FTC Updates Consumer Guidance for Online Tracking

FTC Consumer Information LogoOn June 23, the FTC updated its consumer information page to provide updated guidance on “Online Tracking.”  The updated guidance is intended to provide consumers with information on different methods of tracking, how they work, and how consumers can control such tracking.  While directed to consumers, updates to this page can also help businesses understand how these online tracking technologies work, and identify what the FTC expects businesses to do.

The previous guidance, titled “Cookies: Leaving a Trail on the Web” (last updated in November 2011), primarily addressed cookies (including first-party cookies, third-party cookies, and flash cookies), provided consumers with general information on how to control cookies, identified how consumers can opt-out of receiving targeted ads, provided a brief overview of “Do Not Track,” and identified that new technologies were constantly emerging.

The updated guidance document updates and expands upon this information to address new forms of online tracking (e.g., device fingerprinting, cross-device tracking), new tracking technologies (e.g., use of unique device identifiers or HTML 5 cookies), how tracking in mobile apps occurs, and how consumers can generally limit or block tracking online, in apps, or across devices.

So what is the big-picture takeaway for businesses? Consumers may not fully understand online tracking, including their options for minimizing or preventing such tracking from occurring.  Businesses can help educate consumers concerning their online tracking by providing clearly identifiable ways in which consumers can review information about the company’s collection, use, and disclosure practices, and ways to limit cookies and other tracking technology.  This may include a clearly written privacy policy or other consumer facing document, or in the device settings as suggested by the FTC.  Lessons learned from past FTC enforcement actions (including the FTC’s action announced yesterday against InMobi) also illustrate the risks associated with business practices that appear to circumvent a user’s privacy decisions or a device’s privacy settings.

Airbnb Faces Suit for Using Julia Child’s Name in a Contest

Earlier this year, Airbnb ran a contest in which one winner could “come stay in the former home of Julia Child.” The company LaPitchouneadvertised that entrants could imagine themselves “walking the halls of Julia Child’s former home,” and “channeling the culinary genius of Julia Child,” while “combing over the knick knacks in her kitchen exactly as she left them.” Although the contest may have been a hit with travelers and fans of the original celebrity chef, the chef’s estate was less enthused. This week, The Julia Child Foundation for Gastronomy and the Culinary Arts sued Airbnb and its publicity firm, arguing that contest violated Child’s right of publicity.

According to the complaint, Airbnb contacted the Foundation in April, and sought permission to use Child’s name and likeness in connection with the contest. Consistent with Child’s longstanding policy of refusing requests to associate her name or image with commercial products or brands, the Foundation expressly declined the request. Nevertheless, Airbnb moved forward with the promotion, and used Child’s name on its website, on social media, and in an e-mail campaign. As a result, Airbnb won a trip to the California court system, where it can walk the same halls that many celebrities have walked.

As we’ve noted before, the risks of using a celebrities name in ads without permission can be significant. And although there may be cases in which a company can argue that it doesn’t need permission – such as when the use is protected by the First Amendment – it can be hard for a company to argue that permission isn’t necessary, when it had previously asked for it. For a more detailed analysis of this case, please see this post from our friends at Drye Wit. And, while you’re there, be sure to read their three-part series on Right of Publicity claims.

Going Geo-Loco: FTC Settles with Mobile Ad Network over Geolocation Collection

InMobiThe FTC announced a settlement on Wednesday with mobile advertising company, InMobi Pte Ltd., concerning allegations that the company deceptively tracked the geolocation of hundreds of millions of unknowing consumers, including children, to serve them geo-targeted advertising.  As part of the settlement, InMobi will pay $950,000 in civil penalties relating to violations of the Children’s Online Privacy Protection Act (COPPA), and agreed to implement a comprehensive privacy program.

InMobi’s Practices

InMobi provides an advertising platform for app developers and advertisers.  App developers can integrate the InMobi software development kit (SDK) for its Android and iOS apps, allowing them to monetize their applications by allowing third party advertisers to advertise to consumers through various ad formats (e.g., banner ads, interstitial ads, native ads).  Advertisers, in turn, can target consumers across all of the mobile apps that have integrated the InMobi SDK.

