`
`UNITED STATES OF AMERICA
`BEFORE THE FEDERAL TRADE COMMISSION
`
`
`
`
`
`
`FILE NO. 1923172
`
`
`AGREEMENT CONTAINING
`CONSENT ORDER
`
`
`
`
`In the Matter of
`
`EVERALBUM, INC., also d/b/a EVER
`and PARAVISION, a corporation.
`
`
`
`
`The Federal Trade Commission (“Commission”) has conducted an investigation of certain
`acts and practices of Everalbum, Inc. (“Proposed Respondent”). The Commission’s Bureau of
`Consumer Protection (“BCP”) has prepared a draft of an administrative Complaint (“draft
`Complaint”). BCP and Proposed Respondent enter into this Agreement Containing Consent
`Order (“Consent Agreement”) to resolve the allegations in the attached draft Complaint through
`a proposed Decision and Order to present to the Commission, which is also attached and made a
`part of this Consent Agreement.
`
`
`IT IS HEREBY AGREED by and between Proposed Respondent and BCP, that:
`
`
`1. The Proposed Respondent is Everalbum, Inc., also d/b/a Ever and Paravision, a Delaware
`corporation, with its principal office or place of business at 1160 Gorgas Ave., San
`Francisco, California 94129.
`
`
`2. Proposed Respondent neither admits nor denies any of the allegations in the Complaint,
`except as specifically stated in the Decision and Order. Only for purposes of this action,
`Proposed Respondent admits the facts necessary to establish jurisdiction.
`
`
`3. Proposed Respondent waives:
`
`
`a. Any further procedural steps;
`
`b. The requirement that the Commission’s Decision contain a statement of findings of fact
`and conclusions of law; and
`
`
`c. All rights to seek judicial review or otherwise to challenge or contest the validity of the
`Decision and Order issued pursuant to this Consent Agreement.
`
`4. This Consent Agreement will not become part of the public record of the proceeding unless
`and until it is accepted by the Commission. If the Commission accepts this Consent
`Agreement, it, together with the draft Complaint, will be placed on the public record for
`thirty (30) days and information about them publicly released. Acceptance does not
`constitute final approval, but it serves as the basis for further actions leading to final
`disposition of the matter. Thereafter, the Commission may either withdraw its acceptance of
`
`
`
`1
`
`
`
`
`
`this Consent Agreement and so notify the Proposed Respondent, in which event the
`Commission will take such action as it may consider appropriate, or issue and serve its
`Complaint (in such form as the circumstances may require) and decision in disposition of the
`proceeding, which may include an Order. See Section 2.34 of the Commission’s Rules, 16
`C.F.R. § 2.34 (“Rule 2.34”).
`
`
`5. If this agreement is accepted by the Commission, and if such acceptance is not subsequently
`withdrawn by the Commission pursuant to Rule 2.34, the Commission may, without further
`notice to Proposed Respondent: (1) issue its Complaint corresponding in form and substance
`with the attached draft Complaint and its Decision and Order; and (2) make information
`about them public. Proposed Respondent agrees that service of the Order may be effected by
`its publication on the Commission’s website (ftc.gov), at which time the Order will become
`final. See Rule 2.32(d). Proposed Respondent waives any rights it may have to any other
`manner of service. See Rule 4.4.
`
`6. When final, the Decision and Order will have the same force and effect and may be altered,
`modified, or set aside in the same manner and within the same time provided by statute for
`other Commission orders.
`
`
`7. The Complaint may be used in construing the terms of the Decision and Order. No
`agreement, understanding, representation, or interpretation not contained in the Decision and
`Order or in this Consent Agreement may be used to vary or contradict the terms of the
`Decision and Order.
`
`
`8. Proposed Respondent agrees to comply with the terms of the proposed Decision and Order
`from the date that Proposed Respondent signs this Consent Agreement. Proposed
`Respondent understands that it may be liable for civil penalties and other relief for each
`violation of the Decision and Order after it becomes final.
`
`
`
`
`
`
`2
`
`
`
`
`
`
`
`
`
`EVERALBUM, INC.
`
`
`By: _____________________________
`Doug Aley
`
`
`
`
`Chief Executive Officer
`
`
`Everalbum, Inc.
`
`
`
`
`
`
`
`Date: ____________________________
`
`
`
`
`By: _____________________________
`Michelle Kisloff
`Lance Murashige
`Hogan Lovells US LLP
`Attorneys for Proposed Respondent
`Everalbum, Inc.
