Ad Law Access

Ad Law Access

Updates on consumer protection trends, issues, & developments

FTC Releases a Second Order Requiring Preservation of Records from Clinical Trials

Posted in Advertising, Federal Trade Commission, Food and Drug

The FTC recently announced a settlement with the makers of Nopalea, a fruit drink derived from Nopal or “prickly-pear” cactus. The FTC alleges that the company and two individuals disseminated unsubstantiated claims that Nopalea improves respiration, treats skin conditions, and reduces inflammation and pain, including pain associated with arthritis, fibromyalgia, and other conditions. The company and individuals agreed to follow the terms of a consent order and pay $3.5 million in consumer redress. 

For any future, similar claims to treat respiratory or skin conditions, or pain or inflammation, the consent order requires the named parties to possess “human clinical testing.” The exact number of clinical studies required is not specified, and presumably one could be enough. This is somewhat surprising given the relatively serious nature of the claims that were at issue. Other recent orders have typically required “at least two” clinical studies where claims for conditions, such as arthritis and diabetes, have been at issue. Generally, in the realm of diseases and health conditions, only one trial has been required only where claims were for less serious conditions, like head lice.  Continue Reading

Third Plastic Lumber Company Hammered by FTC Over “Green” Claims

Posted in Federal Trade Commission, Green Marketing

Last week, the FTC announced it had reached another settlement with a plastic lumber company regarding its green marketing claims.  This is the FTC’s third settlement in five months relating to environmental claims for plastic lumber products (the other cases involved N.E.W. Plastics Corp. and American Plastic Lumber, Inc.).

The FTC’s complaint alleges that Engineered Plastics Systems, LLC (“EPS”) marketed its plastic lumber products – including picnic tables and benches – as made of “recycled plastic,” made “entirely of recycled plastic lumber,” or having an “all recycled plastic design.”  The FTC alleges that while consumers would likely interpret the claims to mean that the products are made from all, or virtually all, recycled plastic, the products contained, on average, only about 72 percent recycled plastic.  The products also contained some non-recycled plastic and a mineral component.

The proposed consent order with EPS prohibits the company from misrepresenting the recycled content or environmental benefit of any product or package.  For any recycled-content claims, the company must substantiate the claims by demonstrating that the content of its product or package is composed of materials that have been recovered or otherwise diverted from the waste stream.  The FTC’s consent order will remain effective for 20 years.

FTC Updates COPPA FAQs on Parental Consent Mechanisms

Posted in Uncategorized

This week, the Federal Trade Commission announced the latest revisions to its Frequently Asked Questions (“FAQs”) document to assist online operators as they work to comply with changes to the Children’s Online Privacy Protection (“COPPA”) Rule that went into effect on July 1, 2013. The updated FAQs provide the following expanded guidance on verifiable parental consent (“VPC”) mechanisms under the Rule:

  • Credit or Debit Card Number: The FTC revises FAQ H.5 to recognize that an operator may collect a credit or debit card number without engaging in a monetary transaction, if the method is “reasonably calculated” to ensure that consent is being provided by the parent. For example, an operator could supplement the request for credit card information with special questions to which only parents would know the answer and find supplemental ways to contact the parent.  This is a change from the FTC’s previous FAQ, which required all credit or debit card numbers to be coupled with a monetary transaction.
  • Reliance on Third Party Platforms to Obtain VPC:  The FTC revises FAQ H.10 to allow app developers to rely on VPC obtained by a third party, such as an app store, if the developer provides parents with a direct notice outlining its information collection practices before the parent provides consent.  The operator, however, must ensure that the third party is obtaining consent in a way that is reasonably calculated to ensure the person providing the consent is the parent.  Merely allowing a parent to enter an app store account number or password, however, would not be enough to guarantee that it is the parent, and not the child, entering the information. 
  • Third Party Platform Liability for Obtaining VPC:  In connection with FAQ H.10, the FTC provides a new FAQ H.16  for app stores providing a VPC mechanism for operators to use.  The FTC recognizes that, because app stores are not “operators” under COPPA, they will not be liable under COPPA for failing to investigate the privacy practices of the operators for whom they obtain consent.  The FTC cautions such third parties that they may nonetheless be liable under Section 5 of the FTC Act if, for example, they overstate the level of oversight provided for a child-directed app.

