Ad Law Access : Washington D.C. Advertising Lawyer & Attorney : Kelley Drye & Warren Law Firm : New York, Chicago, Connecticut, New Jersey, Brussels

Today the Federal Trade Commission (“FTC”) announced that Reebok International, Inc. has agreed to pay $25 million to settle charges that the company engaged in deceptive advertising for its EasyTone and RunTone toning shoes. The settlement prohibits Reebok from making certain claims about footwear and apparel that purports to improve or increase muscle tone, strength, or activation, unless the company has sufficient substantiation. The required substantiation will depend upon the type of claim. The $25 million will be used for equitable relief, including consumer redress.

Reebok marketed the toning shoes as having “micro instability” that tones and strengthens muscles as a consumer walks or runs. The FTC complaint states that beginning in 2009, Reebok made false claims that the toning shoes were proven to strengthen hamstrings and calves by up to 11 percent, and that they tone the buttocks up to 28 percent more than regular sneakers. The FTC alleged that the false claims constituted deceptive acts or practices and false advertising in violation of Sections 5(a) and 12 of the FTC Act.

The Reebok order tracks specific substantiation requirements articulated in recent FTC settlements involving health-related advertising. Under the order, Reebok must have at least one “adequate and well controlled human clinical study” to substantiate certain claims. Such a study is defined in the order as “a clinical study that is randomized, controlled, blinded to the maximum extent practicable, of at least six-weeks duration, uses an appropriate measurement tool or tools (e.g., a dynometer if measuring strength), and is conducted by persons qualified by training and experience to conduct and measure compliance with such a study.” Companies should consider the FTC’s standard for substantiating claims of improved fitness or health benefits when reviewing advertising for health-related products.

This post was written by Christie L. Grymes and Bridget M. Richardson.

• Email This
• Print
• Share Link

On September 21, 2011, FTC Bureau of Consumer Protection Director David Vladeck sent a letter to the court appointed consumer privacy ombudsman in the Borders Group, Inc. (Borders) bankruptcy proceeding advising against the sale of Border's customer information absent customer consent or significant restrictions on the transfer and use of the information. The letter was sent in response to a request from the ombudsman seeking a written description of the agency's concerns regarding the possible sale of the customer information, which includes purchase history and email addresses from over 20 million customers. According to the FTC's letter, the purchase history information dates back to May 2005, and includes merchandise purchased (e.g., books and videos), the location of the purchase (store, kiosk, or internet), Borders Rewards number, and, in some cases, credit card information.

As described in the letter, Border's 2006 and 2007 privacy policies stated that it would "only disclose your email address or other personal information to third parties if you expressly consent to such disclosure." (Emphasis in original). In addition, a revised policy from 2008 contained the same language restricting the sale or rental of personal information, but also included information describing circumstances under which Borders might disclose personal information, as follows:

• Email This
• Print
• Share Link

The previously bi-partisan approach to data security has fallen victim to the increasingly rigid and high pitched partisan divide on Capitol Hill. Yesterday, the Senate Judiciary Committee passed three data security/breach notice bills, Senator Leahy's S. 1151, Senator Feinstein's S. 1408, and Senator Blumenthal's S. 1535, on a party line vote. Similar versions of Senator Leahy's Personal Data Privacy and Security Act of 2011 have been passed through the Judiciary Committee with Republican support in the past. Yesterday, Republicans decried the bills as burdensome regulations that would kill jobs.

The Senate also faces jurisdictional divide that could derail the momentum for a national data security and breach notice law. The Senate Commerce Committee postponed its markup of S. 1207 this week but intends to reschedule soon. The Rockefeller/Pryor bill similarly seeks to implement a national standard for protecting consumer data and notification of breaches. And, it is not clear how Senate leadership will sort out moving the four similar data breach bills, which are likely to become part of a comprehensive cyber security bill that Majority Leader Reid is putting together in the Senate.

The House has seen equal partisan divide over Rep. Bono Mack's data security bill -- HR 2577 -- which moved through subcommittee before the summer recess on a partisan vote, but has since stalled. Like the Senate, similar data breach legislation has passed through committee with bipartisan support in the past, but the Bono Mack bill angered Democrats for its narrower approach to consumer protection. Consultation with Democrats and other groups will be ongoing before the bill can move to a full committee vote.

