Ad Law Access : Washington D.C. Advertising Lawyer & Attorney : Kelley Drye & Warren Law Firm : New York, Chicago, Connecticut, New Jersey, Brussels

A few days ago, a Kansas state court entered a default judgment against Bullseye Target Marketing, a Missouri telemarketing company that solicited roofing business in Kansas, in an action brought by the Kansas Attorney General alleging violations of the Kansas No-Call Act (the state analogue to the federal Telemarketing Sales Rule). The court ordered the company to pay $600,000 in penalties. The action was filed after the Attorney General received complaints from Kansas consumers that they received unsolicited calls offering to schedule roof inspections in areas that had experienced storm damage, despite their numbers being registered on the state do-not-call list. The Kansas No-Call Act generally prohibits businesses from placing telemarketing calls to consumers registered on the state do-not-call list.

This Attorney General action should serve as a reminder that do-not-call compliance is not only being monitored and enforced by the Federal Trade Commission, but states, too, are active in the area.

• Email This
• Print
• Share Link

Today, the Federal Trade Commission (“FTC”) announced that it sent letters to 10 data brokers warning them that their practices may be subject to the Fair Credit Reporting Act (“FCRA”).  A sample letter is available here.  Among other things, the FCRA governs the sale and use of consumer information which may be used to make decisions about consumers’ creditworthiness, eligibility for insurance, or suitability for employment.

As part of  a global privacy sweep conducted by the Global Privacy Enforcement Network (“GPEN”), the FTC conducted test-shopping with 45 data brokers.  Based on the sweep, 10 data brokers indicated a willingness to sell consumer information in a manner that may violate the FCRA.

As we’ve previously noted here and here, the FTC continues to use its authority under FCRA through enforcement actions—which include civil penalties—and warning letters.  Last month, the FTC warned 6 websites that their sharing of consumers’ rental history information with landlords may be subject to the FCRA.

While the warning letters are not a formal complaint alleging FCRA violations, they are an important reminder for all companies that sell consumer information to closely examine whether these practices fall under the FCRA and, if so, to ensure proper compliance.

• Email This
• Print
• Share Link

On Monday, the FTC released a Staff Report on the Mail or Telephone Order Merchandise Rule recommending that the Commission adopt the amendments in the Notice of Proposed Rulemaking issued on September 30, 2011.  The Staff specifically recommended the following four amendments to the Rule:

1. Require sellers to process third-party credit card refunds within 7 business days after the buyer’s right to the refund vests.
2. Clarify the refund obligations for orders placed using non-enumerated payment methods (e.g., debit cards) by: (1) setting shipment and notification requirements for non-enumerated payments; and (2) requiring sellers to make prompt refunds for non-enumerated payments by either reversing the payment or sending, cash, check, or money order within 7 business days.
3. Permit refunds and refund notices by any means at least as fast and reliable as first class mail.
4. Clarify that the Rule covers all Internet merchandise, regardless of Internet access method.

The proposed amendments address some of the outdated issues with the Rule, namely its express references to certain types of technology (e.g., “telephone Internet access”) and payment methods.  The Staff notes that the proposed amendments respond to concerns that imposing specific refund requirements for enumerated payment methods like credit cards and non-enumerated payment methods like debit cards place an undue burden on sellers by harmonizing these obligations across payment methods and with Regulation Z.  Additionally, the amendments provide flexibility to sellers when refund by the original payment method is not possible, or when refund by cash, check, or money order is cheaper.

The Report will remain open for public comment until July 15, 2013.  Companies offering products online or by mail should continue to watch these developments.

Associate Katherine E. Riley contributed to this post.  Ms. Riley is admitted only in Massachusetts.  She is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

• Email This
• Print
• Share Link

The use of mobile apps for health purposes has created new questions for users, developers, and regulators regarding the balance between convenience, expanded health care, and public safety. The line between apps that are useful tools for accessing health information and those that are considered medical devices can be unclear but is very important for developers and marketers of these products.

On April 24, 2013, associate Kristi L. Wolff will present a Thompson Interactive webinar, “There's an App for That: Regulating Mobile Medical Devices” regarding these issues. Ms. Wolff will discuss the regulatory status surrounding health-related and medical device mobile applications, or MMAs. The presentation will cover topics including FTC’s enforcement and recent statements regarding health-related mobile applications, design considerations key to application development, such as privacy, and FDA’s position regarding MMAs as explained in the draft guidance, the recent Congressional hearings on the issue. Participants will also have the chance to ask questions during the live Q&A portion of the webinar.

