Caveat Vendor
Going, Going, Not Gone – Snapchat Settles FTC Claims regarding Non-Disappearing Messages
May 09, 2014
Mary-Elizabeth Hadley
Yesterday, Snapchat entered into a Consent Order with the Federal Trade Commission (“FTC”) regarding allegations that it deceived consumers because its messages (known as snaps) did not “disappear forever” after the user-set expiration period ended, as claimed.
The consent order, which is subject to final approval in thirty days, also resolved several other key charges against Snapchat – a mobile messaging app that allows users to send rapidly disappearing pictures, videos and messages.
Other Alleged Misleading Representations
According to the FTC’s Complaint, Snapchat falsely indicated in its privacy policy that it did not access geolocation information from consumers’ mobile devices when, for an approximately four-month period, the Snapchat application on Android transmitted Wi-Fi-based and cell-based location information from users’ mobile devices to its analytics tracking service provider.
The Complaint also alleged that Snapchat failed consistently to alert users when recipients took screenshots of messages. In addition, Snapchat’s application purportedly stored unencypted video snaps on the recipient’s device.
Furthermore, the Company’s “Find Friends” feature allegedly suffered from a number of problems. The Complaint asserts that Snapchat misrepresented in its user interface that a user’s mobile phone number was the only personal information that the app collected in order to find an individual’s friends when, in reality, Snapchat collected the names and phone numbers of all the contacts in the user’s mobile device address book. The FTC also claimed the feature was unsecure, leading to a December 2013 data breach in which attackers were able to compile a database of 4.6 million usernames and the associated mobile phone numbers of Snapchat users.
In its blog post immediately following the settlement, Snapchat admitted it had made some mistakes but emphasized the steps it has taken over the past year to “improv[e] the wording of [its] privacy policy, app description, and in-app just-in-time notifications.” The company also renewed its commitment to user privacy and to “giving Snapchatters control over” their communications with others.
Implications for the Future
For Snapchat, the settlement will mean two decades of monitoring by an independent privacy professional who will assess whether the company has established and is maintaining a comprehensive privacy program appropriate for its size and complexity. The company is also prohibited from misrepresenting how it protects the security and confidentiality of user information. Although the agreement did not require Snapchat to admit any wrongdoing or to pay a fine, a future violation of the settlement terms could lead to a civil penalty of up to $16,000 per infringement.
This settlement is just the latest example of the FTC’s increased efforts to ensure companies accurately portray their privacy practices. As FTC Chairwoman Edith Ramirez warned, “[a]ny company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
Caveat Vendor is Paul Hastings’ Consumer Issues blog. We welcome your feedback. Please contact our blog editor with any thoughts or suggestions. [Subscribe to Caveat Vendor by Email](laurengrimaldi@paulhastings.com?subject=Subscribe%20to%20Caveat%20Vendor%20Email%20Notifications). You will receive an email when the blog has been updated.