Fourth Circuit Clarifies Scope of Federal Preemption for Requirements Governing Medical Devices
MMA Releases Final Privacy Policy Guidelines for Mobile Apps
The way companies collect information through mobile apps has been the focus of several FTC actions, Congressional hearings, proposed legislation, and at least a dozen class action lawsuits. In response to the confusion over how app developers should deal with privacy issues, the Mobile Marketing Association recently released its Final Privacy Policy Guidelines for Mobile Apps.
The proposed policy addresses several key areas, including: (a) what information is collected, and how it’s used; (b) whether the app collects location-based information; (c) whether third parties have access to any information; (d) whether consumers can opt-out of information collection or sharing; (e) how long information is retained; and (f) how that information is safeguarded. The MMA notes that additional provisions will be required if an app is directed to children under 13.
The MMA states that the guidance is intended to provide a starting point for companies that develop apps, but that it should not be considered an ending point. For more helpful advice, read about 5 Privacy Tips for Location-Based Services.
Supreme Court Unanimously Holds California Law Prohibiting Sale, Processing or Holding of Nonambulatory Pigs Expressly Preempted under the Federal Meat Inspection Act
In a unanimous opinion published on January 23, 2012, the Supreme Court reversed the Ninth Circuit Court of Appeals and held that a California law prohibiting the sale, processing or holding of a nonambulatory animal was expressly preempted by the Federal Meat Inspection Act (FMIA).
The case, National Meat Association v. Harris, dealt with Section 599f of the California Penal Code, which was enacted in 2008 in response to an undercover video released by the Humane Society showing workers in California kicking and electroshocking sick and disabled cows in an attempt to move the cows. The law makes it a crime for any slaughterhouse to “buy, sell or receive a nonambulatory animal,” or to “process, butcher or sell meat or products of nonambulatory animals for human consumption,” or “hold a nonambulatory animal without taking immediate action to humanely euthanize the animal.”
The National Meat Association (NMA) sued to enjoin enforcement of the law as applied to swine slaughterhouses and argued that the FMIA’s broad express preemption provision prohibited California from enacting distinct requirements for the handling of nonambulatory pigs. The FMIA and implementing regulations enacted by the Department of Agriculture’s Food Safety and Inspection Service (FSIS) broadly regulate slaughterhouses to promote meat safety and humane treatment. With respect to the treatment of nonambulatory pigs, FSIS regulations permit slaughterhouses to hold and eventually sell nonambulatory animals, subject to a “post-mortem” examination.
Continue Reading...5 Privacy Tips for Location-Based Services
The year 2012 is certain to reflect U.S. consumers’ continued love affair with sophisticated smartphones and tablets. One of the driving forces in the popularity of these devices is their ability to run mobile apps using wireless location-based services (LBS). Among other benefits, LBS allow access to real-time and historical location information online – whether to facilitate a social interaction or event, play games, house-hunt or engage in many other activities.
However, with these benefits also come privacy risks. And it is not uncommon for some popular LBS-enabled tools to lack clear disclosure about personal information collection, how that data is used, and the process for consumer consent.
Our article posted recently on Mashable, "5 Privacy Tips for Location-Based Services," discusses several privacy "do's and don'ts" for designing mobile apps.
For a more in-depth discussion of these issues, plus other privacy law trends, join us on February 16 for Kelley Drye’s seminar and teleconference, “Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends.”
Join us Feb. 16 for "Privacy in 2012" Seminar and Teleconference
Changes to privacy regulations, such as proposed revisions to the Children's Online Privacy Protection Act (COPPA), and continuously evolving technologies, including mobile apps with location-based services, can make it difficult for businesses to ensure their privacy practices are up to par.
On February 16, Kelley Drye will gather government leaders from the FTC and FCC, and thought leaders in the industry, for a discussion about new regulations, enforcement trends, and best practices to avoid consumer privacy risks. Please join us for "Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends."
Email dcevents@kelleydrye.com to register for the live seminar or teleconference.
KEYNOTE SPEAKER
Peter Swire, Professor of Law, Ohio State University; former Clinton Administration Chief Counselor for Privacy, U.S. Office of Management and Budget
PANEL 1: COPING WITH COPPA: CHILDREN'S PRIVACY AND PROPOSED REVISIONS TO THE COPPA RULE
Ellen Blackler, Vice President - Global Public Policy, The Walt Disney Company
Mamie Kresses, Senior Attorney, Division of Advertising Practices, Federal Trade Commission
Saira Nayak, Director of Policy, TRUSTe
Moderated by partners Dana Rosenfeld and Alysa Hutnik of Kelley Drye & Warren LLP
PANEL 2: MOBILE APPS: A PRIVACY AND CONSUMER PROTECTION HOT SPOT
Michael Altschul, Senior Vice President and General Counsel, CTIA
Jessica Rich, Associate Director, Division of Financial Practices, Federal Trade Commission
Jennifer Tatel, Associate General Counsel, Federal Communications Commission (invited)
Moderated by partners John Heitmann and Gonzalo Mon of Kelley Drye & Warren LLP
When:
February 16, 2012, 2:30 PM - 5:30 PM EST
Location:
Kelley Drye & Warren LLP
3050 K Street, NW, Suite 400
Washington, DC 20007-5108
And via audio webcast
RSVP:
Email dcevents@kelleydrye.com or contact Cassidy Russell at 202.342.8400.
