By now we hope you’ve heard that the IAPP Westin Research Center has launched its FTC Casebook. This digital resource contains the more than 180 FTC privacy and data security enforcement actions the FTC has initiated since 1998, each one tagged, indexed, and full-text searchable. Forty of the top cases (for now) have been annotated with analysis, footnotes and cross references. The Casebook’s benefits and functionality (which have been described, narrated and reviewed over the past week) were developed with the intention of making your role as a privacy professional a little easier.

Click the image to give the Casebook a try.

Though you should certainly turn to the Casebook in emergency situations (as we suggested in a previous hypothetical scenario), this resource is also valuable for “preemptive” privacy and data security decision-making – aka privacy by design. Imagine the following scenario: You work for a mobile app developer that is in startup mode. You’re at the early stages of weighing the costs and benefits of collecting users’ geolocation information to customize the service and narrowly tailor ads. As a privacy professional and a member of the IAPP, you start your research with the FTC Casebook.

The Casebook’s tag search provides a convenient way to filter cases. Tags are grouped broadly by subject in an index that has been curated to address a range of industry topics and legal issues. You might start with the “Mobile (Device/Application)” tag listed under “Industry Practices.” This tag narrows the realm of applicable cases from over 180 to just eight, immediately focusing your research.

Your results page shows a summary of each case, its date and a complete list of the tags associated with it. You could use the lists of tags associated with the eight mobile application cases you’ve found to identify another tag that might be useful – such as the “Tracking” tag associated with Snapchat, Goldenshores and HTC America. If you click the “Tracking” tag at the bottom of a case listing, you’re starting a new search with that filter, and your results would be all 20 cases the Westin Research Center fellows analyzed, cross-referenced and associated with the “Tracking” tag. Alternatively, you could choose to narrow your original “Mobile” search further by doing a combined search, clicking on both the “Mobile” and “Tracking” tags, thus narrowing your original results from eight to just three.

If you decide that “Tracking” is too broadly-inclusive a category, you could be more specific by using a full-text search. For example, if you want your results to be the cases related specifically to “geolocation,” you could start a new search (using the “start over” button beside the full text search bar) for the term “geolocation.” The full-text search of “geolocation” on its own yields 18 cases. These results include cases like the nine Designerware et. al. settlements, in which rent-to-own companies used spyware to locate and disable computers whose renters had failed to make timely payments; and TRENDnet, a case in which a company that produced cameras for monitoring homes failed to adequately secure the transmission of the video feeds, thus resulting in the exposure of people’s general location and daily lives.

Alternatively, rather than having to sift through all 18 of these cases, you could simply combine the full-text search with your original tag search, filtering the original eight “Mobile” cases through a full-text search for “geolocation.” This produces a list of the six “Mobile” cases that also address “geolocation.”

The results of a full-text search (or a combined tag and full-text search) are organized by relevance and provide links to the case documents associated with each case with the search term bolded in the context in which it appears in the document. Scanning the brief case summaries included with the results, you quickly notice that the first two cases, Goldenshores and Snapchat, are the closest to your situation. Both are enforcement actions against companies whose mobile apps collected and used precise geolocation data. You start with the first result: Goldenshores.

Clicking on the case title takes you to the Goldenshores overview page, which comprises the Westin Research Center case analysis. Delving immediately into the facts of the case, you learn that Goldenshores Technologies was charged with, among other things, inadequately notifying users that the app collected precise geolocation data and failing to get users’ express consent to share the geolocation information with third parties. Hence, Goldenshores is exactly the kind of FTC enforcement action your company might face if it mishandles the collection of consumer geolocation data. You also find a helpful hyperlink to the FTC’s guidance for mobile app developers and a cross-reference discussion of and link to Snapchat. 

Next you navigate to the FTC documents associated with the Goldenshores case using the links on the sidebar. There you find the Decision & Order that is particularly useful for its detailed instructions regarding the notices you must provide users prior to the collection of geolocation information. You click the star icon in the top left-hand corner to save the document to the “saved items” folder in your MyIAPP account so that you can quickly return to it as you prepare your final recommendations.

You return to the six results of your combined “Mobile” tag and “Geolocation” full-text search using the breadcrumbs feature at the top of the case page, and take time to consider the other cases your search brought to your attention. Though you might have dismissed, for example, the Path case for its emphasis on COPPA, it occurs to you while reading its overview page that your company’s app also collects birthdates at registration, which means you too might be subject to COPPA. Or perhaps you initially thought HTC America applied more to product development than to software development, but realize while reading it that you could learn a little bit more about “Privacy by Design.”

For whatever work you do or whatever questions you have, the Casebook makes your research into the FTC’s enforcement actions both efficient and comprehensive, which means you can present your recommendations and your insights with confidence and the strong support of easily accessible, fully annotated, and full-text searchable case evidence.