Manufacturers, marketers, and Internet providers are expanding their respective social media footprints and developing innovative and personalized ways to reach consumers, health care providers, and other stakeholders. Regulators and legislators have taken note, and have been struggling to find the right balance in encouraging useful consumer information with protecting privacy concerns. Last year was the year of information gatheingr with both FDA and FTC holding workshops or public hearings and requesting public comments. FDA has stated that it intends to issue social media guidance by early 2011, and yesterday the FTC issued its long awaited draft Privacy Report.
Concerns over social media marketing practices, particularly for prescription drugs, have increased in the wake of recent FDA Warning Letters citing drug companies for advertising violations on Facebook and other social media as well as the release of FTC’s Endorsement & Testimonials Guides and Behavioral Marketing Principles addressing social media marketing. The growing popularity of behavioral marketing is fueling accusations that Internet providers are tracking, and, in some cases, selling information about consumers’ web-browsing history and internet usage without appropriate disclosures and privacy protections.
The FTC’s draft Privacy Report sets forth a compliance framework for protecting consumer privacy that would “apply broadly to online and offline commercial entities that collect, maintain, share, or otherwise use consumer data that can be reasonably linked to a specific consumer, computer or device.” The proposed framework has three primary components:
- Data Protection: Companies should adopt a “privacy by design” approach by implementing privacy protections as a part of their overall business model. Such protections include such measures as collected only data needed for a specific business purpose, disposing of data when it is no longer used, and auditing systems and policies.
- Consumer Choice/Clear Opt Outs: Companies should allow consumers to choose which data the company collects and for what purpose. Under this approach, consumers would be able to opt-out of certain marketing and data collection practices by selecting certain privacy settings from a uniform system of codes that correspond to specific information and privacy settings. This would likely involve the placement of a static setting (similar to a cookie) on the consumer’s browser signaling the consumer’s privacy setting (similar to a “Do Not Call” list). The FTC noted, for example, that consumers who elect not to allow their data to be collected or used for behavioral marketing could elect to have a “Do Not Track” code associated with their browser.
- Education and Disclosure: Companies should make their privacy polices more transparent by streamlining online privacy statements and using plain language. These transparency initiatives would also require companies to provide consumers with reasonable access to data that companies maintain on them. However, the extent of access would be proportional to the degree of sensitivity and the intended use of the data.
The FTC is seeking public comments on the proposed Framework by January 31, 2011, and will follow with a final report in 2011.
Will this more clearly defined push for industry self-regulation work? At least one Senator appears skeptical, as John Kerry announced yesterday that he will introduce online privacy legislation early next year.
On November 23, the Center of Digital Democracy, U.S. PIRG, World Privacy Forum, and Consumer Watchdog jointly requested that the FTC under Section 5 investigate and disclose consumer monitoring and advertising practices of various Internet providers and marketing companies. The proposed Complaint alleges that current data mining, interactive advertising, unbranded and disease-awareness marketing, social media marketing, e-detailing, and behavioral marketing practices violate federal laws prohibiting unfair or deceptive trade practices.
The complaint names a number of companies including, Google, Microsoft, QualityHealth, WebMD, Yahoo, AOL, HealthCentral, Healthline, Everyday Health and requests that FTC take a number of specific investigative actions with respect to these companies. Among several requests, the complaint asks FTC to:
- Examine and disclose to the public the data collection and usage practices of pharmaceutical advertisers to assess the extent of consumer information collected through various media, including websites, social networks, IP addresses, cookies, Web bugs, tracking pixels, and any other “data-mining” applications.
- Require companies engaged in digital marketing of health products to provide information on the kinds of online targeting techniques and methods they utilize (e.g., racial and ethnic data, health-oriented and ad-supported sites, other media).
- Analyze how health-related social media marketing influences consumer behavior and attitudes on drug use and about medical conditions through various means, including “viral” marketing.
- Investigate whether there is a violation of the FTC’s Endorsement guidelines when advice is given to patients or consumers from seemingly independent health bloggers who do not disclose that they are paid or sponsored by pharmaceutical or other companies.
- Obtain from pharmaceutical companies a list of the keywords used for paid search campaigns.
- Investigate the use of so-called “unbranded” sites funded by pharmaceutical companies, in order to assess whether such sites are structured and designed to support the promotion of specific drugs. The agency should also analyze whether the interactive environment created for such sites provides a balanced and honest reflection of the health risks and condition-specific issues.
- Work with FDA to develop a set of policies for regulating the use of behavioral targeting, data collection, and other digital techniques in the marketing of drugs and health-related products.
UPDATE: The FTC extended its deadline for comments on the Privacy Report until February 18.