Read This Before Scanning A Driver’s License In New Jersey

On October 1, 2017, a new law will take effect in New Jersey, the Personal Information and Privacy Protection Act (“PIPPA”), which will severely restrict retailers’ ability to “scan” any customer’s “identification card”–a term defined to mean “a driver’s license,” “probationary license,” “non-driver photo identification card,” or any similar card “issued…for purposes of identification.” Merely looking at a license to verify identity or age is not covered by the new law, only “scanning” the license for the purpose of recording and retaining the data.  Both the Attorney General’s Office and private consumers can sue for violations, but the window for private suits is fairly narrow.

The law begins by listing the only purposes for which a retailer may “scan” an identification card at all. They are to (1) verify the person’s identity or the authenticity of the ID card (but this cannot be done if the purchaser is buying an item for cash); (2) verify age when an item is age-restricted; (3) prevent fraud in connection with returns and exchanges if “the business uses a fraud prevention service company or system”; (4) prevent fraud in credit transactions or in connection with the opening of a credit account; (5) establish or maintain a contractual relationship; (6) meet any state or federal legal obligation; (7) transmit information to a consumer reporting agency as may be permitted by law; and (8) accomplish the goals of the Health Insurance Portability and Accountability Act.

The PIPPA then says that if a retailer scans information for one of these permitted reasons, it may only scan “the person’s name, address, date of birth, the state issuing the identification card, and identification card number.” Among the other information that may be listed on a driver’s license that the law does not permit to be “scanned” are a person’s photograph, height, weight, eye color, any restrictions on the license, and the person’s status as an organ donor.  That other information may not be “scanned” at all.

If a retailer scans an identification for purposes (1) and (2)–identity and age verification–it cannot “retain” this information, even briefly. Retailers may retain information they collect for the other permitted purposes, but if they do so, they must “securely store[]” it and “promptly report[]” any breaches to the New Jersey State Police and the Attorney General’s Office pursuant to existing breach notification statutes.  The statute does not put any express limitations on the length of time this information can be retained.

The PIPPA allows the Attorney General’s Office to recover a $2,500 civil penalty for a first violation and $5,000 for each subsequent violation. It also provides that “any person aggrieved by a violation of this act can bring an action in Superior Court to recover damages.”  That private right of action would therefore seem to be limited in two very important respects.

First, a consumer can sue only if “aggrieved.” That same word appears in another New Jersey statute that has been in the news lately–the Truth-in-Consumer Contract, Warranty, and Notice Act (“TCCWNA”)–and we are awaiting word from the New Jersey Supreme Court in a pending TCCWNA case as to what it means.  Second, the statute very clearly does not say that consumers can recover the same $2,500 penalty that the Attorney General’s Office may collect.  Consumers can only sue for “damages,” which would seem to require real, out-of-pocket losses, such as those from actual identity theft.  If a data breach leads to such theft, however, and if the retailer did not “securely store” the data, class action lawsuits may be possible under the new PIPPA.

The window to comply with this new statute is a short two months. Retailers doing business in New Jersey should determine the extent to which they are scanning driver’s licenses and other ID cards and ensure that their policies for doing so, and for retaining any data collected, comply with the PIPPA.  If conducting similar business practices elsewhere, it’s a good idea to confirm compliance with similar laws to this New Jersey law in other states.

What Will Your Social Media Influencer Letter from the FTC Look Like?

We have blogged about the FTC’s barrage of letters when they were originally released in April and again last week.  Back in May, in response to a Freedom of Information Act request by the National Law Journal, the FTC released the entire set of letters set out in April.  A close review of the letters is instructive about the FTC’s priorities, the types of ancillary issues it is concerned about, and what your letter might look like if you are a company or a social media influencer who comes to the FTC’s attention.

Altogether, the FTC sent 99 letters dated between March 20 and April 1.  All of them concerned one social media channel, Instagram.  Of the letters, 45 went to the companies whose products were endorsed on Instagram, and the other 54 went to the endorsers.  The endorser letters matched the company letters; there were more endorser letters because some of the letters to companies referenced more than one endorser.

