Privacy & Information Security Law Blog

David Vladeck, Director of the FTC’s Bureau of Consumer Protection, recently sent a letter to creditors of XY Magazine, warning that the creditors’ acquisition of personal information about the debtor’s subscribers and readers in contravention of the debtor’s privacy promises could violate the Federal Trade Commission Act (“FTC Act”).

Vladeck’s letter explained that, since its inception, the debtor’s website “Sign-up Confirmation Page” told potential members/subscribers: “Please note our amazing privacy policy. We never give your info to anybody.”  Another representation, which appeared on the website and was directed to magazine subscribers, stated: “[O]ur privacy policy is simple: we never share your information with anybody.”  Those submitting online profile information were told that such information “will not be published. [W]e keep it secret.”  The magazine catered to a young gay audience, including individuals whose sexual orientation was a secret.  The creditors have been seeking to acquire the magazine’s subscriber information, among other assets.  Under these circumstances, Vladeck argues, a transfer of the information to the creditors would contradict the privacy statements made to the subscribers, in possible violation of the FTC Act’s prohibition against “unfair or deceptive acts or practices.”

This incident is a reminder of the legal significance of privacy promises made outside the context of an actual privacy policy, and it highlights the need to anticipate changes in business circumstances (such as mergers or sales of assets) when making any privacy representations.  Inappropriate commitments may prove damaging to the company, its investors and creditors.