These updates are the latest in a series of recent updates to the COPPA FAQs (also see herehere, here, and here) to educate operators of websites and online services directed to children about their obligations under the amended COPPA Rule.

House Appropriations Amendment Prohibits CPSC from Finalizing Voluntary Recall Proposed Rule; Senate Advances CPSC Nominees to Floor

Posted in Advertising, Consumer Product Safety

Yesterday, the U.S. House of Representatives approved the 2015 Financial Services and General Government Appropriations bill, which provides funding for the CPSC but includes an amendment that would prohibit the Commission from using those funds to finalize, implement, or enforce its proposed rule on voluntary recalls. The amendment, which was introduced by Rep. Marsha Blackburn (R-TN) late Tuesday night, was adopted on a vote of 229 to 194.

Introduced in November 2013, the proposed rule represents a departure from longstanding Commission practice regarding voluntary recalls. Specifically, the proposed rule would: (1) make corrective action plans that implement voluntary recalls legally binding; (2) allow the CPSC to mandate the adoption of legally binding compliance programs; (3) reduce flexibility in the voluntary recall process by standardizing recall notice content; and (4) limit a company’s ability to disclaim that a product is defective or presents a substantial product hazard. As the House Report notes, the voluntary recall process is largely successful, but the proposed changes “would serve to negatively impact small businesses . . . , [and the Appropriations] Committee opposes making unnecessary changes to a recall system that has worked well over the past 40 years.”

The House Report also expresses concerns over proposed changes to the Commission’s public disclosure rules, which would affect companies’ ability to prevent the CPSC’s disclosure of information about the company, and notes that the proposed changes “threaten to undermine a successful partnership based on openness and trust between industry and the Commission.” The Committee also characterizes the proposed changes to certification requirements as costly and burdensome.

On the other side of the aisle, the Senate Committee on Commerce, Science and Transportation on Tuesday approved three CPSC nominees – Elliott Kaye, Joseph Mohorovic, and current Commissioner Robert Adler. If confirmed by the Senate, Mr. Kaye, the current CPSC Executive Director, would become Chairman. Mr. Mohorovic, senior vice president of strategic management in Intertek’s consumer goods division, would become the second Republican Commissioner (joining Ann Marie Buerkle), and Commissioner Adler, currently serving as Acting Chairman, would stay on for a second term. We will continue to monitor the progress of the appropriations bill and the Senate vote and keep you apprised of any developments.

FTC Files Suit Against Amazon Over Kids’ In-App Purchases

Posted in Federal Trade Commission

On July 10, 2014, the FTC filed a complaint in federal court alleging that Amazon unlawfully billed parents and other Amazon account holders for unauthorized in-app charges incurred by kids.  The complaint follows a similar FTC settlement with Apple and a similar class action lawsuit against Google

The FTC’s complaint alleges that Amazon offers free and paid apps through its App store, many of which are rated for kids and allow in-app charges ranging from $0.99 to $99.99.  Amazon controls the billing process for these in-app charges and retains 30 percent of all in-app revenue.  For all apps, Amazon requires its users to link their mobile device to an Amazon account, which is funded by a credit card or Amazon gift card. 

At the time Amazon introduced in-app charges to the App store in November 2011, users were notified of an in-app charge with a pop-up containing information about the app virtual item identified for purchase and the amount of the charge.  The FTC asserts, however, that a child user could clear the pop-up notification by pressing the “Get Item” button.  Once the user clears the pop-up, the FTC asserts that Amazon did not request further action before billing users’ accounts.  