InMobi also offers several geo-targeting products, which allow advertisers to target consumers based on specific location information.  For instance, advertisers could target consumers based on their device’s current or previous location, or if the consumer visits a certain location at a particular time of day or on multiple occasions.

FTC Charges

The FTC alleges that InMobi mispresented that its advertising software would track consumers’ locations and serve geo-targeted ads only if the consumer provided opt-in consent, and only when it was done in a manner consistent with their device’s privacy settings.  According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps with InMobi SDKs requested consumers’ permission to do so, and even when consumers had denied permission to access their geolocation.

Even when users had denied the app permission to access geolocation, InMobi was collecting information about the WiFi networks that the consumer’s device connected to or that were in-range of the consumer’s device, feeding this information into its geocoder database, and using this information to infer the consumer’s longitude and latitude. The FTC claims that this process allowed InMobi to track the consumer’s location and serve geo-targeted ads, regardless of the app developer’s intent to include geo-targeted ads in the app, and regardless of the consumer’s privacy preferences or device settings.  As a result of these practices, app developers could not provide accurate information to consumers regarding their apps’ privacy practices.  The FTC concluded that InMobi’s misrepresentations regarding its data collection and use practices were deceptive in violation of Section 5 of the FTC Act.

In addition, the complaint alleges that InMobi violated COPPA by knowingly collecting personal information from children under the age of 13, despite representations to the contrary. The FTC claims that InMobi did not have adequate controls in place to ensure COPPA-compliance and did not test any controls it implemented to ensure they functioned as intended.  As a result, InMobi collected personal information (including unique device identifiers and geolocation information) in thousands of apps that developers had expressly indicated to InMobi were child-directed, and used this information to serve interest-based, behavioral advertising in violation of COPPA.

Settlement Provisions

Per the stipulated order, the company is prohibited from collecting consumers’ location information without their affirmative express consent and will be required to honor consumers’ location privacy settings.  The company is further prohibited from violating COPPA and from misrepresenting its privacy practices.  The order also requires the company to delete all information it collected from children, delete the location information collected from consumers without their consent, and establish a comprehensive privacy program.  The comprehensive privacy program is typical of what we see in other FTC privacy settlements.  It has provisions governing the designation of a responsible employee to oversee privacy compliance, requiring ongoing assessment of risks that could result in unauthorized collection of information, mandating implementation of reasonable privacy controls, requiring regular testing and evaluation of such controls, and addressing service provider oversight.  Under the terms of the settlement, InMobi is subject to a $4 million civil penalty, which was suspended to $950,000 based on the company’s financial condition.

Key Takeaways

Mobile technology practices continue to be a focus of the FTC’s consumer protection efforts.  Companies collecting personal and geolocation information from consumers should understand precisely what information will be collected from or about a user, clearly and accurately communicate its data practices, and respect any representations that are made.  Particular care should be taken when collecting information through child directed apps and websites.  Taking these simple steps can help avoid FTC scrutiny with respect to a company’s privacy practices and related representations.

Spokeo Starting To Impact Class Certification Decisions — Stay Tuned

untitled

We are often asked what we see as the most promising avenues for class action defense arising from the Supreme Court’s Spokeo decision.  Our answer is that even if courts, post-Spokeo, give Congress wide latitude to define a compensable “injury,” courts should not certify classes that include people who did not suffer that injury.  As an example, just because Congress can determine that the annoyance of receiving an unwanted phone call can entitle the recipient to a statutory penalty, someone who wasn’t home to hear the phone ring shouldn’t be included in a class.

Friday’s decision in Sandoval v. Pharmacare US, Inc., No. 15-cv-0738-H-JLB (S.D. Cal.), is a promising example of Spokeo’s impact on class certification. 

Pharmacare sold a dietary supplement called “IntenseX,” advertised to enhance sexual power and performance.  The named plaintiffs purchased IntenseX , contend it didn’t deliver the promised sexual punch, and sued under California’s unfair competition and false advertising laws (among other claims), purporting to represent a class of “[a]ll persons in the United States . . . who purchased IntenseX for personal, family, or household use . . . since January 1, 2004.”   