This seminar is free of charge, but space is limited. Reserve your place today.
CLE and CPE credit may be available in certain jurisdictions.
HP Agrees to Pay $425,000 CPSC Penalty
Yesterday the Consumer Product Safety Commission ("CPSC") announced that Hewlett-Packard Company has agreed to pay a $425,000 civil penalty to settle allegations that the company failed to report safety issues with its lithium-ion battery pack to the CPSC in a timely manner.
Section 15(b) of the Consumer Product Safety Act requires companies to report immediately to the CPSC if they have information that a product could create a "substantial product hazard" or create an unreasonable risk of serious injury or death. The CPSC alleges that HP was aware of incidents of overheating, two of which allegedly involved injuries to consumers, 10 months before reporting to the CPSC. HP and CPSC recalled around 32,000 battery packs in October 2008.
According to a statement released by CPSC Chairman Inez Tenenbaum, the settlement with HP was negotiated under the pre-CPSIA enforcement scheme, which had much lower statutory limits on civil penalties. However, Tenenbaum indicated an expectation that the Commission’s future enforcement actions will “include civil penalty amounts that maximize the likelihood of deterring violations.”
Also yesterday, the Obama Administration announced the nomination of Marietta Robinson for CPSC Commissioner. Ms. Robinson is a trial attorney with 33 years experience and former trustee of the Dalkon Shield Trust.
USDA Publishes Two Proposed Rules Regarding Ingredients in Organic Food Products
Today the United States Department of Agriculture's (USDA) Agricultural Marketing Service (AMS) published two proposed regulations that will affect companies that produce and market organic food products. One proposed rule would clarify which vitamins and minerals are permitted for use in organic food and infant formula, while the other proposed rule would renew the status of a number of substances as allowed or prohibited for use in organic food products.
Specifically, the USDA's proposed rule regarding vitamins and minerals would prohibit the use of vitamins and minerals in products labeled as "organic" unless the vitamin or mineral has been classified as essential by the Food and Drug Administration (FDA) or is otherwise listed on the USDA's National List of Allowed and Prohibited Substances (National List) for organic products. The National List dictates which non-organic ingredients and processing aids may be used in the processing and handling of organic food products. The proposed rule for vitamins and minerals covers organic food products, as well as organic infant formula, and allows synthetic forms of vitamins and minerals to be used in these products so long as the vitamin or mineral is identified as essential by FDA regulations.
The USDA's second proposed rule would renew regulations regarding whether certain substances are permitted for use in organic food production. Under the Organic Foods Production Act of 1990, the National Organic Standards Board (NOSB), an independent board of organic industry stakeholders, must review a substance's status every five years to ensure that the National List reflects current conditions and information related to organic food. Based on the NOSB's recommendations, the USDA is renewing the listing for over 200 allowed or prohibited substances. The rule also would clarify or restrict the allowances for several substances currently permitted in organic products, such as chlorine materials, lignin sulfonate, sulfur dioxide, and yeast.
Comments regarding the USDA's proposed rule for vitamins and minerals are due by March 12, 2012, while comments regarding substances subject to the USDA's second proposed rule are due by February 13, 2012.
Privacy Point of Sale Alert: Massachusetts District Court Finds that Zip Codes Are PII
In June 2011, we wrote about a class action lawsuit filed against Michael Stores, Inc. (“Michaels”), accusing the arts and crafts retailer of violating a Massachusetts consumer protection statute when it collects and records zip codes during consumer credit card transactions. Last week, a Massachusetts District Court granted Michaels’ motion to dismiss the lawsuit after finding that the plaintiff failed to show cognizable injury. Nevertheless, the Court sent a clear message to businesses that collect customer information at the sales register by concluding that zip codes are personally identifiable information (“PII”) and Michaels may have violated the state statute when it requested plaintiff’s zip code during the sales transaction.