The complaint highlights internal communications among Amazon employees from December 2011 noting that unlimited in-app charges without requiring a password were causing problems for a large percentage of its customers.   According to the complaint, in March 2012, Amazon updated its in-app charge system to require a password for any single in-app charge over $20, but continued allowing an unlimited number of lesser in-app purchases with no password. Continue Reading

CPSC to Hold Workshop on Electronic Filing of Certificates of Compliance

Posted in Consumer Product Safety

Last week, the CPSC announced that it will be holding a workshop on the electronic filing of certificates of compliance on September 18, 2014. The workshop will discuss the May 2013 proposed amendments to the CPSC’s rule on certificates of compliance, which would require the electronic filing of certificates of compliance for regulated imported consumer products with U.S. Customs and Border Protection at the time of filing the CBP entry.

The goal of the workshop is for the CPSC to receive practical and procedural information from stakeholders about the electronic filing of certificates of compliance at entry into CBP’s system and, specifically, to: (1) listen to stakeholder concerns and challenges related to the electronic filing of certificates; (2) clarify certain issues related to the proposed rulemaking; (3) provide background on the CPSC’s pilot software system that reviews CBP import data; and (4) provide CBP with an opportunity to discuss its electronic filing systems.

The workshop will not discuss certificate content requirements or format requirements, other than at import. The CPSC will be accepting applications for individuals to make a presentation at the workshop until August 8, and will be accepting written comments until October 31.

The Devil’s in the Data: L’Oréal’s Wrinkle with the FTC

Posted in Advertising, Federal Trade Commission

The FTC announced last week that it settled allegations that cosmetics giant, L’Oreal, engaged in misleading and deceptive advertising relative to two of its anti-aging cosmetic products, “Lancôme Génifique” and “L’Oréal Paris Youth Code.”  The Complaint alleges that L’Oreal conducted research to identify skincare ingredients that increase activity of genes responsible for the production of proteins associated with skin function.  L’Oreal allegedly represented that the Lancôme Génifique and L’Oréal Paris Youth Code products boost the activity of or target such genes, thereby resulting in visibly younger skin in just days, or, in some instances, overnight.  The FTC alleged that L’Oreal’s claims were not substantiated at the time that they were made and were, therefore, false and misleading.  The consent order prohibits L’Oreal from making gene-related anti-aging claims absent competent and reliable scientific evidence.

Two points in particular are worth noting:

  • First, it appears as though the FDA and FTC may have worked together on this matter.  The FTC’s Complaint allegations involve primarily advertising disseminated in early 2010 through mid-2011 but do not address one obvious issue, which is that gene-boosting claims go beyond the beautification claims to which cosmetics are limited.  This appears to be because FDA addressed that issue separately.  In September 2012, FDA issued a Warning Letter to Lancôme USA in which FDA specifically stated that claims relating to boosting gene activity were drug claims.  The FDA matter was closed just two months later, in November 2012.  As FDA and FTC followers may know, intra-agency cooperation has increased in recent years generally as FTC has focused on health claims.
  • The Complaint language regarding the fit between the evidence and the claims is consistent with FTC’s recent focus on the data underlying clinical studies.  The Complaint discusses a study participant questionnaire used to substantiate claims such as “perfectly luminous” and “astonishingly even” and raises concerns relative to the structure of the questionnaire in the context of the claims and the percentage of participants who strongly agreed with each statement.

The lesson for advertisers is both old and new.  Advertisers have always been required to closely tailor their substantiation to their claims.  Increasingly, in this case and other recent matters (i-Health in particular), we see an agency digging in to the details of the data underlying those claims.

Kelley Drye Offers Webinar on “Hot Topics in Social Media” July 9 at 2 PM

Posted in Social Media

Social media is a powerful marketing tool. It’s personal, dynamic, and reaches an unlimited number of consumers. But, the value of social media can be tempered by the legal risks. Both the Federal Trade Commission and the Food and Drug Administration have been paying close attention to social media activities by dietary supplement companies and have brought numerous enforcement actions involving social media. Understanding the legal framework and social media practices that could leave your company vulnerable to regulatory action is critical to any marketing plan.

