FTC Files Lawsuit Over “Made in USA” Claims

This week, the FTC filed a lawsuit against Chemence, Inc., alleging that the company is misleading consumers by claiming that many of their glues are made in the USA.

In order for a company to make an unqualified “Made in USA” claim, a product must be “all or virtually all” made in this country. Although Chemence advertised that its glues were “proudly made in the USA,” the FTC alleges that a significant proportion of the Chemencecosts of the chemical components of the glues – approximately 55% – are attributable to imported chemicals that are essential to the glues’ function. Therefore, the company has fallen far short of the “all or virtually all” standard.

Chemence doesn’t just make its own products, though. The company also makes glues that are sold under retailer brand names, and it provides those retailers with marketing materials to help promote those glues. Because those marketing materials also include “Made in USA” claims, the FTC alleges that Chemence has provided others with the “means and instrumentalities” to deceive consumers.

As we’ve noted in previous posts – all of which were proudly written in the USA – the FTC has been actively investigating these types of claims. Most of those investigations, though, have ended in closing letters, with the companies agreeing to make modifications to their claims. This case demonstrates that there can be more serious consequences for failing to comply with the FTC’s standards.  

Kohl’s Kicks Putative Class Action Suit Alleging Deceptive Sale Prices

On February 1, 2016, the U.S. District Court for the District of Massachusetts dismissed  a consumer class action alleging that Kohl’s Department Stores advertises false sale prices. The plaintiff in Mulder v. Kohl’s Department Stores, Inc., 15-cv-11377 (D. Mass.), asserted causes of action for fraud, breach of contract, unjust enrichment, and violations of the Massachusetts Consumer Protection Law upon allegations that she was induced to purchase merchandise from Kohl’s that was deceptively advertised as on sale from “comparison prices” that she alleged were never charged by Kohl’s or other retailers in the marketplace.

As we have previously reported, the plaintiffs’ bar has increasingly focused on retail sale prices, particularly those for outlet and discount stores, and Congress and the FTC have even taken action, with a January 2014 letter by four members of Congress to the FTC Chairwoman expressing concerns that consumers are being deceived by pricing at retail and outlet stores and asking the FTC to investigate potential violations of Section 5 of the FTC Act and the FTC’s Guides Against Deceptive Pricing. State regulations also contain complex rules on how sale prices can be advertised to consumers, with many specifying how long an item must be sold at its “non-sale” price, or how retailers must disclose a source of comparison.

The court in Mulder found that, even accepting plaintiff’s allegations as true, she had “not suffered an economic injury” cognizable under Massachusetts law: “among other things, she has suffered no loss, and there is no sum of money that could be awarded to her that could ‘compensate’ her without providing a windfall.”  Put simply, the court found that the plaintiff had purchased goods for an advertised price, and that it appeared those goods were, in fact, worth the advertised price she paid.  The court applied this same “benefit of the bargain” logic to plaintiffs’ claims for fraud, unjust enrichment, and breach of contract.  In dismissing the case with prejudice, the court also denied plaintiffs’ motion to amend and motion to certify questions relating to legally cognizable injury to the Supreme Judicial Court of Massachusetts.

The Mulder decision is a welcome interpretation of injury in deceptive sale price class actions for retailers in Massachusetts and other jurisdictions with strong “economic loss” or “ascertainable loss” requirements.  Last year, the District of Massachusetts granted dismissal of similar claims brought against Nordstrom Rack on the grounds that the plaintiff had insufficiently pled injury, a decision which is currently on appeal in the First Circuit.

The Regulatory Landscape for Indirect Auto Lenders After Ally

In December 2013, the Consumer Financial Protection Bureau (CFPB) announced its first settlement in the indirect auto lending industry. The target company was Ally Financial Inc. and Ally Bank (Ally). The CFPB alleged that Ally had engaged in discriminatory pricing by charging minority consumers higher dealer markups for their auto loans. Ally was ordered to pay $80 million in damages to 235,000 minority borrowers and $18 million in penalties.

Last week, the Republican Staff of the U.S. House of Representatives Committee on Financial Services released its second report in two months criticizing the CFPB’s handling of the Ally matter. The two congressional reports punctuate the increasing tension regarding whether and the extent to which “dealer discretion” to increase interest rates gives rise to liability for auto finance companies under fair lending law. The following discusses the genesis of this tension and the regulatory landscape after Ally.