`
`Date: ____________________________
`
`
`
`
`
`
`
`
`
`
`
`FEDERAL TRADE COMMISSION
`
`By:_________________________________
`James Trilling
`Robin Wetherill
`Attorneys, Division of Privacy and Identity
`Protection, Bureau of Consumer Protection
`
`Date: ____________________________
`
`
`APPROVED:
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
` ____________________________
`
`Maneesha Mithal
`Associate Director, Division of Privacy and
`Identity Protection
`
`
`
`
`
`
`
`____________________________________
`Andrew Smith
`
`
`
`Director
`
` Bureau of Consumer Protection
`
`
`
`
`Date: ____________________________
`
`
`
`3
`
`
`
`1923172
`
`
`
`
`
`UNITED STATES OF AMERICA
`BEFORE THE FEDERAL TRADE COMMISSION
`
`Joseph J. Simons, Chairman
`COMMISSIONERS:
` Noah Joshua Phillips
`Rohit Chopra
` Rebecca Kelly Slaughter
`
`
`
`
`Christine S. Wilson
`
`
`
`In the Matter of
`
`EVERALBUM, INC., also d/b/a EVER
`and PARAVISION, a corporation.
`
`
`
`
`
`
`
`
`
`
`
`DECISION AND ORDER
`
`DOCKET NO. C-
`
`
`
`DECISION
`
`
`
`The Federal Trade Commission (“Commission”) initiated an investigation of certain acts and
`practices of the Respondent named in the caption. The Commission’s Bureau of Consumer
`Protection (“BCP”) prepared and furnished to Respondent a draft Complaint. BCP proposed to
`present the draft Complaint to the Commission for its consideration. If issued by the
`Commission, the draft Complaint would charge the Respondent with violations of the Federal
`Trade Commission Act.
`
`Respondent and BCP thereafter executed an Agreement Containing Consent Order (“Consent
`Agreement”). The Consent Agreement includes: 1) statements by Respondent that it neither
`admits nor denies any of the allegations in the Complaint, except as specifically stated in this
`Decision and Order, and that only for purposes of this action, it admits the facts necessary to
`establish jurisdiction; and 2) waivers and other provisions as required by the Commission’s
`Rules.
`
`
`The Commission considered the matter and determined that it had reason to believe that
`Respondent has violated the Federal Trade Commission Act, and that a Complaint should issue
`stating its charges in that respect. The Commission accepted the executed Consent Agreement
`and placed it on the public record for a period of thirty (30) days for the receipt and consideration
`of public comments. The Commission duly considered any comments received from interested
`persons pursuant to Section 2.34 of its Rules, 16 C.F.R. § 2.34. Now, in further conformity with
`the procedure prescribed in Rule 2.34, the Commission issues its Complaint, makes the
`following Findings, and issues the following Order:
`
`
`
`
`
`1
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Findings
`
`1. The Respondent is Everalbum, Inc., also d/b/a Ever and Paravision, a Delaware
`corporation with its principal office or place of business at 1160 Gorgas Ave., San
`Francisco, California 94129.
`
`2. The Commission has jurisdiction over the subject matter of this proceeding and over the
`Respondent, and the proceeding is in the public interest.
`
`
`ORDER
`
`
`
`For purposes of this Order, the following definitions apply:
`
`Definitions
`
`A. “Affected Work Product” means any models or algorithms developed in whole or in
`part using Biometric Information Respondent collected from Users of the “Ever”
`mobile application.
`
`
`B. “Biometric Information” means data that depicts or describes the physical or biological
`traits of an identified or identifiable person, including depictions (including images),
`descriptions, recordings, or copies of an individual’s facial or other physical features
`(e.g., iris/retina scans), finger or handprints, voice, genetics, or characteristic
`movements or gestures (e.g., gait or typing pattern).
`
`C. “Clearly and Conspicuously” means that a required disclosure is difficult to miss (i.e.,
`easily noticeable) and easily understandable by ordinary consumers, including in all of
`the following ways:
`
`
`
`1. In any communication that is solely visual or solely audible, the disclosure must be
`made through the same means through which the communication is presented. In any
`communication made through both visual and audible means, such as a television
`advertisement, the disclosure must be presented simultaneously in both the visual and
`audible portions of the communication even if the representation requiring the
`disclosure (“triggering representation”) is made through only one means.