The proposed class had a ton of problems, including that the plaintiffs had not submitted sufficient evidence to show that the product universally did not and could not have delivered the promised benefits.  Predominance therefore was lacking.  The court also rejected out-of-hand the plaintiffs’ attempt to certify a nationwide class. 

After denying class certification for those well-established reasons, the court then went out of its way to address Spokeo.  Among Pharmacare’s defenses was that some class members “were not dissatisfied, were not harmed, or have no viable claim.”  Some class members received the benefits they expected, were not exposed to the allegedly false claims at issue in the case, previously received a refund, or bought the product outside the applicable statute of limitations.  The court said that “[t]he Ninth Circuit has been inconsistent about whether [all] absent class members, as opposed to only the named plaintiff, must have standing.”  It then suggested that Spokeo should impact this issue, precluding classes that encompass uninjured persons who, post-Spokeo, lack standing.

The court did not firmly decide the Spokeo question, saying only that “[w]hether characterized as problems with overbreadth, commonality, typicality, or Article III standing . . . the class includes consumers who have no cognizable injury,” and therefore could not be certified.  The court then cited Spokeo as support for that holding.

We are carefully following all Spokeo developments and would be pleased to discuss Spokeo’s potential impact on any situation our clients face.

 

iHeartMedia Doesn’t Heart the TCPA

iHeartMedia has agreed to pay $8.5 million to resolve allegations that the company sent unsolicited text messages to radio station listeners, in Messageviolation of the TCPA. According to the complaint, the company would invite listeners to send text messages in order to request songs or enter contests. Listeners who submitted requests or entries would receive messages from the company in return.

But rather than simply confirm receipt of the listener’s text, the plaintiffs alleged that the messages frequently included ads for the company’s partners. For example, when the plaintiffs sent a text message to enter a contest, they received a response inviting them to “play us in the brand new version of Words With Friends.” The text message included a link that led the recipient to the Words With Friends download page on their phone’s app store.

It’s tempting to think that a person’s text to your company constitutes consent to text them back, but it’s not that easy. While you may be able to send a simple confirmation of receipt, in order to send an ad, you need prior express written consent. Without that, you could be liable for statutory damages of up to $1,500 per text sent without consent. As this settlement demonstrates, those numbers can quickly add up.

Protected: 2016 Advertising and Privacy Law Summit Attendee Follow-up

13344687_1109651522410091_2983870669660441248_n

This content is password protected. To view it please enter your password below:

Annual Advertising & Privacy Law Summit Attracts Industry Leaders to the Reopened Watergate Hotel

On June 8th attorneys from Kelley Drye’s advertising law practice hosted government officials and industry leaders at an advanced seminar on key issues in advertising, privacy, and consumer protection law. This year marked the fourth annual Advertising and Privacy Law Summit and included an inaugural pre-Summit book camp for professionals new to the field.  

More than 110 attendees from a broad range of industries across the U.S. gathered at the newly-reopened Watergate Hotel and heard from experts in various areas of the law. Maureen K. Ohlhausen, Commissioner of the Federal Trade Commission, and Jessica Rich, Director of the Federal Trade Commission’s Bureau of Consumer Protection, were the Summit’s keynote speakers.

 

The Washington Post took notice of the Summit’s timely topics and bold venue choice. Kelley Drye’s Advertising and Marketing Practice Group Chair Christie Grymes Thompson was quoted in the article: “Given the historical significance of the complex, we figured it was a terrific place to discuss deception, public policy and invasion of privacy.” Christie also commented that “We are thrilled to have had such great engagement at this year’s Summit. The guests appreciated the deep dive into topics that are relevant to the broad array of companies marketing to consumers in the U.S.”

At the Summit, speakers discussed the current regulatory and litigation climate and developing marketing trends, including investigative and enforcement priorities at the FTC, CFPB, FDA, FCC, DOJ, and NAD; real-time marketing; consumer-friendly disclosures; consumer and privacy class actions; cyber scandals and the EU-US Privacy Shield; cross device tracking; corporate social responsibility initiatives; and dealing with whistleblowers and internal complaints.