By way of recipient characteristics, the 45 companies that received the letters spanned the size spectrum from prominent, large companies such as Adidas, Chanel, Johnson & Johnson, Hasbro, and the Popeyes restaurant chain down to much smaller and less known companies.  Industry sectors included fashion, sportswear, food, dietary supplements, fitness products, cosmetics, and toys.

Endorsers that received letters generally were celebrities.  While not all of their names were familiar to this generation-X writer, the Instagram posts attached to the FTC’s letters generally received at least several thousand and often hundreds of thousands of likes, indicative that the endorser had at least a significant social media following.  As has been reported elsewhere, the prominent endorsers included Jennifer Lopez, Allen Iverson, Lindsay Lohan, Heidi Klum.  At least one, Vanessa Hudgens, was notified about endorsements for two different companies.  Letters to almost all of the endorsers were addressed in care of their agents or attorneys, again indicating their status as public personae.  This focus on high-profile endorsers is consistent with the FTC’s past statements that it does not intend to go after every small hobbyist blogger who happens to recommend a product now and then.

The letters were based on 2-page form letters (one for companies and another for endorsers) with certain additional boilerplate paragraphs inserted where appropriate and with a few lines of individually customized text describing the specific Instagram post, which was also attached to the letter as the third page.  Starting with the company form letter, the letters identified the FTC and described the purpose of the letter as “educating marketers about their responsibilities under truth-in-advertising laws and standards.”  After identifying the problematic Instagram post, the letters described the FTC’s “material connection” standard under the Endorsement Guides and provided guidance on the required “clear and conspicuous” disclosures of material connections.  All letters advised that the disclosure be within the first three lines of an Instagram post so that the viewer would see it without having to click “more,” and cautioned against burying the disclosure among multiple tags and links.  The Endorsement Guides and a FAQ about them were included with each letter.

Of interest was the extra content added to some of the company letters.  While most of the letters prefaced the information about required disclosures with, “If your company has a business relationship with [endorser], ten out of the 45 letters went farther and asserted, “It appears that [endorser] has a business relationship with your company.”  It was not always evident how the FTC reached this conclusion, but one apparent tip-off was the offer of a discount code in some Instagram posts.  Seven of the 45 letters pointed to the presence of a statement such as “Thanks @[company]!” in the post and stated that for the endorser merely to thank the company is “probably inadequate to inform customers of a material connection because it does not sufficiently explain the nature of the endorser’s relationship to your company; consumers could understand it simply to mean that the person is a satisfied customer.”  In several letters, the FTC also rejected the use of the “#sp” hashtag to identify sponsored content, claiming that consumers do not understand this hashtag, and disapproved of ambiguous hashtags containing words like “partner” or “ambassador.”

Most interestingly from this author’s perspective as a claim substantiation buff, in 10 of the 45 letters, the FTC included a paragraph hinting that it suspected the content of the Instagram post to be deceptive, separate from the failure to disclose the endorser’s material connection to the company.  This paragraph noted that the FTC’s review of the post was limited to endorser disclosures and did not attempt to determine whether the post might be deceptive in other respects, but reminded the company that it is responsible for substantiating all claims.  This language appeared in cases where the Instagram post made a performance claim, generally about weight loss, health or nutrition benefits.  This raises an important point for companies:  Inadequately disclosed endorsements that bring your advertising to the attention of the FTC may alert the agency to problems with your product claim substantiation that it might otherwise not have noticed.

The 54 letters to endorsers adhered more closely to the basic form letter.  Like the company letters, they usually said, “If there is a material connection between you and [company]” but on some occasions asserted “It appears that you have a business relationship with [company.”  They echoed the advice sent to the relevant company about the inadequacy of ambiguous hashtag disclosures and “thanks.”  Unlike the company letters, the endorser letters never commented on the possible lack of substantiation for claims made by the endorsers.

So the takeaways from the FTC’s spring Instagram endorser broadside are:

  • The FTC views this campaign as an educational initiative rather than an enforcement measure – at least for now.
  • The FTC looks at companies of any size in a variety of industries, but so far is focusing on endorsements by high-profile influencers.
  • Several commonly used short cuts for disclosing a material endorser connection in social media are not favored by the FTC.
  • Inadequate endorser disclosure can cue the FTC to other problems with advertising, including claim substantiation issues.