`
`
`2. A visual disclosure, by its size, contrast, location, the length of time it appears, and
`other characteristics, must stand out from any accompanying text or other visual
`elements so that it is easily noticed, read, and understood.
`
`
`3. An audible disclosure, including by telephone or streaming video, must be delivered
`in a volume, speed, and cadence sufficient for ordinary consumers to easily hear and
`understand it.
`
`4. In any communication using an interactive electronic medium, such as the Internet or
`software, the disclosure must be unavoidable.
`
`2
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`5. The disclosure must use diction and syntax understandable to ordinary consumers and
`must appear in each language in which the triggering representation appears.
`
`6. The disclosure must comply with these requirements in each medium through which
`it is received, including all electronic devices and face-to-face communications.
`
`7. The disclosure must not be contradicted or mitigated by, or inconsistent with,
`anything else in the communication.
`
`
`8. When the representation or sales practice targets a specific audience, such as children,
`the elderly, or the terminally ill, “ordinary consumers” includes reasonable members
`of that group.
`
`
`D. “Covered Information” means information from or about an individual consumer,
`including: (1) a first and last name; (2) a physical address; (3) an email address or other
`online contact information, such as an instant messaging user identifier or a screen
`name; (4) a telephone number; (5) a Social Security number; (6) a driver’s license or
`other government-issued identification number; (7) a financial account number; (8)
`credit or debit card information; (9) photos and videos; (10) Biometric Information;
`(11) descriptive information derived from Biometric Information, including a Face
`Embedding; (12) a persistent identifier, such as a customer number held in a “cookie,”
`a static Internet Protocol (“IP”) address, a mobile device ID, processor serial number,
`user ID, or any other persistent identifier that can be used to recognize a user over time
`and/or across different devices, websites or online services; or (13) any information
`combined with any of (1) through (12) above.
`
`E. “Face Embedding” means data, such as a numeric vector, derived in whole or in part
`from an image of an individual’s face.
`
`F. “Respondent” means Everalbum, Inc., also doing business as Ever and Paravision, and
`its successors and assigns.
`
`G. “User” means a person who has downloaded, accessed, and/or used software, such as a
`mobile application, developed, operated, or offered by Respondent and marketed to
`consumers for personal use, including the “Ever” mobile application.
`
`Provisions
`
`I. Prohibition against Misrepresentations
`
`IT IS ORDERED that Respondent; and Respondent’s officers, agents, and employees; and
`all other persons in active concert or participation with any of them, who receive actual notice of
`this Order, whether acting directly or indirectly, in connection with any product or service must
`not misrepresent in any manner, expressly or by implication:
`
`
`
`
`3
`
`
`
`
`
`
`
`A. The extent to which Respondent collects, uses, discloses, maintains, or deletes any
`Covered Information;
`
`B. The extent to which consumers can control the collection, use, disclosure, maintenance,
`or deletion of Covered Information;
`
`C. The extent to which Respondent accesses or permits access to Covered Information;
`
`D. The extent to which, purposes for which, or duration of time during which Respondent
`retains any Covered Information following a consumer’s deletion or deactivation of a
`user account with Respondent; or
`
`E. The extent to which Respondent otherwise protects the privacy, security, availability,
`confidentiality, or integrity of any Covered Information.
`
`
`II. Notice and Affirmative Express Consent Provision
`
`IT IS FURTHER ORDERED that Respondent; and Respondent’s officers, agents, and
`employees; and all other persons in active concert or participation with any of them, who receive
`actual notice of this Order, whether acting directly or indirectly, in connection with any product
`or service, prior to using Biometric Information collected from a User to (1) create a Face
`Embedding or (2) train, develop, or alter any face recognition model or algorithm, must:
`
`
`A. Clearly and Conspicuously disclose to the User from whom Respondent has collected the
`Biometric Information, separate and apart from any “privacy policy,” “terms of use”
`page, or other similar document, all purposes for which Respondent will use, and to the
`extent applicable, share, the Biometric Information; and
`
`B. Obtain the affirmative express consent of the User from whom Respondent collected the
`Biometric Information.
`
`Provided, however, Respondent need not comply with this provision in connection with any
`product or service that is only offered to Users outside the United States.
