News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Tracker | A Closer Look at the San Francisco City Attorney’s Suit Against Social Media App Maker MeetMe Related reading: Notes from the Asia-Pacific region, 19 April 2024

rss_feed

""

Earlier this month, San Francisco City Attorney Dennis Herrera filed a complaint in California state court against MeetMe, Inc., the maker of a social networking app that, as the complaint puts it, is designed “to introduce users to new people and enable them to interact with strangers online and in person.” The complaint takes issue with one of the ways MeetMe encourages users to interact—by sharing their location with each other. Herrera asserts that although MeetMe informs users about the way its app uses geolocation information, it fails to do so in a way that is sufficiently clear—particularly given that many of MeetMe’s users are minors. 

According to Herrera, the consequences of MeetMe’s data practices have been serious—the app allegedly has been used by men accused of sexual misconduct involving minors. 

Importantly for privacy professionals, this case raises questions about what it means to provide clear notice in the mobile environment, and how, if it all, the answer changes when the user is a minor. The case also raises the important question of whether failure to adequately disclose how information is shared can be a violation of California’s Unfair Competition Law (UCL), a statute that sometimes is compared to Section 5 of the Federal Trade Commission Act. 

HERRERA'S ALLEGATIONS

According to the complaint, the MeetMe app collects geolocation data from MeetMe users’ mobile devices and uses that data to tell other users “who is nearby and how far away they are.” Herrera alleges that this functionality “broadcasts” geolocation data collected from minors—who make up a large portion of MeetMe’s user base—to “thousands of other users, including sexual predators, stalkers and other criminals.” The complaint cites several press accounts about men who allegedly have used this feature to engage in sexual misconduct involving minors.

The complaint also alleges that the MeetMe app fails to adequately inform users that their location will be shared with other users. According to the complaint, the “only” notice about MeetMe’s use and sharing of geolocation data comes through a pop-up notice displayed after the initial installation of the app. The pop-up allegedly asks permission to “use your location data to show you cool people to meet near you.”

Herrera asserts that this permission “falsely impl[ies] that geolocation data will be used only to show the user the location of others who are nearby and will not automatically be used for other purposes—like broadcasting the user’s location to thousands of other people.” He contends that the pop-up notice is therefore insufficient to inform MeetMe’s users about how their geolocation data will be used.

LEGAL CLAIMS

The complaint asserts that, as a consequence of these practices, MeetMe violates California’s UCL which prohibits any “unlawful, unfair or fraudulent business act or practice.” Herrera contends that MeetMe’s practices are “unfair,” “deceptive” and “unlawful.”  

Unfairness

 The complaint asserts that MeetMe’s practices are unfair because they offend “established public policy” and “cause harm that greatly outweighs any benefits associated with those practices.” It is important to note that the “practices” at issue in Herrera’s suit are not the underlying crimes against minors described in the complaint, but rather MeetMe’s allegedly unauthorized sharing of geolocation data with others.

Even assuming the sharing described in the complaint was unauthorized—which may be a dubious assumption—it is noteworthy that Herrera asserts the sharing offends “established public policy.” Herrera’s support for this assertion appears to come in the form of privacy best practices guides, published by the FTC and California Attorney General, for mobile app developers and others in the mobile ecosystem. These guides are unquestionably important to companies that operate in the mobile ecosystem; but MeetMe may push back against the notion that the guides, published just last year, represent “established public policy.”

Check out the IAPP’s Mobile App Tool to compare the different guidelines and figure out which apply to you.

Also up for debate is how MeetMe’s practices “cause harm.” Although the perpetrators involved in the crimes described in the complaint allegedly used MeetMe to cause substantial harm, it is not clear precisely how MeetMe caused any harm. And if, as appears likely, the “harm” asserted in the complaint is the sharing of geolocation information, then there may be a question about whether the mere sharing of information through an app can cause the harm necessary to support a legal claim. Courts in recent privacy litigation matters have suggested it cannot.

Deception

The complaint also asserts that MeetMe violated the UCL’s prohibition on fraudulent practices by deceptively failing to disclose (or adequately disclose) how it uses and shares minors’ geolocation information. As noted above, however, the complaint acknowledges that MeetMe presented users with a pop-up requesting permission “to use your location data to show you cool people to meet near you.” Herrera asserts that notwithstanding this disclosure, users would not have understood that their location information would be shared with others—i.e., users would have believed that their location information would be used only so that they could see others’ locations, but others could not see theirs.

This assertion may be seen as implausible, particularly given the MeetMe app’s basic functionality appears to be the sharing of location information with people nearby to encourage interaction. Put differently, it may be hard to convince a court that a user would expect the app not to disclose the user’s geolocation data to others even while disclosing the geolocation data of others to that one user.

Unlawfulness

 Claims under the UCL’s unlawfulness prong “piggyback” on other legal claims; if the plaintiff can prove that the defendant’s businesses practices violated any federal, state or local law, he or she may obtain relief under the UCL.

Here, Herrera asserts—without elaboration—that MeetMe’s practices constituted a common law invasion of privacy and a violation of the right to privacy under California’s Constitution. Litigants in similar privacy litigation matters have struggled to show that the alleged misuse of personal information collected online involves harm of a sufficient magnitude to support recovery under these theories.  In general, these claims have been successful only in cases involving egregious privacy violations. Herrera may face significant hurdles in convincing the court that sharing geolocation data gives rise to a claim under one of these theories.

***

It is, of course, difficult to predict how a case will unfold in litigation. It will be very interesting to see how MeetMe responds to Herrera’s complaint and how the court will address these issues.

Author
Headshot Steve Satterfield IAPP Member Contributor
Tags
Marketing/Retail
U.S.
Children's Privacy
Enforcement
Internet of Things
Social Networking
1 Comment

If you want to comment on this post, you need to login.

  • comment Jason Cronk • Mar 20, 2014 
    I think the City Attorney is upset about the use of the app for illegal purposes but it stretching to make this argument. As you point out the user is implicitly acknowledging that their location will be shared with other users to facilitate the exact same information they themselves are receiving (information about the whereabouts of others). Perhaps they could have been explicit about it but I'm not convinced that UCL requires explicit consent in these bidirectional cases.
Related Stories
Notes from the Asia-Pacific region, 19 April 2024
Hello, privacy pros. It was great to reconnect with old friends at the IAPP Global Privacy Summit in Washington, D.C., and meet some new faces too. Back from Summit, brimming with joy and excitement, I'm diving back into the usual busy life as a privacy lawyer in Beijing. In recent weeks, China iss...
Read More queue Save This
Related Stories
Tags
Marketing/Retail
U.S.
Children's Privacy
Enforcement
Internet of Things
Social Networking
Recent Comments