Missing Ingredient Claims Lead Food Advertising Class Actions So Far in 2017

For the first 28 weeks of 2017, the most frequently alleged claims in new food and beverage false-advertising class actions have related to featured product ingredients that allegedly are absent, or present only in small quantities, in the food at issue.

We reviewed news reports and other mentions of newly-filed food advertising class actions for the first part of 2017 and tabulated the central cause or causes of action to learn where the current substantive focus is in these cases. Out of 52 new food advertising class actions reported between January 1 and July 15 as having been newly filed, the largest single category – 12 cases – alleged the absence of an ingredient that was featured on the product’s label and/or marketing.  Three of the suits concerned truffle-infused cooking oils, alleging that these products actually contained no truffles.  Two cases were filed against makers of ginger ales, which the suits alleged contained no ginger.  Single cases alleged that a guacamole contained very little avocado, that coconut water contained no coconut, that veggie snacks contained no vegetables, that canned octopus was really squid, and that “steak” in a sandwich was really non-steak ground beef.

The other major categories reflect the types of food advertising claims that have been much in the news in recent months. Nine cases concerned “natural” claims.  Nine cases objected to “no sugar added” or similar claims, generally on the basis that evaporated cane juice allegedly was not characterized as a sugar.  Seven cases concerned slack fill, and a further four cases alleged underfill (i.e., not that there was empty space in the package, but that the actual weight of product was less than the stated weight).  Five cases accused the food of overstating its healthiness, and a further three charged that the product falsely claimed a nutritional benefit.  Four cases alleged that an undesirable ingredient claimed not to be in the product, such as trans fat or preservatives, actually was present.

The accompanying chart shows the 52 actions broken down into categories of claims asserted. The total assertions amount to more than 52 because some cases asserted more than one type of claim.

Based on this analysis of 2017 thus far, the two takeaways for food manufacturers are (1) advertising class actions are alive and well and remain a threat, and (2) manufacturers should pay close critical attention to the accurate characterizing of their ingredients. Other well-known controversies over hot-button issues like “natural” claims, slack fill, and the treatment of evaporated cane juice continue to play out in the courts and to be the subject of new challenges.

(Click here to enlarge image.)

Consumer Groups Push for More Regulation of Influencers

In November, we posted that four consumer groups had sent letters to FTC, encouraging the agency to investigate and bring enforcement actions regarding the use of influencers on Instagram. In April, the FTC responded by sending more than 90 letters to companies and influencers, reminding the recipients of their legal obligations. Now, the consumer groups have again contacted the FTC to complain that the agency needs to do more.

According to the latest letter, the groups tracked the 46 influencers who received letters from FTC to determine if the letters had been effective. According the survey, only one of them consistently used “proper disclosures” for paid posts. Although some influencers did occasionally post sponsored content using proper disclosures, some posts allegedly failed to comply with legal requirements. The groups concluded that the FTC’s letters were ineffective and pushed for more regulation.

The groups want the FTC to “bring enforcement actions and seek penalties for posting nondisclosed sponsored content, especially for influencers and brands that are repeat offenders.” In addition, the groups want the FTC to “work with Instagram to develop a system that makes it easy to denote paid posts consistent with FTC guidelines.” We noted last month that Instagram is already working on such a system, but the groups don’t think that it’s sufficiently robust.

As we’ve noted before, both the groups’ letters to the FTC and the FTC’s warning letters swept too broadly and included a number of posts that were not incentivized. (Click here for a BuzzFeed article with some examples.) Nevertheless, there are various examples in the latest letter that are potentially problematic and potential targets for enforcement.

If you haven’t evaluated how your company works with influencer recently, now may be a good time to do that.

Minnesota Federal Judge Says Glyphosate Claims are “Unreasonable”

A mini-trend in food litigation last year was the spate of class action cases alleging that foods advertised as “natural” contained trace amounts of the herbicide glyphosate.  “Trace” is the operative word; to the extent plaintiffs alleged the amounts they found, those amounts always were far below even what the U.S. Department of Agriculture permits to exist in foods labeled “organic.”  The plaintiffs nevertheless argued that foods labeled as “all natural” cannot contain any traces of a biocide, no matter how small.