CFPB 2013 Auto Finance Bulletin

In March 2013, the CFPB issued a bulletin on indirect auto lenders’ compliance with the Equal Credit Opportunity Act (ECOA) and its implementing regulation, Regulation B. In pertinent part, the bulletin states that an indirect auto lender’s markup and compensation policies may “alone be sufficient to trigger liability” under ECOA under a disparate impact, or “effects test,” theory of liability. It then outlines steps indirect auto lenders may take to reduce their fair lending risk, such as imposing controls on dealer markup and compensation policies. In the alternative, the CFPB suggests that lenders eliminate dealer discretion to mark up buy rates altogether, and instead move to a flat fee per transaction.

The bulletin has proven controversial. Members of the House introduced a bill in April 2015 seeking to nullify the March 2013 bulletin. The bill, entitled the Reforming CFPB Indirect Auto Financing Guidance Act (HR 1737 (F. Guinta, R-NH)), passed the House on November 18, 2015, by a vote of 332-96. Immediately following the bill’s passage in the House, the Republican Staff of the Committee of Financial Services of the U.S. House of Representatives published two related congressional reports.  The reports pose certain threshold legal questions: for example, whether disparate impact claims are cognizable under ECOA jurisprudence. The reports then suggest that even if such claims were cognizable, it would be difficult to make a prima facie disparate impact auto lending claim due to the challenges with accurately predicting the race and ethnicity of borrowers. The reports were critical of the CFPB’s reliance in Ally on a proxy method that uses a consumer’s last name and address to generate probabilities that the consumer belonged to one or more racial or ethnic groups. According to a November 2014 study commissioned by the American Financial Services Association, this proxy method is subject to “significant bias and estimation error.” The congressional reports suggest that, given the complexities surrounding indirect auto financing, only a direct apples-to-apples comparison – by comparing consumers with similar creditworthiness financing a similar amount at the same dealer at around the same time – would enable one to draw a meaningful conclusion about whether a person was “overcharged” for purposes of ECOA liability.

Regulatory Landscape After Ally

Notwithstanding the challenges presented above, the CFPB will continue its aggressive enforcement against indirect auto lenders. In June 2015, the CFPB extended its supervisory authority over “larger participants” of nonbank auto finance companies. The “larger participants” are approximately 34 entities that make, acquire, or refinance 10,000 or more loans or leases in a year. This expansion of authority enables the Bureau to oversee all activity by these companies to ensure compliance with federal consumer financial laws, including ECOA, the Truth in Lending Act, the Consumer Leasing Act, and Dodd-Frank’s prohibition on unfair, deceptive, or abusive acts or practices. Given the heightened and expanded regulatory scrutiny, auto lenders should consider reducing their risk profile by implementing a robust compliance management system (CMS). In particular, a fair lending compliance program to monitor for fair lending risk may be advisable. The adoption by lenders of a strong CMS with written policies and procedures, including a clear and conspicuous fair lending policy statement, would demonstrate the lenders’ commitment to fair lending practices, and may reduce their risk of exposure.

Kelley Drye & Warren Hosts IAPP Sponsored Data Privacy Day Event

data-privacy-dayTomorrow, Thursday January 28, 2016, Kelley Drye & Warren will be hosting Privacy After Hours, an International Association of Privacy Professionals (IAPP) sponsored event celebrating Data Privacy Day here in Washington, D.C.  Celebrated in the United States since 2008, Data Privacy Day is an international effort to promote awareness about respecting privacy, safeguarding data and enabling trust.

Founded in 2000, IAPP is a not-for-profit organization with a mission to define, support and improve the privacy profession globally. Kelley Drye & Warren is a Corporate Member of IAPP and a nationally-ranked privacy and advertising practice group, including IAPP-certified privacy professionals.

The DC IAPP Privacy After Hours events assemble some of the most interesting privacy professionals from government and industry in the district for a casual and fun get together. We hope you’ll take some time to join us as we celebrate Data Privacy Day. To RSVP, please visit here.

FCC Reaffirms Potential TCPA Liability for Text Message Platforms

iStock_000036215158Large-335x251On January 11, 2016, the FCC’s Consumer and Governmental Affairs Bureau released an order denying a petition by a text message platform provider for a declaratory ruling that the Commission should evaluate TCPA liability for these types of entities under the same standard established for fax broadcasters.  In the Order, the Bureau explained that a separate liability standard for text message apps and platforms was laid out in the Commission’s July 2015 Omnibus TCPA Order and that “text broadcasters can be liable for TCPA violations based on the factors discussed in that decision.”

