintiffs allege that the beacon technology records and temporarily stores all audio within range of the device—including end-users' conversations—without notifying or obtaining consent from the end-user. The complaint also claims that the Defendants programmed the app such that it will continuously listen for beacons, even when the app is running in the background.
While the app's permissions notify the end-user upon installation that it will use the device microphone, plaintiffs allege that this notice does not afford consumers any context as to its use. Plaintiffs further claim that the app's Terms of Service and Privacy Policy are likewise silent regarding the app's use of audio beacon technologies.
Based on the behavior of these technologies, plaintiffs assert that the app listened to end-users' private oral communications, in violation of ECPA, which prohibits the intentional interception of the contents of certain oral communications (without a warrant or pursuant to valid legal process).
Holland & Knight's Data Privacy Testing Lab was designed to identify and remediate the precise types of data behaviors alleged in the plaintiffs' complaint. Led by Lab Director Steve Roosa, our Cybersecurity and Privacy Team captures and analyzes network traffic and third-party communications for website and mobile apps to identify—under attorney-client privilege—privacy risks relating to data collection, storage, use, and sharing. For more information on these services, please contact the authors of this article.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