To register, please click here.

• Email This
• Print
• Share Link

As we've posted before, if a company provides incentives to a consumer in order to encourage the consumer to promote the company’s products, the consumer is required to disclose those incentives. It’s not just the consumer’s problem, though. The FTC has stated that a company can be held liable for a consumer’s failure to make the disclosure. Fortunately, though, there are easy steps a company can take to protect itself in case consumers don’t comply.

The FTC recently investigated a promotion conducted by Nordstrom to promote the opening of a new store. Nordstrom provided social influencers with gifts and failed to tell the influencers that when they wrote about the event, they should disclose they had received gifts. After reviewing the promotion, however, the FTC decided not to pursue the case for a few reasons. First, the FTC noted that several influencers who posted content did disclose that they had received the gifts. And, second, Nordstrom revised its social media policy to address the FTC’s concerns.

This case serves as a reminder that companies who engage in social media should have a policy that provides endorsers with guidelines about what they can, can’t, and must do. It’s not just enough to have the policy in place, however. Companies must also monitor to ensure endorsers comply with the policy, and take action against those who don’t.  

• Email This
• Print
• Share Link

On Tuesday, the Federal Trade Commission announced final revisions to the guidance it gives to advertisers on how to keep endorsement, testimonial, and other digital ads in compliance with the FTC Act, ".com Disclosures, How to Make Effective Disclosures in Digital Advertising." The Revised Guide expands on the initial version released in 2000 by providing important insight into how advertisers should address the likelihood that different mediums may be used to view the same ad, and the increasing prevalence of space-constrained ads such as banner ads and tweets.

For instance, the Revised Guide explains that advertisers must account for the anticipated use of smartphones and tablets by either creating a mobile-optimized version that the ad will default to or designing the ad such that disclosures are clear and conspicuous regardless of how they are viewed. Additionally, the Revised Guide sets forth new considerations for advertisers using space-constrained ads, including the capacity to use short form disclosures such as “Ad:” and the possibility of republication by consumers.

For more information, see the Kelley Drye client advisory.
 

• Email This
• Print
• Share Link

As announced yesterday, President Obama plans to name Edith Ramirez, a Democrat and current Federal Trade Commission (“FTC”) Commissioner, to serve as Chairman of the FTC, effective March 4, 2013. This appointment indicates continuity with the Consumer Protection and Competition policies the Commission followed under her predecessor, Jon Leibowitz. While Commissioner, she has voted, almost without exception, with the majority of her colleagues. When she takes over as Chairman on Monday, no confirmation hearings will be necessary because she is a sitting Commissioner who previously received Senate approval.

Click here for an overview of her history regarding consumer protection and competition policy and what we might expect from her tenure.

 

• Email This
• Print
• Share Link

News media outlets are reporting that President Obama will name Edith Ramirez as Chairwoman at the Federal Trade Commission.  Ramirez, a Democrat who joined the FTC as a Commissioner in 2010 after working in private practice, will replace Commission Chairman Jon Leibowitz, who announced his departure last month.  

Please continue to visit AdLaw Access or visit the Kelley Drye website, as we will provide more detailed information about this appointment in an upcoming client advisory.

• Email This
• Print
• Share Link

Consistent with the FTC’s laser focus on mobile privacy, the Commission today announced its latest privacy law enforcement action – this time against a mobile device manufacturer. Today’s announcement, with HTC America, involves the FTC’s charges that the device manufacturer did not sufficiently secure the software that it developed for its smartphones and tablet computers, and did not accurately describe its data handling practices to device users. The FTC’s allegations underscore the Commission’s view that companies are required under Section 5 of the FTC Act to (1) implement a number of specific privacy-by-design steps to products capable of collecting, accessing, and transmitting personal information, and (2) carefully confirm that any representations they make about a product and how personal information is handled – including statements in a product’s user guide and representations made on the interface of a software application – remain consistent with the product’s capabilities.