`
`
`III. Deletion
`
`
`
`IT IS FURTHER ORDERED that Respondent; and Respondent’s officers, agents, and
`employees; and all other persons in active concert or participation with any of them, who receive
`actual notice of this Order, must, unless prohibited by law:
`
`A. Within thirty (30) days after the issuance date of this Order, delete or destroy all photos
`and videos that Respondent collected from Users who requested deactivation of their
`Ever accounts on or before the issuance date of this Order, and provide a written
`statement to the Commission, sworn under penalty of perjury, confirming that all such
`information has been deleted or destroyed;
`
`
`
`
`4
`
`
`
`
`
`B. Within ninety (90) days after the issuance of this Order, delete or destroy all Face
`Embeddings derived from Biometric Information Respondent collected from Users who
`have not, by that date, provided express affirmative consent for the creation of the Face
`Embeddings, and provide a written statement to the Commission, sworn under penalty of
`perjury, confirming that all such information has been deleted or destroyed; and
`
`C. Within ninety (90) days after the issuance of this Order, delete or destroy any Affected
`Work Product, and provide a written statement to the Commission, sworn under penalty
`of perjury, confirming such deletion or destruction.
`
`Provided, however, that any photos, videos, Face Embeddings, Affected Work Product, or
`other matter that Respondent is otherwise required to delete or destroy pursuant to this provision
`may be retained, and may be disclosed, as requested by a government agency or otherwise
`required by law, regulation, court order, or other legal obligation, including as required by rules
`applicable to the safeguarding of evidence in pending litigation. In each written statement to the
`Commission required by this provision, Respondent shall describe in detail any relevant
`information that Respondent retains on any of these bases and the specific government agency,
`law, regulation, court order, or other legal obligation that prohibits Respondent from deleting or
`destroying such information. Within thirty (30) days after the obligation to retain the
`information has ended, Respondent shall provide an additional written statement to the
`Commission, sworn under penalty of perjury, confirming that Respondent has deleted or
`destroyed such information.
`
`
`IV. Acknowledgments of the Order
`
`IT IS FURTHER ORDERED that Respondent obtain acknowledgments of receipt of this
`Order:
`
`
`A. Respondent, within ten (10) days after the issuance date of this Order, must submit to the
`Commission an acknowledgment of receipt of this Order sworn under penalty of perjury.
`
`
`B. For ten (10) years after the issuance date of this Order Respondent must deliver a copy of
`this Order to: (1) all principals, officers, directors, and LLC managers and members; (2)
`all employees, agents, and representatives having managerial responsibilities for conduct
`related to the subject matter of the Order; and (3) any business entity resulting from any
`change in structure as set forth in the Provision titled Compliance Reports and Notices.
`Delivery must occur within ten (10) days after the effective date of this Order for current
`personnel. For all others, delivery must occur before they assume their responsibilities.
`
`
`C. From each individual or entity to which Respondent delivered a copy of this Order,
`Respondent must obtain, within thirty (30) days, a signed and dated acknowledgment of
`receipt of this Order.
`
`
`
`
`IT IS FURTHER ORDERED that Respondent make timely submissions to the
`
`V. Compliance Reports and Notices
`
`
`
`5
`
`
`
`
`
`Commission:
`
`
`A. One year after the issuance date of this Order, Respondent must submit a compliance
`report, sworn under penalty of perjury, in which Respondent must: (a) identify the
`primary physical, postal, and email address and telephone number, as designated points
`of contact, which representatives of the Commission may use to communicate with
`Respondent; (b) identify all of the Respondent’s businesses by all of their names,
`telephone numbers, and physical, postal, email, and Internet addresses; (c) describe the
`activities of each business, including the goods and services offered, what Covered
`Information is collected, and the means of advertising, marketing, and sales; (d) describe
`in detail whether and how Respondent is in compliance with each Provision of this Order,
`including a discussion of all of the changes the Respondent made to comply with the
`Order; and (e) provide a copy of each Acknowledgment of the Order obtained pursuant to
`this Order, unless previously submitted to the Commission.
`
`B. Respondent must submit a compliance notice, sworn under penalty of perjury, within
`fourteen (14) days of any change in the following: (a) any designated point of contact or
`(b) the structure of Respondent or any entity that Respondent has any ownership interest
`in or controls directly or indirectly that may affect compliance obligations arising under
`this Order, including: creation, merger, sale, or dissolution of the entity or any
`subsidiary, parent, or affiliate that engages in any acts or practices subject to this Order.
`
`C. Respondent must submit notice of the filing of any bankruptcy petition, insolvency
`proceeding, or similar proceeding by or against Respondent within fourteen (14) days of
`its filing.