Even if the partisan arguments can be resolved, the process for getting a House and Senate bill on data security/breach legislation conferenced is unclear with the different approaches that each chamber are taking toward moving cyber security legislation. The House Republican leadership is in the process of developing a strategy for cyber security legislation but intend to pass individual bills through regular order rather than a comprehensive package that could be married with the Senate's large bill. Like most issues in Congress today, there are more questions than answers. We will be closely following these developments, and will post further updates if it appears there is traction on a break-through bill.

This post was written by Margaret E. Hardon and Alysa Z. Hutnik.

• Email This
• Print
• Share Link

Yesterday the New York Attorney General announced that Michaels Stores, Inc., has agreed to pay $1.8 million to settle charges that the company engaged in deceptive advertising by misleading consumers about the existence of sales and discounts. Michaels is a retailer of arts, crafts, and custom framing that regularly advertises sales. The company will pay $800,000 in a civil penalty, contribute $1 million in art and craft supplies to public schools, and modify its advertising practices.

The Attorney General’s office began tracking the company’s sales practices two years ago, collecting newspaper flyers, online flyers, in-store banners, and signs advertising custom framing. The state claims that Michaels advertised in at least one of these media every day for two years, advertising its custom framing as a sale product for at least 104 consecutive weeks. The ads stated that custom framing was either at least 50% off or a certain dollar amount off. The state alleges that the pricing constituted false advertising in violation of General Business Law sections 349 to 350-f, Consumer Protection from Deceptive Acts and Practices.

The Federal Trade Commission has not enforced the concepts underlying its Guides Against Deceptive Pricing in recent years and many practitioners (including two former FTC Chairmen) have questioned whether allegedly deceptive promotional prices actually harm consumers. Nonetheless, this settlement demonstrates that the states continue to enforce their general deceptive trade practices statutes against promotional pricing, even in the absence of a statute targeted at such acts. In light of such enforcement, companies should review existing promotional pricing practices.
 

• Email This
• Print
• Share Link

On September 15, 2011, the U.S. House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade held a hearing examining the European Union’s (EU’s) privacy and data collection regulations and their impact on U.S. companies and the Internet economy. The hearing – Internet Privacy: The Impact and Burden of EU Regulation – focused on the EU’s 1995 Privacy Directive and the burdens and benefits of the EU Privacy model as a means to inform the policy debate on potential U.S. privacy law.

In1995, the EU promulgated the Data Privacy Directive, requiring EU member countries to enact privacy laws that satisfy certain baseline privacy principles such as notice and consent, and protecting the flow of personal data from EU countries to non-EU counties that lack privacy protections. The Directive applies to EU affiliates of U.S. companies but was amended in 2000 to include a “safe harbor” provision for U.S. companies that voluntarily comply with data protection principles.

Rep. Bono-Mack opened the hearing noting that, while it is not clear that privacy legislation is warranted at this time, it is clear that industry is not doing enough to protect U.S. consumers’ privacy. At the same time, she indicated that the government needs to avoid regulatory overreach. The key, she noted, will be to balance innovation and privacy.

The first panelist, Nicole Lamb-Hale, Assistant Secretary for the Commerce Department’s International Trade Administration, opposed adopting the EU privacy model for the U.S., emphasizing instead a greater need for flexible baseline privacy principles adaptable to technological advances, harmonized with sector-by-sector regimes.

Representatives raised concerns for U.S.-based multinational corporations, noting inconsistent EU regulatory privacy regimes, fractured compliance with the EU Privacy Directive and inconsistent enforcement targeting a “seemingly” disproportionate number of U.S. companies. Representatives were also concerned about the costs the EU privacy regulation imposed on the Internet economy.

MIT Professor Catherine Tucker testified that her studies revealed that the “advertising performance” – a measure of the will of consumers to make purchases based on online ads –
decreased 65% after the EU privacy directive was implemented. On the other hand, Ohio State Law Professor Peter Swire, suggested that without privacy protections, U.S. companies risk facing protectionist policies and the loss of business when conducting international commerce as more countries adopt the EU privacy model.

The hearing is the second in a series of privacy hearings the Subcommittee plans to hold this fall and adds important international considerations to the growing privacy debate in Congress.

This post was written by Christopher S. Koves and Dana B. Rosenfeld.