The case is a good example of how quickly and aggressively privacy law and enforcement are evolving, and how important it is to be cognizant of such legal trends and how they affect a company’s privacy responsibilities in product design and development. The failure to incorporate such considerations from “the ground up” and as part of a company’s culture, training, and oversight – as evidenced by the FTC’s steady enforcement on such issues – can, as evidenced by this action and others, lead to 20-year regulatory consent orders and/or expensive litigation.

This Kelley Drye client advisory outlines the FTC’s most recent “privacy by design” law enforcement action, and identifies several practical tips to keep in mind for companies that design and market products capable of collecting, storing, or disclosing personal information.

• Email This
• Print
• Share Link

On February 27, I will be speaking at the Strata Conference – Making Data Work, in Santa Clara, Calif. My presentation will outline best practices and learning lessons to describe how companies, no matter where they reside in the online ecosystem, can avoid big privacy “don’ts” when collecting, storing, or sharing consumers’ personal data. I’ll describe key privacy-related developments led by state and federal regulators and break down how these events are likely to inform consumer privacy activities with respect to big data for the remainder of 2013.

For a preview of the session, read my post on the Strata blog, “Privacy in the Online Ecosystem: Obligations and Best Practices Are Evolving.”

• Email This
• Print
• Share Link

A federal court has ordered Edward Sumpolec, a home insulation marketer d/b/a ThermalKool, ThermalCool, and Energy Conservation Specialists, to pay a $350,000 civil penalty for making deceptive and unsubstantiated claims about his products’ insulation capabilities. The $350,000 figure is the largest civil penalty awarded in a home insulation case and, on the Federal Trade Commission’s behalf, the U.S. Department of Justice won the order on the merits of the case without a trial.  The case is especially notable because the court held Sumpolec individually liable and provided some insight for the calculation of civil penalty amounts, stating: 

The amount of $350,000 is reasonable in light of the Defendant’s misconduct. It amounts to less than a $500.00 per day penalty. Additionally, evidence before the Court indicates that Defendant has assets valued in excess of $350,000. 

In addition to imposing a $350,000 civil penalty against Sumpolec, the court order permanently prohibits him from (a) making a claim about a product’s insulation value or energy savings unless it is true, not misleading, and based on competent and reliable scientific evidence, (b) failing to rely on proper tests and substantiation to support certain specific insulation claims, and (c) failing to make other necessary disclosures in marketing for insulation products.

Similar to POM Wonderful LLC, this action indicates the FTC’s intent to pursue individual liability for company officers believed to play an integral role in the development of false or misleading marketing campaigns.

• Email This
• Print
• Share Link

The Federal Trade Commission recently announced a new enforcement policy statement regarding the requirements for a guaranty under the Textile, Wool, and Fur Acts (“the Acts”). The Acts permit sellers of those products to obtain a guaranty from the product manufacturer that states that the product is not mislabeled or falsely or deceptively advertised. The Acts require that the party providing the guaranty must reside in the United States, a requirement put in place before overseas manufacturing was the norm for textile, wool and fur products.

The enforcement policy statement attempts to address this gap between the law and modern retailing reality by creating a defense for retailers who rely on vendor representations regarding product content, but are unable to obtain a valid guaranty because the vendor is overseas. In such cases, the Commission will not initiate enforcement where the retailer relied on the overseas vendor in good faith and did not embellish or misrepresent the vendor’s claims. Where the retailer is the manufacturer, however, as is the case with private label production, the Commission will still hold the retailer accountable to ensure that the items are properly labeled and advertised.

This change in enforcement policy is important for manufacturers and retailers. Manufacturers should be sure that their textile, wool, and fur products are properly labeled because retailers may increase their reliance on these statements. Retailers should examine their guaranty practices as well as their copy creation processes to determine whether advertising copy matches vendor-provided information to be prepared to take advantage of the “vendor defense” if needed in the future.

This post was written by Kristi Wolff and Christie Grymes Thompson.