`
`
`D. Any submission to the Commission required by this Order to be sworn under penalty of
`perjury must be true and accurate and comply with 28 U.S.C. § 1746, such as by
`concluding: “I declare under penalty of perjury under the laws of the United States of
`America that the foregoing is true and correct. Executed on: _____” and supplying the
`date, signatory’s full name, title (if applicable), and signature.
`
`E. Unless otherwise directed by a Commission representative in writing, all submissions to
`the Commission pursuant to this Order must be emailed to DEbrief@ftc.gov or sent by
`overnight courier (not the U.S. Postal Service) to: Associate Director for Enforcement,
`Bureau of Consumer Protection, Federal Trade Commission, 600 Pennsylvania Avenue
`NW, Washington, DC 20580. The subject line must begin: “In re Everalbum, Inc., FTC
`File No. 1923172.”
`
`
`
`
`
`VI. Recordkeeping
`
`IT IS FURTHER ORDERED that Respondent must create certain records for ten (10)
`years after the issuance date of the Order, and retain each such record for five (5) years, unless
`otherwise specified below. Specifically, Respondent must create and retain the following
`records:
`
`
`
`6
`
`
`
`
`A. Accounting records showing the revenues from all goods or services sold, the costs
`incurred in generating those revenues, and resulting net profit or loss;
`
`
`B. Personnel records showing, for each person providing services in relation to any aspect of
`the Order, whether as an employee or otherwise, that person’s: name; addresses;
`telephone numbers; job title or position; dates of service; and (if applicable) the reason
`for termination;
`
`
`C. Copies or records of all consumer complaints and refund requests, whether received
`directly or indirectly, such as through a third party, and any response;
`
`
`D. A copy of each widely disseminated representation by Respondent that describes the
`extent to which Respondent maintains or protects the privacy, security, availability,
`confidentiality, or integrity of any Covered Information, including any representation
`concerning a change in any website, mobile app, or other service controlled by
`Respondent that relates to privacy, security, availability, confidentiality, or integrity of
`Covered Information; and
`
`
`E. All records necessary to demonstrate full compliance with each provision of this Order,
`including all submissions to the Commission.
`
`VII. Compliance Monitoring
`
`IT IS FURTHER ORDERED that, for the purpose of monitoring Respondent’s compliance
`with this Order:
`
`A. Within ten (10) days of receipt of a written request from a representative of the
`Commission, Respondent must: submit additional compliance reports or other requested
`information, which must be sworn under penalty of perjury, and produce records for
`inspection and copying.
`
`
`
`
`
`
`
`
`B. For matters concerning this Order, representatives of the Commission are authorized to
`communicate directly with Respondent. Respondent must permit representatives of the
`Commission to interview anyone affiliated with Respondent who has agreed to such an
`interview. The interviewee may have counsel present.
`
`
`C. The Commission may use all other lawful means, including posing through its
`representatives as consumers, suppliers, or other individuals or entities, to Respondent or
`any individual or entity affiliated with Respondent, without the necessity of identification
`or prior notice. Nothing in this Order limits the Commission’s lawful use of compulsory
`process, pursuant to Sections 9 and 20 of the FTC Act, 15 U.S.C. §§ 49, 57b-1.
`
`
`
`VIII. Order Effective Dates
`
`
`IT IS FURTHER ORDERED that this Order is final and effective upon the date of its
`7
`
`
`
`
`
`publication on the Commission’s website (ftc.gov) as a final order. This Order will terminate
`twenty (20) years from the date of its issuance (which date may be stated at the end of this Order,
`near the Commission’s seal), or twenty (20) years from the most recent date that the United
`States or the Commission files a complaint (with or without an accompanying settlement) in
`federal court alleging any violation of this Order, whichever comes later; provided, however, that
`the filing of such a complaint will not affect the duration of:
`
`A. Any Provision in this Order that terminates in less than twenty (20) years;
`
`B. This Order if such complaint is filed after the Order has terminated pursuant to this
`Provision.
`
`
`Provided, further, that if such complaint is dismissed or a federal court rules that the
`Respondent did not violate any provision of the Order, and the dismissal or ruling is either not
`appealed or upheld on appeal, then the Order will terminate according to this Provision as though
`the complaint had never been filed, except that the Order will not terminate between the date
`such complaint is filed and the later of the deadline for appealing such dismissal or ruling and the
`date such dismissal or ruling is upheld on appeal.
`
`By the Commission.
`
`
`Secretary
`
`
`
`
`SEAL:
`
`ISSUED:
`
`
`
`
`8
`
`