October 3, 2022

Volume XII, Number 276

Advertisement

September 30, 2022

Subscribe to Latest Legal News and Analysis
Advertisement

NAD Examines Privacy Statements Made By DuckDuckGo in Online Ads

Following, by a day, a privacy-related claim challenge brought against another advertiser, the National Advertising Division found that advertiser DuckDuckGo had sufficiently substantiated its privacy claims. These cases are significant reminders in two ways. First, that claims made about privacy and security can be viewed through an advertising lens and examined to see if they are properly substantiated. Second, that the NAD, the self-regulatory body that actively examines truth and accuracy of advertising, is looking at privacy claims. As those familiar with the NAD are aware, it refers those who do not cooperate to the FTC for priority action to examine if there have been violations of Section 5 of the FTC Act.

DuckDuckGo provides a browser and mobile app search engine. In a promotional YouTube video, it claimed that using its products were the “best, quickest and easiest steps you can take for your privacy health.” The NAD assessed these and similar claims to understand how they would be perceived by consumers. It found that they conveyed that the company’s products were a way to protect against the sharing of individuals’ data. There was also an implied claim that the company did not share personal data.

The NAD found the claims supported by the evidence which included a third-party expert confirming that the company’s measures (encryption, tracker blocking, and private searches) protect against the three largest categories of personal data collectors. Additionally, the NAD found evidence that no special configurations to receive privacy protections were needed (unlike the company’s competitors) – support “best” claims. DuckDuckGo confirmed -through proof of regular audits and implementation of blocking technologies in its products- that it did not share personal data.

In reaching its conclusions, the NAD did caution DuckDuckGo to take care not to imply that its protections extended to search engines or apps that fell outside of its platforms’ solutions. Namely, through claims that one would be protected “no matter where the internet takes you.”

Putting It Into Practice: This case is another reminder that privacy representations may be examined through an advertising lens. Companies should take care to ensure that they have substantiation that supports both the express and implied claims that they make about how they use personal data.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 209
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Dhara Shah Law Clerk Chicago Shephard Mullin Richter & Hampton LLP
Law Clerk

Dhara Shah is an law clerk in the Intellectual Practice Group in the firm’s Chicago office.

312-499-6336
Advertisement
Advertisement
Advertisement