Continue Reading

Understanding “Ascertainability” in Class Actions Now that the Second Circuit Has Said “No” To It.

On Friday, the Second Circuit Court of Appeals’ decision in In re Petrobras Securities refused to adopt what it called a “’heightened’ two-part ascertainability test in class action cases.  The Second Circuit agreed that class action plaintiffs must show that ‘the class is defined with reference to objective criteria,’ but did not agree that plaintiffs also must put forward “a ‘reliable and administratively feasible mechanism for determining whether putative class members fall within the class definition.’”  The Third Circuit ostensibly has required both showings in class action cases, but the Second Circuit decided to “join a growing consensus that now includes the Sixth, Seventh, Eighth, and Ninth Circuits,” all of which expressly disagreed with their interpretations of the Third Circuit’s holdings.

But are the appellate courts really in disagreement?

The Third Circuit, in fact, has never held that “a plaintiff must be able to identify all class members at [the] class certification stage.”  That quote comes from its 2015 Byrd v. Aaron’s, Inc. case, where it expressly held the opposite: “a plaintiff need only show that class members can be identified.”  In Byrd, the Third Circuit reversed a district judge’s decision denying class certification on ascertainability grounds, saying the district judge had imposed too strict a requirement.

The Third Circuit’s “ascertainability” cases all arose from facts so stark that it is hard to imagine any appellate court in the country would have decided the cases differently.  In Marcus v. BMW of North America, LLC, nobody—not the plaintiff, not BMW, and not even individual BMW dealers—knew or had any way to learn which cars had been fitted with allegedly defective tires.  In Carrera v. Bayer Corp., even the named plaintiff did not remember which diet supplement he had purchased, causing the court to wonder why Bayer should have to swallow every putative class member’s affidavit swearing that he or she purchased the subject product without being able to cross-examine.  And in Hayes v. Wal-Mart Stores, Inc., where Sam’s Club receipts did not include critical information on whether a customer purchased an “as-is” floor model, the Third Circuit merely remanded the case to determine whether the plaintiff could propose a method to establish who did and did not buy both an “as-is” product and a warranty that didn’t cover “as-is” products.

The “disagreement” among the Circuits, therefore, is over a concern that may be much more theoretical than real.  Taken to an extreme, the ascertainability requirement might mean that where a defendant has no list of class members, and where class members themselves are not likely to have retained receipts for purchases, classes can never be certified.  The Ninth Circuit refused to go that far in this year’s Briseno v. ConAgra Foods, Inc. decision.  The Ninth Circuit said it was disagreeing with the Third Circuit, but—and here is the critical part—neither the Third Circuit nor any other appeals court had actually held to the contrary.

To be sure, the Third Circuit has held that “unverifiable” affidavits as a method of proof of class membership may not suffice where reason exists to believe that class members’ memories may not be reliable.  That should not be particularly controversial.  But the Third Circuit has not held, and Judge Rendell’s strong concurrence in the Byrd case explicitly rejected, that the ascertainability doctrine should be read to “disable[e] plaintiffs from bringing small value claims as a class.”

The Second Circuit’s new Petrobras decision involved securities claims rather than consumer claims.  Under Supreme Court precedent, those who purchased Petrobras securities on a domestic exchange could be part of a putative class, but those who purchased securities abroad could not.  Although the Second Circuit refused to adopt an “ascertainability” test, it reversed the district court’s decision to certify a class because the court had not adequately considered, under the “predominance” test of Rule 23(b)(3), how it could distinguish between the two.

It therefore is hard to find much daylight between the Third Circuit in Byrd, which reversed a decision denying class certification, and the Second Circuit in Petrobras, which reversed a decision granting certification.  Both instructed district courts to figure out whether purely individual questions predominate, in which case certification must be denied. The Third Circuit has had more chances to give guidance on how to judge these questions, but unless and until a court comes out the other way in a case that actually resembles one the Third Circuit has decided, it is hard to discern true “disagreement.”  And the Supreme Court may end up speaking on the question before any real disagreement actually appears.

