Yesterday, Snapchat entered into a Consent Order with the Federal Trade Commission (“FTC”) regarding allegations that it deceived consumers because its messages (known as snaps) did not “disappear forever” after the user-set expiration period ended, as claimed.
The consent order, which is subject to final approval in thirty days, also resolved several other key charges against Snapchat – a mobile messaging app that allows users to send rapidly disappearing pictures, videos and messages.
Other Alleged Misleading Representations
The Complaint also alleged that Snapchat failed consistently to alert users when recipients took screenshots of messages. In addition, Snapchat’s application purportedly stored unencypted video snaps on the recipient’s device.
Furthermore, the Company’s “Find Friends” feature allegedly suffered from a number of problems. The Complaint asserts that Snapchat misrepresented in its user interface that a user’s mobile phone number was the only personal information that the app collected in order to find an individual’s friends when, in reality, Snapchat collected the names and phone numbers of all the contacts in the user’s mobile device address book. The FTC also claimed the feature was unsecure, leading to a December 2013 data breach in which attackers were able to compile a database of 4.6 million usernames and the associated mobile phone numbers of Snapchat users.
Implications for the Future
For Snapchat, the settlement will mean two decades of monitoring by an independent privacy professional who will assess whether the company has established and is maintaining a comprehensive privacy program appropriate for its size and complexity. The company is also prohibited from misrepresenting how it protects the security and confidentiality of user information. Although the agreement did not require Snapchat to admit any wrongdoing or to pay a fine, a future violation of the settlement terms could lead to a civil penalty of up to $16,000 per infringement.
This settlement is just the latest example of the FTC’s increased efforts to ensure companies accurately portray their privacy practices. As FTC Chairwoman Edith Ramirez warned, “[a]ny company that makes misrepresentations to consumers about its privacy and security practices risks FTC action.”
Caveat Vendor is Paul Hastings’ Consumer Issues blog. We welcome your feedback. Please contact our blog editor with any thoughts or suggestions.
Subscribe to Caveat Vendor by Email. You will receive an email when the blog has been updated.