The petitioner, Club Texting, Inc., filed its request for a declaratory ruling in 2009.  In the petition, Club Texting asked the Commission to apply the fax broadcaster TCPA liability standard to text message platforms, such that “liability will attached only if a text broadcaster ‘demonstrates a high degree of involvement in, or actual notice of, the unlawful activity and fails to take steps to prevent such transmissions.’”  In support of this request, Club Texting claimed that if the Commission made an affirmative finding that text broadcasters are not “senders” for TCPA purposes, it would “promote compliance” by the broadcasters’ third party clients that “are in the best position to ensure that recipients have consented to receive the text messages.”

FCC TCPA Declaratory Ruling

Nearly six years after the petition was filed, the FCC released its July 2015 Omnibus TCPA Order, in which it responded to approximately two dozen petitions for clarification of a variety of TCPA-related issues, including the Commission’s definition of a “caller” for purposes of determining TCPA liability.  In the Order – which is currently being challenged in the U.S. Court of Appeals for the D.C. Circuit – the Commission determined that a calling or texting platform or application may face primary liability under the TCPA as the “caller” based on a case-by-case analysis of whether the entity takes the steps necessary to physically place the telephone call (or text), or is so involved in the placing of a call to have been deemed to initiate it (as opposed to merely having some role, however minor, in the causal chain that results in the making of the telephone call).  The Commission further explained that other relevant factors when making its determination could include “the extent to which a person willfully enables fraudulent spoofing of telephone numbers or assists telemarketers in blocking Caller ID, by offering either functionality to clients,” or whether the text broadcaster “has knowingly allowed its client(s) to use that platform for unlawful purposes.”

The FCC’s standard is similar to the “high degree of involvement” standard applicable to fax broadcasters, but the Commission made clear that it was not applying the fax broadcaster standardper se.  This raises the possibility that outcomes involving calls or texts will differ than they would if faxes were involved.  Until we see cases adjudicating liability, however, we will not know how much of a difference the standard makes in practice.

Club Texting Petition

Against this backdrop, the FCC’s order in Club Texting is primarily procedural.  In denying the Club Texting petition, the Bureau reaffirmed the position in the Order and noted that “the Commission has clarified the standard to be applied to text broadcasters and that standard is not the same standard as applies to fax broadcasters.”  It did not revise the standard, nor did it offer any meaningful clarifications of how the standard will be applied.  Indeed, the order explicitly states that it is not adjudicating the liability of any particular text broadcasting service at this time.

We note that the FCC has proposed to fine a “robocall broadcaster” previously.  The case involved Dialing Services, Inc., a developer of a software platform that allows customers to record their own messages and send them to a designated list of recipients.  The Commission issued a Notice of Apparent Liability against the company in May 2014, and proposed a $2.9 million penalty on the basis that Dialing Services had allowed its customers, through its platform, to make 184 unlawful prerecorded message calls to cell phones.  According to the Commission, because of the company’s involvement in the call process, Dialing Services made or initiated the calls.  The Commission has yet to convert the NAL to a Forfeiture Order, however.  Arguably, the Commission should apply the standard announced in the 2015 TCPA Declaratory Ruling to determine Dialing Services’ liability in the case.

For now, service providers should expect the Commission to continue in its efforts to cast a wide consumer protection net, and companies involved in activities regulated by the TCPA should take whatever steps are necessary to avoid unwanted attention from regulators or the plaintiffs’ bar.

Navigating Native Advertising

The FTC recently released two new guidance documents: Enforcement Policy Statement on Deceptively Formatted Advertisements and Native Advertising: A Guide for Businesses. The Policy Statement seeks to address the broad area of “advertising and promotional messages integrated into and presented as non-commercial content.”  The Business Guide more narrowly addresses native advertising, which the FTC defines as online content “that bears a similarity to the news, feature articles, product reviews, entertainment, and other material that surrounds it.”

The two new guidance documents are important developments as they provide a road map for how the FTC is likely to enforce in the area in the future.  The following are a few key takeaways.