Class action plaintiffs anywhere in the country, including in the Third Circuit, may try to argue that they should be able to rely on affidavits from putative class members to figure out who is in the class.  In any Circuit, however, if the defendant can demonstrate that individual affiants’ memories may be unreliable on the key questions, the defendant should be able to overcome class certification.  The Third Circuit may have decided to call this “ascertainability,” but it may be thought of as predominance under another name, with a healthy helping of a defendant’s due process rights.

FTC Settles With Lead Generation Firm For Illegally Selling Consumer Data, False Data Security Promises

The FTC announced last week a settlement with Blue Global Media, LLC  and its CEO Christopher Kay.  The company operated 38 Internet domains that solicited online loan applications from consumers.  The applications collected extensive sensitive personal information, including social security numbers, bank routing numbers, credit scores, and incomes. The company represented to consumers it would use this information to match them with “trusted lending partners” that offered the most favorable loan offers, for example, with the lowest interest rate and the highest qualified loan amount.  As alleged, Blue Media offered these leads to potential buyers through multiple “ping trees”, which are automated, instantaneous, auction-style processes common in the payday lending industry. However, the company’s ping tree participants were not required to be engaged in lending or use lead information to offer loans. In fact, Blue Media allegedly sold the lead to the first buyer, regardless of whether the buyer was a loan provider or offered favorable terms to the consumer.  Blue Media received from buyers up to $200 for each lead sold. Blue Media collected more than 15 million loan applications in this manner. It allegedly sold 26% of the applications to non-lenders, and less than 2% to lenders. In many cases, these lenders were not legally authorized to make loans.

In addition, Blue Media made a number of data security promises it did not deliver. For example, the company represented in its privacy policy that it employed industry-leading security protocols and technology and would “never store [consumers’] information, so your online identity is always safe.” In contrast, Blue Media allegedly shared consumer information indiscriminately, failing to impose any restrictions or conditions to protect against the unauthorized access, use, modification, or disclosure of consumer information.

The FTC alleged these practices constituted unfair and deceptive acts in violation of Section 5. The settlement includes a judgment seeking all revenue received from these practices, an amount over $104 M.

The FTC has recognized the proliferation of online lead generation in various industries.  On October 30, 2015 the FTC held a public workshop entitled “Follow the Lead,” focused on lead generation practices and related privacy and consumer protection issues, which we discussed here and here. Here are some key takeaways from this case and other FTC guidance documents for lead generation operators:

  • Implement transparency and consumer choice. Disclose clearly and conspicuously to consumers what information is being shared and with whom; and allow consumers to make informed choices about when and how to share their personal information.
  • Exercise caution when selling leads that aren’t purchased through the ping tree (commonly referred to as a “remnant lead”). Depending on the circumstances, you may be liable under the FTC Act if the buyer has no legitimate need for the information.
  • Vet potential lead buyers before doing business with them and monitor lead buyers for any misuse of consumer data.
  • Engage in data security protocols that are appropriate for the sensitivity of the information you are collecting
  • Review your privacy policy regularly to ensure it accurately reflects your collection and disclosure practices.

“Give the Money to One Percenters, Not to Non-Profits,” 11 State Attorneys General Argue

On July 5, bipartisan Attorneys General from 11 states filed an astonishing brief in the Third Circuit Court of Appeals, asking that court to reject the proposed class action settlement in In re Google Inc. Cookie Placement that would give settlement monies to non-profits rather than class members.

The plaintiffs in Google Cookie allege that Google circumvented the cookie-blocker settings in Microsoft’s Internet Explorer and Apple’s Safari browsers and placed advertising tracking cookies without user consent.  The putative class—theoretically, every user of those hugely popular browsers—obviously is massive.  The “damages” suffered by class members, however, if any, is vanishingly small.

In 2016, Google and the plaintiffs’ counsel reached a proposed $5.5 million class action settlement.  The plaintiffs’ counsel requested a $2.5 million fee, with the balance (after administrative costs) to be distributed to privacy rights non-profits such as the Berkman Center for Internet and Society at Harvard University and the Privacy Rights Clearinghouse.  Individual class members would receive nothing.