• Email This
• Print
• Share Link

Late this week, the FTC issued its proposed amendments to the Children’s Online Privacy Protection Rule ("COPPA Rule"). The proposed revisions are intended to maintain privacy protections for children who increasingly participate in social networking and interactive gaming, or engage in online activities through a mobile device. The FTC seeks written comments to the proposed amendments, which are due by November 28, 2011.

Kelley Drye prepared an advisory that outlines the proposed revisions to the Rule and describes what the new requirements would mean for businesses that have an online presence with respect to obtaining parental notice and consent, what data they can collect from children, and corresponding safeguards and data minimization requirements, to avoid incurring civil penalties of up to $16,000 per violation.

• Email This
• Print
• Share Link

In 2007, several companies offered text-to-win sweepstakes in conjunction with the American Idol, The Apprentice, Deal or No Deal, and 1 vs. 100 television shows. Soon thereafter, plaintiffs filed class action lawsuits arguing that the sweepstakes violated gambling laws in Georgia and lottery laws in California. The Georgia case was decided favorably in 2008, when the Georgia Supreme Court determined that the sweepstakes did not constitute gambling. The California case had been pending until the parties announced a settlement last week.

Although the defendants deny that the sweepstakes were unlawful, they agreed to settle the cases. As part of the settlement, the defendants agreed to refund all premium text messages fees paid by members of the class, to pay more than $5 million in fees and costs, and to consent to a five-year injunction barring them from offering any sweepstakes in which people who enter by paying premium text message charges do not receive something of comparable value to charges in addition to the entry.

Because the case settled, we don’t have a definitive court ruling that examines whether or not the sweepstakes were lawful. Nevertheless, the lawsuit and settlement highlight that there are a number of risks associated with text-to-win sweepstakes. To reduce the risks of challenge, companies that offer text-to-win sweepstakes with premium fees should consult with their legal teams early in the planning process. At a minimum, each sweepstakes should include a free method of entry and consumers who pay premium fees should get something of value for those fees.
 

• Email This
• Print
• Share Link

Between January 2006 and June 2011, the National Advertising Division (NAD) of the Better Business Bureaus found that 71 percent of the consumer perception surveys introduced by parties to an NAD proceeding were unreliable and, therefore, had little or no impact on the final outcome of case. The NAD's standards for a well-executed survey are exacting, yet the NAD does not use a set formula to evaluate consumer perception evidence and may find that a survey is either reliable or fatally flawed based upon the survey design, survey questions, and the statistical significance of the survey results. Given the time and resources required to conduct a credible survey, parties to an NAD proceeding should carefully consider the factors that influence the NAD's analysis of survey evidence.

A new article in Privacy & Consumer Protection Law360, "Not All Surveys Are Created Equal," discusses the primary reasons why the NAD discounts the large majority of consumer perception surveys introduced during challenges, describes the framework by which the NAD analyzes survey evidence, and outlines the survey design characteristics that have the greatest influence on generating a reliable survey.

• Email This
• Print
• Share Link

On August 31, 2011, California amended its consumer data breach notification statute (Cal. Civ. Code §§ 1798.29 & 1798.82) to require that an entity, following a breach of its electronic data, provide certain information in its notice to affected consumers. Under the current law, entities subject to a data breach must provide written or electronic notice of the breach to affected consumers; however, the law does not require that the notice include specific information. Senate Bill 24, which goes into effect on January 1, 2012, requires that any agency, person, or business provide consumers with a plain-language notice that includes:

• The entity’s name and contact information;
• A general description of the breach, and the type of personal information that was subject to the breach;
• The date of the breach or, if this information is unknown, an approximation of when the breach occurred;
• Whether notification of the breach was delayed as a result of a law enforcement investigation; and
• Contact information for the major credit reporting agencies.

Under the amended law, an entity that is the subject of a data breach affecting more than 500 California consumers also must forward an electronic copy of the consumer notification to the California Attorney General. Moreover, the revised law advocates, but does not require, that an entity provide (1) information on the efforts it has taken to protect affected consumers; and (2) recommendations on how consumers can protect themselves.

Notably, these changes to California’s data breach notification statute follow a recent flurry of proposed federal legislation—including H.R. 1707, H.R. 1841, H.R. 2577, S. 1151, S. 1207, and S.1408—calling for a nationwide data breach notification requirement.
 

This post was written by Alysa Z. Hutnik and Matthew P. Sullivan.
 

• Email This
• Print
• Share Link