On May 8th, the Federal Trade Commission (“FTC”) announced that Snapchat, a mobile application company, had agreed to settle with the FTC over several charges, including deceptive advertising, failure to maintain security features, and collecting data from application users. The FTC alleged that Snapchat deceived users by claiming that their “snaps” (which are pictures users take with their cell phones and send to other users) would “disappear forever” after being viewed. According to Snapchat, users send 400 million photos and videos per day. However, recipients of a snap can save the snap in different ways, including: taking a “screen shot” of the picture, downloading the picture as original content, or, at the extreme, hacking into different Snapchat users’ accounts and stealing their photos. We’ve previously covered the legal ramifications of taking a screenshot of snaps in the context of revenge porn.
The easiest way to prevent pictures from being leaked is to simply not use the app, but where’s the fun in that? Around 26 percent of 18 to 29-year-old smartphone users report using Snapchat, and this number is growing rapidly for users 18 and younger. Snapchat is touted as a $3.6 billion business, with snaps being used as advertisements for the hit HBO show Girls, Taco Bell, and LeBron James for McDonald’s. The popularity of Snapchat is only growing. Snapchat’s alleged security breach is just one of many recent private data breaches, and it does not seem likely that the FTC settlement agreement will shut the application down. But, from a legal standpoint, what does this settlement mean for other applications with models like Snapchat?
Well, moving forward, if these applications wish to remain in the good graces of the FTC and other government watchdogs, they should clearly articulate that the data gathered will not disappear forever. In this day and age, it is nearly impossible for photos, videos, or messages in any form to be deleted entirely. Moreover, these applications should have adequate security measures, at both the software and end-user levels, including two-step verification and encrypted messaging. Finally, these applications might want to think twice when touting their privacy protections.