The Competitive Enterprise Institute’s Center for Class Action Fairness filed an objection to the settlement, arguing that if money cannot be distributed to class members, then the settlement class should not be certified at all.  The Delaware federal judge hearing the case disagreed and approved the settlement.  The objector took its arguments to the Third Circuit, and now 11 state Attorneys General have joined it.

The AG coalition brief, written by the office of the Arizona Attorney General, took no issue with the amount of the settlement and acknowledged that the settlement class is huge.  They contend, however, that “[d]irecting settlement funds to members of the class wherever feasible is important,” and that “there is a feasible path to distribution here.”  That “feasible path” is where the brief took an unprecedented turn for an AG objection.

“Claims rates in small-dollar cases are reliably in the very low single digits (if not below one percent),” the brief argued, citing cases with low claims rates.  “Even assuming a class in the tens of millions, such a claims rate would result in an economically meaningful” payment of “a few dollars to $15 or $20, if not more) to those lucky “one-percenters.”  That, these Attorneys General argued, “is preferable to making no distribution to any class members.”

In the years since the Class Action Fairness Act of 2005 required federal litigants to notify State AGs of proposed class action settlements, State AGs have taken a leading pro-consumer role in trying to limit the forms that settlements can take.  A multistate AG objection to a coupon settlement a decade ago, for example, has sharply curtailed the use of coupon settlements.  This is the first time, however, that AGs have argued it is better to direct small dollars to a tiny fraction of a large class than to pay millions of dollars to non-profits that ostensibly could advocate on behalf of the interests of the class as a whole. 

It will be very interesting to see how the Third Circuit responds to this argument.

Joining Arizona on the brief were the Attorneys General of Alaska, Arkansas, Louisiana, Mississippi, Missouri, Nevada, Oklahoma, Rhode Island, Tennessee, and Wisconsin.

BRIEF OF ELEVEN STATE ATTORNEYS GENERAL AS AMICI CURIAE IN SUPPORT OF OBJECTOR-APPELLANT AND REVERSAL

Summer Road Trippin’: The FTC and NHTSA Workshop on Connected Cars

On June 28, the FTC and National Highway Traffic Safety Administration (NHTSA) brought together a variety of stakeholders including regulators, automakers, software companies, and consumer groups to discuss connected cars, including current innovations and challenges in the field of data privacy. Acting FTC Chairwoman Maureen Ohlhausen opened the day by asserting that regulators will need to show “humility” in trying to understand the risks associated with connected cars. However, she emphasized that the FTC will still use their enforcement authority against those who misuse consumer data, while taking care not to conflict with NHTSA’s oversight efforts. Terry Shelton, acting executive director of NHTSA, agreed with these goals.  The day’s panels focused on three main themes:

Safety – Fewer Accidents, Better Recall Compliance, and Privacy

Connected cars are expected to be able to decrease accidents and traffic fatalities. According to Terry Shelton, Acting Executive Director of NHTSA, 94% of fatal car accidents are due to human error. Additionally, both Shelton and Acting FTC Chairwoman Ohlhausen emphasized that the number of automobile-related fatalities has risen considerably in recent years.

It is less clear what happens when the artificial intelligence (AI) systems responsible break down. As cars become better able to make decisions on their own, the question of liability when a mistake occurs will be brought to the forefront. However, connected cars may increase compliance with safety recalls as self-driving cars may bring themselves into the shop for repair, and manufacturers will more easily be able to trace automated cars that have not been updated. The panel also discussed whether consumers should be allowed to opt out of sharing safety data and whether safety concerns may be used as excuses to collect information for commercial use.

Data – Notice and Consent, Types and Use of Data

As is the case with all connected devices, data collection and use presents many questions. Current technology allows devices to use driving patterns to detect drowsy driving, but newer devices will use biometric data for this purpose.  Depending on how the data is gathered, mechanisms for consumer notice and consent remain a challenge.

Stephen Pattison of ARM offered three important categories of data that may be taken from connected vehicles. The first is information linking the user to the vehicle. He asserted that this is the most sensitive information, and should be controlled by the consumer. The second is information that is brand sensitive, and may be of interest to competitors. This also includes information about individual components of the car. It will be up to the manufacturer how and when this information is shared. The third category is non-identifying information such as road conditions. This information is useful for other companies and law enforcement to use under some agreement that outlines the terms of use.

