Massachusetts Mobile Ad Company Won’t Target Patients

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By George Lynch

A digital advertising company can’t target people with advertising based on their private medical conditions without consent under a no-fault settlement announced April 4 by Massachusetts’ attorney general.

The settlement reached over the use of GPS technology around health-care facilities also prevents Copley Advertising LLC from tracking consumers’ locations near or within medical facilities or disclosing their locations to third-party advertisers.

The state alleged that Copley set virtual fences—a practice known as “geofencing"—around reproductive health clinics and methadone clinics in Columbus, Ohio; New York; Pittsburgh; Richmond, Va. and St. Louis that triggered ads, including messages about abortion alternatives, to the targets’ devices.

Massachusetts Attorney General Martha Healey (D) said private health data shouldn’t be used without explicit consent.

Consumers shouldn’t “have to worry about being targeted by advertisers when they seek medical care,” Healey said in a statement announcing the settlement.

Copley’s geofencing technology enables it to “tag” smartphones and other internet-enabled mobile devices as they enter or leave a certain area, causing third-party advertisements to display once a mobile app or web browser is opened by the consumer, according to the settlement.

Consumers are unaware of being tagged as they near health facilities and that their geolocation is being disclosed to advertisers who use it to infer medical conditions, the settlement said.

Copley denied engaging in wrongdoing or breaking the law.

In an April 4 blog post, Copley said it “uses mobile ‘geofencing’ to help clients” reach demographics in specific areas. But Copley CEO John Flynn said it “has never run a mobile geofencing campaign in the state of Massachusetts, and has never violated the law.”

Gary Kibel, digital media, technology and privacy partner at Davis & Gilbert LLP in New York, told Bloomberg BNA April 4 that he has “not heard of any other geofencing actions.” However, there have been Federal Trade Commission enforcement actions over improper collection of geolocation information that was inconsistent with posted privacy policies, he said.

Highly Sensitive Data

Enforcement actions against geofencing may become more prevalent because geolocation data is both highly sensitive and extremely valuable for marketing purposes, Kibel said.

“Those in mobile marketing space must recognize that location data is something sensitive and should be used on an opt-in basis and there are self regulatory guidelines about how to use such data,” he said.

Heather Sussman, co-head of the privacy and data security practice at Ropes & Gray LLP in Boston, told Bloomberg BNA April 4 that in overseeing the collection and use of sensitive personal information, “states are very concerned about protecting consumers, so companies need to think about notice, consent, transparency and fair use of information.”

The settlement shows that the FTC isn’t the only regulator on the beat, and that state attorneys general are willing to be active in this space also, Sussman said.

Healey said that, although geofencing may have some consumer benefits, “It is also a technology that has the potential to digitally harass people and interfere with health privacy.”

To contact the reporter on this story: George Lynch in Washington at gLynch@bna.com

To contact the editor responsible for this story: Donald Aplin at daplin@bna.com

For More Information

The full settlement can be found at http://src.bna.com/nDP.

Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security