Influencer Marketing: The cross-section of advertising and data protection

Influencer marketing is governed by the FTC Guides, with requirements to disclose and monitor. In some industries, such as gaming or makeup, influencers might make claims that advertisers would be responsible for. From an ownership perspective, brands that hope to keep influencer data raises questions about what the role of an influencer is—a cheerleader for the brand or a source of the brand’s CRM database? It is likely that influencers are not equipped in the sales force. However, influencers are gaining more leverage and want to own data. In any event, it is much more likely that the FTC would go after a brand/advertisers rather than an influencer.

When it comes to IP, there are different legal regimes that present a risk to advertisers. Anything that the influencer says on behalf of a brand subjects the advertiser liable. Trademark, copyright and right of publicity are usually implicated. For example, sometimes influencers will post photos that they do not own or have copyright to or post photos with third party products in the background, leading to risk. This requires training and hiring influencers with experience. When it comes to global influencers it is also important to geo-post the advertisement if possible and comply with language rules.

Listen to our Tech Law Talks podcast episode on influencer marketing.

M365: The Foundation

With the new M365 comes several new and updated features with implications for eDiscovery and governance. Below are overviews of several of the new features discussed in Reed Smith’s Tech Law Talks podcast, and how organizations should utilize and capitalize on the new platform while complying with legal requirements.

Continue Reading

Digital Accessibility: Legal & Practical Issues to Consider

With increased digitization of business processes and services affecting all industries and enterprises, the need for accessible digital tools continues to grow. Indeed, 26% of adults living in the United States have some type of disability, highlighting the crucial role accessibility tools serve in ensuring an inclusive digital environment.  Furthermore, in certain instances, the implementation of accessibility best practices may be legally required. We discuss these issues in our most recent Tech Law Talks podcast.

Continue Reading

ICO25: ICO sets out its three year strategic plan

On 14 July 2022, the UK Information Commissioner’s Office (“ICO”) has launched a public consultation on its draft strategic three year plan, titled “ICO25”. The plan sets out a commitment to safeguard the information rights of the most vulnerable individuals with the aim of empowering people to confidently share their information to use today’s market products and services, with work particularly targeting:

  • children’s privacy;
  • AI-driven discrimination;
  • the use of algorithms within the benefits system; and
  • the impact of predatory marketing calls.

Continue Reading

UK announces plan to regulate critical third parties to the financial sector

The UK HM Treasury recently published its proposal for regulating critical third parties (“CTP”) to the finance sector, which was followed by the UK financial regulators’ joint Discussion Paper.

Why regulating CTPs is necessary
Regulating CTPs to the financial sector is by no means a new concept. The EU’s Digital Operational Resilience Act (“DORA”), which looks to regulate critical Information Communication Technologies (“ICT”) service providers to the financial sector, has been provisionally agreed.  

Continue Reading

Government releases proposals to reform UK data protection laws

On 17 June 2022, in response to its consultation in 2021 on the same topic (which we wrote about here), the UK government published more detailed proposals to reform data protection laws in the UK. The response to the consultation can be found here. The intention of the reforms is to achieve greater personal data use enabling economic growth by removing barriers and reducing obstacles for organisations whilst maintaining high standards of personal data protection and EU adequacy.

Continue Reading

ICO enforcement actions in Q1 2022

In Q1 2022, the UK’s Information Commissioner’s Office (ICO) issued 26 enforcement actions. There were 15 monetary penalties issued, ranging between £2k – £200k, and 11 enforcement notices. The majority of the fines and enforcement notices related to unsolicited marketing activities, two related to data subject rights infringements, and one related to a failure to ensure adequate security around personal data. The last related to a ransomware attack and despite the controller being subjected to a malicious cybercrime, it was penalised for a failure to address known vulnerabilities and to prevent the ransomware attack in time.

Continue Reading

New rules to strengthen and better enforce consumer rights in Germany and the EU

Introduction and Overview

The year 2022 is one of major changes to consumer protection laws in Germany and the EU, namely:

  • Changes in connection with digital products and corresponding new provisions for the sale of consumer goods took effect on 1 January 2022 (see our earlier Reed Smith Client Alert Part I).
  • New consumer protection rules regarding automatic renewal and notice periods took effect in March 2022.
  • Requirements regarding termination buttons will come into force on 1 July 2022 (see our earlier Reed Smith Client Alert Part II).

Continue Reading

Attorney General Rokita on the possibility of a federal privacy law, Indiana’s breach notification law, and regulating data brokers

In the June edition of IAPP’s Privacy Advisor, Divonne Smoyer and Roger Gibboni talk to Indiana State Attorney General Todd Rokita on the possibility of Congress passing a federal privacy law, Indiana’s different approaches to data privacy and protection, and its recent announcement that the state was joining Washington, Texas, and D.C. in an enforcement action over “Dark patterns.” The Indiana Attorney General’s office is a privacy heavyweight and his perspectives are particularly valuable.

The fourth anniversary of the GDPR: How the GDPR has had a domino effect

Four years ago, the General Data Protection Regulation (“GDPR”) came into force in the EU. Since then, the GDPR has had a domino effect, as many countries in the world have used it as a model to shape their own rules on the handling of personal data. Given the rapid changes in data protection legislation around the world, legal and compliance teams of multinational organisations are under pressure to keep up with such developments as they continuously adapt their compliance programs in response.

Continue Reading