To learn more about using social media in the current regulatory environment, please join Kelley Drye for a free webinar presentation on July 9, 2014 from 2 to 3 pm ET. Click Here to Register.

Some of the questions we will be answering are:

  • What steps should your company take to mitigate risks in using social media in its marketing?
  • What steps should your company take if it engages consumers on social media pages?
  • How can companies mitigate legal risks associated with consumer-generated content?
  • What do the FDA’s new social media guidance documents mean for dietary supplement companies?
  • How do recent FDA and FTC actions affect social media practices?

Kelley Drye Speakers:

Katie Bond,  Associate, Advertising and Marketing Practice Group
Megan Olsen,
Associate, Advertising and Marketing Practice Group

Council for Responsible Nutrition Speakers:

Rend Al-Mondhiry, Regulatory Counsel

This webinar is free of charge. Presentation slides and a recording of the webinar will be available to registrants. Click Here to Register.

Can You Afford To Send That Text? Connecticut’s Mini-TCPA Imposes Substantial Fines on Telemarketers

Posted in Class Action Litigation, Telemarketing and Call Center Operations

Several weeks ago, Connecticut enacted legislation making it illegal for telemarketers to send unwanted text messages to consumers, modernizing the State law and bringing it into accord with the federal Telephone Consumer Protection Act (“TCPA”).  Among other things, Connecticut’s “mini-TCPA” bans unsolicited commercial calls, and text and media messages to be sent to an individual’s cell phone, regardless of whether or not the consumer’s telephone number is registered on the State Do-Not-Call list, unless the telemarketer has obtained the consumer’s prior express written consent to send the messages.  The law also requires companies that issue account statements for cell phones, landline telephones, and mobile devices to send consumers written notice at least twice annually, informing them how to register their numbers on the Connecticut Do Not Call registry and how to file a complaint with the State Department of Consumer Protection.

Notably, the law increases the maximum penalty for each violation of the Connecticut mini-TCPA to $20,000 – more than 13 times greater than the maximum penalty that can be imposed under the federal TCPA.  (Penalties under the TCPA range between $500 and $1,500 per violation.)

Connecticut’s new law tells a cautionary tale to telemarketers – be very careful when telemarketing to Connecticut residents because the penalties for a violation can be substantial.

Florida Overhauls Data Breach Notification Law

Posted in Advertising, Privacy and Information Security

Last Friday, Florida enacted a new Information Security Act that repeals the state’s existing data breach notification law and increases companies’ reporting obligations and liability in the event of a data security breach. The new law takes effect July 1, 2014. Likely in response to the recent high-profile breaches, several states have introduced legislation to strengthen existing data security laws, and it is important for companies to monitor these developments and assess and revise information security policies, as necessary.

The new law will require regulator notice (written notice to the Department of Legal Affairs) if more than 500 Florida residents are affected by a breach, as well as if a company reasonably determines that notice is not required because the breach has not resulted, and will not likely result, in identity theft or other financial harm. Additionally, the new law specifies the content that must be included in both the consumer and regulator notice; imposes a 30-day timeframe for covered entities to provide such notice; and revises the definition of personal information to include medical and health insurance information and an individual’s user name or email address in combination with the required password or security question and answer. Furthermore, the law requires that third-party agents notify a company of a breach of security within 10 days, and, although the third-party agent may provide the required notice, the company is ultimately responsible for any failure by the agent to provide proper notice.

Importantly, the new law codified the Act within Florida’s Deceptive and Unfair Trade Practices Act, and specifies that a violation of the Information Security Act constitutes an unfair or deceptive trade practice. Under the DUTPA, the Attorney General may bring actions for a declaratory judgment, injunction, or actual damages. These remedies are in addition to the civil penalties the Department may assess, up to $500,000, for failure to comply with the consumer and regulator notice requirements.