  • In determining whether an advertisement is misleading as to its nature or source, the FTC will consider the overall net impression of the ad from the perspective of a reasonable member of the target audience.  Factors the FTC will consider include “the similarity of [the ad’s] written, spoken, or visual style to non-advertising content offered on the publisher’s site” and “expectations based on consumers’ prior experience” with the particular medium.
  • If an ad is likely to deceive as to its nature or source, the FTC expects clear and conspicuous disclosures clarifying the nature or source of the ad.
  • According to the FTC, disclosures in native advertising must often appear at the outset, before a consumer clicks on a link leading to the ad.
  • The FTC is unlikely to consider headings, such as “More Content for You” and “From Around the Web,” to be sufficient disclosures.
  • The FTC recognizes that not every ad that appears in a format similar to surrounding content is likely to deceive.  The FTC provides the following example: “[I]f a natively formatted ad with an image of a particular sports car and the headline ‘Come and Drive [X] today’ were inserted into the news stream of a publisher site, that ad likely would be identifiable as an ad to consumers, even though it was presented in the same visual manner as news stories in the stream.”

Our recent Advisory provides analysis of the new guidance documents.

App Developers Settle COPPA Violations Relating to Third-Party Ad Network Practices

COPPA

This week, the FTC announced settlements with two mobile app developers – LAI Systems, LLC and Retro Dreamer (including two of its principals) – concerning allegations that their apps collected childrens’ personal information without obtaining parental consent in violation of COPPA.  These cases are the first in which the FTC has held a company liable for COPPA violations relating to the information collection practices of a third-party ad network .

In separate complaints, FTC alleges that LAI and Retro Dreamer created a number of apps directed to children.  The FTC’s determination that the apps were kid-oriented was based on a number of factors, such as the subject matter, visual content, language, and use of animated characters or child-oriented activities and incentives. In both complaints, FTC alleges that the Defendants permitted third-party advertising networks to collect childrens’ PII in the form of persistent identifiers through the apps in order to serve targeted advertising on the app based on users’ activity over time and across sites (the FTC added persistent identifiers to the COPPA Rule’s definition of “personal information” when it updated the rule in 2013). The complaints, however, do not identify the specific persistent identifiers used.

FTC alleges that both LAI and Retro Dreamer failed to: (1) inform the ad networks that the apps were directed to children; (2) instruct or contractually require the ad networks to refrain from targeted ads; or (3) provide the required notices or obtain the required parental consent.  In the case of Retro Dreamer, FTC also alleges that one of its advertising networks specifically warned the company about the obligations of the revised COPPA Rule, and also told the company that certain of its apps appeared to be targeted to children under the age of 13.  The settlements prohibit the companies from further violations of the COPPA Rule.  The settlement with LEI requires the company to pay a $60,000 civil penalty, while the settlement with Retro Dreamer requires it to pay a $300,000 civil penalty.

The settlements highlight that the FTC remains vigilant in this area.  The agency will likely continue to closely monitor the information collection practices of website operators and app developers, in addition to third-party ad networks.

Wyndham Agrees to Settle FTC Data Security Case

ftc-sues-hotel-chain-for-card-breaches-imageFile-a-4900After four years of litigation, this past Wednesday, Wyndham Worldwide Corporation and three of its subsidiaries  (collectively, “Wyndham”) settled the Federal Trade Commission’s (“FTC”) allegations that the global hospitality company failed to protect consumers’ personal information in violation of Section 5 of the FTC Act.  Between 2008 and 2009, Wyndham suffered a series of data breaches that involved the credit and debit card information of more than 600,000 hotel customers.  This settlement comes at the heels of the Third Circuit Court of Appeals decision that affirmed the FTC’s authority to bring an action for lax data security practices under Section 5 of the FTC Act, which prohibits unfair or deceptive practices.  We described the appellate decision at length here (See additional coverage of the Wyndham case here and here).  The settlement covers a 20-year period and does not involve a civil penalty.  However, Wyndham must (1) implement and maintain a comprehensive information security program subject to annual third party audits and (2) timely provide each written audit assessment to the FTC.