In Tyler v. Michael Stores, Inc., the plaintiff made a purchase at a Michael’s store with her credit card and, during the sales process, the cashier requested the plaintiff’s zip code. The plaintiff provided her zip code to the cashier allegedly based on the belief that it was necessary to complete the transaction. According to the plaintiff, Michaels then combined her zip code with other information to obtain her home mailing address, and began sending unwanted marketing materials. The plaintiff argued that the collection and recording of zip codes during a credit card transaction violates Mass. Gen. Laws ch. 93 § 105, under which a business cannot “write, cause to be written or require that a credit card holder write [PII], not required by the credit card issuer, on the credit card transaction form.”
Continue Reading...2012 Signals Continued FTC Privacy Scrutiny: Web Browser Toolbar Triggers Enforcement Action
On January 5, 2012, the FTC announced a settlement with Upromise, Inc., a membership service intended to help consumers save money for college, over charges that the company misled users about the extent to which it collected and transmitted their personal information through a “Personalized Offers” feature on a web browser toolbar, and then failed to adequately secure the user information that it collected. The FTC claimed that Upromise’s alleged actions were unfair and deceptive and violated the FTC Act.
FTC’s Complaint Allegations: Upromise provides a membership service that allows users to contribute to a college savings account by collecting rebates that are acquired when users purchase goods and services from Upromise partner merchants. Upromise offered users a downloadable web browser toolbar that highlighted Upromise’s partner merchants appearing in a user’s search results, thereby allowing users to more easily identify merchants that provide the college-savings rebates.
According to the FTC Complaint, when users enabled the “Personalized Offers” feature, the toolbar collected and transmitted the names of the websites visited by users and the links that were clicked on by users, as well as information that users entered into websites, including search terms, user names and passwords, and financial transaction information. The Commission also alleged that users who downloaded the toolbar were led to believe that any personal information collected would be removed before it was transmitted, and that Upromise had implemented adequate security safeguards to protect the personal information transmitted.
Settlement Provisions: In resolving these allegations, the FTC settlement bars Upromise from using its web browser toolbar to collect users’ personal information without clearly disclosing the extent of its data collection practices. Per the settlement, this disclosure must be made before consumers’ installation of the web browser tool, and appear separately from any “end user license agreement,” “privacy policy,” “terms of use” page, or similar document.
Upromise also must destroy any personal information previously collected through the “Personalized Offers” feature, obtain consumers’ consent before installing or re-enabling its toolbar products, and notify users how to uninstall the toolbars currently residing on their computers. The settlement further bars Upromise from making material misrepresentations about the extent to which the company maintains the privacy and security of consumers’ personal information, and requires the company to establish a comprehensive information security program that includes biennial independent security audits for the next 20 years. Going forward, a violation of the settlement could expose the company to up to $16,000 per violation.
What This Settlement Signals: The settlement with Upromise underscores that, in 2012, the FTC will continue to hold companies accountable for providing clear and conspicuous disclosures about the extent to which online-based products and services actively and passively collect personal information, whether companies are obtaining affirmative consent from consumers for such data collection, and appropriately securing the personal data in their control. It will be a busy year.
This post was written by Alysa Z. Hutnik and Matthew Sullivan.
The "Prior Substantiation" Doctrine: An Important Check On the Piggyback Class Action
A disturbing trend has emerged in false advertising litigation: plaintiffs are filing class action complaints that are virtually identical to or rely heavily on FTC complaints or FDA warning letters. Those complaints allege that certain advertising claims are false, deceptive, and/or misleading because the defendants do not possess “prior substantiation” for the claims, i.e., the advertisers do not have a reasonable basis for making the challenged claims in the first instance.
Recently, however, both federal and state courts have dismissed cases that do little more than echo FTC complaints or FDA warning letters, and have simply alleged that the defendants lacked substantiation for the challenged advertising claims, on grounds that those allegations fail to state a claim. More specifically, courts have explained that the allegations in those cases impermissibly attempt to shift the plaintiffs’ burden of proving falsity onto the defendants to show that the challenged claims, in fact, are substantiated.
A new article authored by Dana Rosenfeld and Dan Blynn that appears in the ABA’s Antitrust magazine, “The ‘Prior Substantiation’ Doctrine: An Important Check On the Piggyback Class Action,” discusses the “prior substantiation” defense to class-action lawsuits, which attempt to piggyback off of FTC pleadings and FDA warning letters.
Cordray Gets Recess Appointment to Head CFPB
President Obama has made a recess appointment of Richard Cordray to head the Consumer Financial Protection Bureau ("CFPB"). The President had nominated Cordray as the Director in July, but Senate Republicans blocked Cordray's confirmation last month. Yesterday's recess appointment circumventing Senate approval has already triggered criticism from Republicans, who have claimed that the President "arrogantly circumvented the American people" and called the appointment an "extraordinary and entirely unprecedented power grab."
See the post on our sister site, the Consumer Finance Law Blog, for a bit more detail.