Panelists noted that the information produced by these vehicles is not encrypted or anonymized, as doing so would destroy the value of the data. It is important for the car or car system to be able to understand why a mistake occurred, or be able to make choices using very granular data, and share that data either with itself or in vehicle to vehicle communications to make other cars smarter and more able to make those decisions as well.

After-market products that are purchased by consumers and voluntarily placed into their cars are also collecting data. These include devices such as remote start, backup cameras, or an insurance dongle. While there is more consumer acknowledgement that these devices will be tracking personal information, the panelists at the workshop were in general agreement that more information should be given to consumers in clear and concise ways to enable them to make informed choices.

Security and Privacy – It’s Not If, But When A Breach Will Happen

One phrase that was repeated during the conference was: it is not a question of if, but when a breach will happen. Carrie Morton of the University of Michigan’s Mcity automated-vehicle research center explained that consumers are often “okay with the tradeoff” of exposing their personal driving information if they see a benefit. However, there is some information that even the most connected of drivers do not want exposed. While it may be true that consumers care less about who has their data is than what is being done with it, this cannot be mistaken for a lack of care concerning data privacy in general.

Earlier this year, NHTSA released a set of best practices to protect connected cars against cyberattacks and data breaches. These included a push for earlier integration of breach detection, a feature which Jeff Massimilla of GM said they are building into their cars from the beginning. NHTSA will look to the FTC for support in enforcing these regulations. There was also support from some panelists for harsher FTC sanctions for those that unlawfully access or re-identify anonymized data, as the data will likely be easy to de-anonymize.

*          *          *

We’ll continue to follow these issues and related connected product developments here at Ad Law Access.

 

Summer Associate Carmen Tracy contributed to this post. Ms. Tracy is not a practicing attorney and is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

Rules Are Made to Be ….Reformed: FTC Announces Regulatory Reform Measures

As part of the FTC’s ongoing review of the needs, costs, and benefits of regulations, the agency recently announced it is reviewing the following rules:

  • The Picture Tube Rule requires manufacturers to base screen size measurements on the horizontal measure of the viewable area, unless the alternative method of measurement is clearly disclosed. This rule was originally intended to help consumers compare products, but with the changes in television technology. In determining whether the rule is still needed, relevant concerns include changes in television technology such as the incorporation of plasma, LED, OLED, and other similar materials in flat display screens. The full list of questions the FTC hopes to address can be found on the Notice of Public Rulemaking here. Comments are due August 31.
  • The FTC is also seeking comment on a proposal to eliminate the “housemark” provisions of the Textile Rules. The housemark provisions require marketers who want to use a “housemark” (a distinctive mark used to identify all a firm’s products) on a textile’s tag in lieu of their business name only if they first register their housemark with the Commission. It is the agency’s position that that provision, imposed in 1959, is no longer necessary because trademark owners can easily be identified by searching online or via the U.S. Patent and Trademark Office website. Therefore, the FTC believes that removing these requirements will reduce compliance costs and increase firms’ flexibility. Comments are due by July 31.
  • The FTC is seeking public comment on its CAN-SPAM Rule, which requires a commercial email to contain accurate header and subject lines, identify itself as an ad, include a valid physical address, and offer recipients a way to opt out of future messages. The FTC is seeking comment on whether consumers have benefitted from the Rule, whether it should be modified, the costs of compliance, whether it should be amended to account for technological or economic changes, among other things. Comments are due by August 31.
  • The Energy Labeling Rule is also being edited to eliminate burdens on the industry and account for new products. The Energy Labeling Rule requires yellow EnergyGuide labels on certain appliances to help consumers compare similar models using estimated operating cost and energy consumption ratings. The comments period for this change has ended. The FTC sought public comment on these changes in September 2016. The accepted changes eliminate obsolete marking requirements for plumbing products, exempt certain ceiling fans from labeling requirements, and update the labels to cover electric instantaneous water heaters.

Overall, this announcement is consistent with the FTC’s recent systematic review of rules and guides. We will continue to track the comments and provide updates on any important developments.

 

Summer Associate Carmen Tracy contributed to this post. Ms. Tracy is not a practicing attorney and is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

LexBlog