Details regarding the agendas and speaker line-ups are available here and here.

 

Kelley Drye’s Advertising and Marketing practice has a national reputation for excellence. No other firm can match our record in advertising litigation and National Advertising Division (NAD) proceedings, our substantive strength in the areas of advertising, promotions, privacy, and consumer protection law, and our experience at the Federal Trade Commission (FTC), the offices of state Attorneys General, and the broadcast networks. Follow the practice via our blog, Ad Law Access, and find pictures from the event on LinkedIn, Facebook or Twitter.

The Fountain of Youth May Not Be Stocked With Gin

A British hotel group recently introduced “Anti-aGin Gin,” a gin that “rejuvenates the skin while you drink.” The gin was Ginmarketed to people “who want to stay young but don’t want to give up alcohol.” The company advertised that the gin included “a host of age defying botanicals and, combining them with drinkable collagen, this is the alcoholic equivalent of a facial.​”

The advertiser intended the claims to be humorous. In fact, the label itself noted that the gin was “a tongue-in-cheek tribute to laughter lines and a lifetime of accumulated wisdom.” The NAD wasn’t laughing, though. They were concerned that consumers would take the claims literally and believe that the gin would deliver the advertised health benefits.

There are two key lessons in this decision. First, although a good gin is essential to a good martini, it’s not going to make you younger. Second, just because you intend an ad to be funny doesn’t mean that you don’t have to worry about what claims you convey.

Webinar and Live Program: Designing Notice and Consent for the Internet of Things

On June 14, 2016 2-3pm (ET) please join the NAI, Kelley Drye and Federal Trade Commission Chief Technologist Lorrie Faith Cranor in exploring effective notice and consent options as industry moves toward data collection and use across the Internet of Things.

Dr. Cranor will present a taxonomy of notice options based on her research, including various forms of visual, audio and haptic notices.  She will discuss the selection of effective notice and consent mechanisms suitable for a given system or device, particularly as companies are constrained by interfaces on mobile devices, wearables, and smart home devices. She will also describe ways to evaluate the effectiveness of a notice in the context in which it is used.

This event may be attended either live at the offices of Kelley Drye in Washington, D.C., or via webinar.

Please sign up for the live webinar here or RSVP to Noga Rosenthal at noga@networkadvertising.org if you plan to attend in person.

NAD Addresses Disclosures in Native Ads

When the FTC issued its guidance on native advertising last year, the Commission emphasized the importance of ensuring that consumers are able to distinguish ads from editorial content. If the line between the two gets blurred, companies may need to label ads as such. Where the label is placed can be critical, because the FTC believes that consumers should know that something is an ad before they interact with it. Last week, the NAD issued a decision that addresses the placement issue.

Joyus is an e-commerce platform for various lifestyle products including fashion, beauty, personal care, fitness, and home products. Many of these products are featured in the “Stuff We Love” section of People magazine, which appears in the Style Watch section of the magazine’s website. Consumers can read a description of each product and watch a video – which is jointly produced by Joyus and People – that advertises the product. If consumers like what they see, they can easily purchase the product on the same screen.

Joyus and People took various steps to separate the magazine’s editorial content from Joyus’ advertising content. For example, the product videos all include the Joyus logo in the upper-left corner of the video player’s frame. This logo – along with a discount offer – can be seen before the video is played, as well as during the entire time the video is played. Joyous argued that these labels clearly let consumers know that the videos were ads, rather than editorial content.

Joyus

Although the NAD agreed that the videos themselves were clearly labeled as ads, the NAD was concerned that the pages leading up to the videos were less clear. For example, the “Style” page link to “Stuff We Love” doesn’t disclose that the feature is a partnership with Joyus and promotes products for sales. As a result, the NAD opined that consumers could believe these pages represent selections by people’s editors, rather than paid ads. Thus, the NAD recommended that Joyus (in collaboration with People) revise the link so that it is clear that by clicking on the “Stuff We Love” link, a consumer will be taken to a list of items for sale by Joyus.

Although the FTC’s guidance on native ads is helpful, it’s often useful to see “real life” examples. We expect to see more of them from the NAD in the coming months.

LexBlog