Under the settlement, Wyndham must have a comprehensive information security program that is reasonably designed to protect credit and debit card information.  Additionally, Wyndham must obtain third party audits of its program based on the requirements of the Payment Card Industry Data Security Standard Data (“PCI DSS”).  The annual audit must include a certification of the following three (3) factors:

  1. whether any network at a Wyndham-branded hotel (including franchisee hotels) where there are people, processes, and technology that store, process, or transmit cardholder data or sensitive authentication data is designated as an “untrusted network,” and if the network is not treated as untrusted, whether it is included within the scope of the audit or subject to a separate audit;
  2. the extent of Wyndham’s compliance with each element of a risk management protocol (consistent with PCI DSS); and
  3. that Wyndham’s assessment was conducted by a qualified, independent auditor, free from conflicts of interest.

For any subsequent Wyndham breaches involving 10,000 or more unique credit or debit cards, Wyndham will have to obtain a third party forensic investigation assessment and produce it to the FTC within 180 days following discovery of the breach.  Wyndham will remain under order for 20 years, violation of which can subject Wyndham to civil penalties.  We note that the settlement does not apply to Wyndham’s information security practices, generally.  In fact, it is narrowly tailored to credit and debit card information (such as primary account number, cardholder name, expiration date, and/or service code.)  More information on the settlement order and how it will affect Wyndham and its consumers can be found here.

Associate Ilunga Kalala contributed to this post. Mr. Kalala is admitted only in Maryland. He is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

Metropolitan Corporate Counsel Interviews Special Counsel Richard Cohen Regarding Innovations in Technology Affecting Big Data

Richard Cohen, Kelley Drye

Special counsel Richard Cohen was interviewed by Metropolitan Corporate Counsel in the law article “Weighing Public vs. Private Interests in the Big Data Economy: Innovations in technology continue to bring more questions about privacy.”  Mr. Cohen discusses the current startup environment, big data, and venture capital accelerators based on his extensive experience working with technology companies on transactions, outsourcing agreements, strategic alliances, software licensing and development, cloud services, and other commercial and corporate matters.  He says, “[for many organizations] a growing area of interest is the need to balance the use of big data for public good while respecting privacy and individual rights.”

To read the full article, please click here.

Selling Hoverboards This Holiday Season? Tips To Stay Off The CPSC’s Naughty List

A businessman commutes to work on his hoverboard

Hoverboards have skyrocketed as a top gift this holiday season, dominating retail shelves and website banners. Many manufacturers make the products, at a range of price points. If your company is selling these Segway-esque self-balancing boards, think closely about potential safety issues. The Consumer Product Safety Commission (“CPSC”) reportedly has initiated an investigation into claims that the products, typically powered by a lithium battery, have caught on fire. Although the CPSC does not enforce a mandatory standard governing the products, companies that do not adhere to the CPSC’s general guidance for compliance programs and requirements for reporting potential safety issues could quickly appear on the agency’s naughty list. Here are some tips to avoid getting coal in your company’s stocking:

  • Conduct due diligence. Ensure that the company making the product has incorporated safety considerations into the design and manufacturing of the product.
  • Obtain contractual representations from the manufacturer or distributor. Although written assurances do not negate a retailer’s obligations with the CPSC, requiring them often can help identify gaps in the vendor’s compliance efforts that can be filled before problems develop.
  • Train employees. The company should have written product safety compliance policies and train employees at all levels on how to comply with them.
  • Monitor and respond to consumer reports. If your company does not participate in the manufacturing or distribution of the product, the first indicator of a safety issue may come from your customers. Companies should track the range of sources, including warranty claims, complaints, comments to customer service, phone calls, emails, saferproducts.gov, and posts to social media. If something goes wrong with a product, consumers often turn to social media to share their story, especially if they think the problem relates to safety or if they have not received a response from the company.
  • Communicate with the CPSC. Section 15(b) of the Consumer Product Safety Act requires companies that manufacture, import, distribute, or sell a consumer product that could present a “substantial product hazard” or “unreasonable risk of serious injury or death” to report the potential issue to the CPSC. This can be a low threshold, and the CPSC regularly advises companies, “When in doubt, report.” If the CPSC staff is already investigating reports of fire associated with hoverboards, they will certainly take significant interest in other similar reports and in unrelated reports (such as failures in the braking functionality) involving the product.

Any company selling hoverboards should follow the above tips and keep in mind that the CPSC can impose civil penalties against companies that fail to report potential safety issues in a timely manner. Like the sales of hoverboards, civil penalty amounts continue to rise. Happy Holidays.

 

LexBlog