• Email This
• Print
• Share Link

On January 16, 2013, the Federal Trade Commission (“Commission”) issued an Opinion In the matter of POM Wonderful LLC upholding in part and overruling in part Chief Administrative Law Judge D. Michael Chappell’s May 2012 initial decision regarding advertising claims for POM Wonderful (“POM”) products. In pertinent part the Commission opinion, issued by Commissioner Maureen Ohlhausen, ruled the following:

• Thirty-nine of POM’s 43 ads made efficacy claims and were false and misleading;
• Two well-designed, well-conducted, double-blind, randomized controlled clinical trials (RCTs) are required to substantiate claims that a food can treat, prevent or reduce the risk of “serious diseases;”
• The proposed order does not violate POM’s 1st or 5th amendment rights;
• The past COO and President of POM Wonderful who, at the time of his employment, was responsible for the operations of the marketing team, “both participated directly in and had the authority to control the acts or practices at issue,” and thus should be held individually liable and subjected to a Final Order along with Steward and Lynda Resnick; and
• FDA-preapproval is not warranted as part of the remedy in the POM action.

The Commission also agreed with the ALJ’s conclusion that the Respondent’s actions were serious and deliberate. Two concurring statements were included: a statement by Commissioner Ohlhausen (rejecting the two RCT standard and concluding that extrinsic evidence should have been used to determine whether some of POM’s ads made implied disease claims) and a statement by Commissioner J. Thomas Rosch (agreeing with the majority opinion but noting that “having served as a Commissioner for seven years and having been a trial lawyer for nearly 40 years before… [he is] somewhat skeptical of relying so heavily on the opinions of experts who are paid by both Complaint Counsel and Respondents”).

The Commission ruling provides helpful insight into the Commission’s position regarding health-benefit claims and the level of substantiation required to make claims that a food or beverage product treats, mitigates or prevents a “serious disease.” The decision also reflects the Commission’s intent to pursue individual liability for company officers believed to play an integral role in the development of health-benefit related marketing campaigns.
 

More information regarding the ruling and related proceedings can be found here.

• Email This
• Print
• Share Link

Yesterday, the Senate unanimously confirmed Joshua D. Wright to replace J. Thomas Rosch as a Republican commissioner of the Federal Trade Commission (FTC). According to various sources, Wright is widely regarded as the top antitrust scholar of his generation. He is the author of more than 50 scholarly articles and book chapters and co-editor of three books on topics ranging from Competition Policy and Intellectual Property Law to the Intellectual History of Law and Economics. He will be only the fourth economist to serve as FTC Commissioner and the first to hold both a JD and PhD. Click here for more information on Wright’s credentials.

Wright faced tough questioning from Democrats at his confirmation hearing last month, which is available via webcast here. The inquiry stemmed from Wright’s industry-funded academic writings that were critical of the FTC and the Consumer Financial Protection Bureau. Committee members also expressed concern that Wright’s academic research was funded in part by Google, and Wright pledged at the hearing to recuse himself from FTC cases involving Google for two years to avoid any perceived conflict of interest.

Wright leaves his tenure as law professor at the George Mason University School of Law for a seven-year term with the FTC.

• Email This
• Print
• Share Link

As we've noted in previous posts, if a company provides incentives to a consumer in order to encourage the consumer to promote the company's products, the consumer is required to disclose those incentives. It's not just the consumer's problem, though. The FTC has stated that a company can be held liable for a consumer's failure to make the disclosure. Fortunately, though, there are easy steps that a company can take to protect itself in case consumers don’t comply.

The FTC recently investigated a promotion conducted by Nordstrom to promote the opening of a new store. Nordstrom provided social influencers with gifts and failed to tell the influencers that when they wrote about the event, they should disclose they had received gifts. After reviewing the promotion, however, the FTC decided not to pursue the case for a few reasons. First, the FTC noted that several influencers who posted content did disclose that they had received the gifts. And, second, Nordstrom revised its social media policy to address the FTC’s concerns.

This case serves as a reminder that companies who engage in social media should have a policy that provides endorsers with guidelines about what they can, can’t, and must do. It’s not just enough to have the policy in place, however. Companies must also monitor to ensure endorsers comply with the policy, and take action against those who don’t.

• Email This
• Print
• Share Link

In an interview with Catherine Dunn of Corporate Counsel, I discussed some of the patterns and principles found in FTC closing letters and how in-house counsel can benefit from understanding these trends should they find their companies the subject of a regulatory investigation.

If a company receives an access letter from the FTC, the goal is to get the matter closed. This article outlines important strategies to achieve that objective in light of patterns gleaned from recent closings. The FTC staff may be persuaded that no violation of law has occurred when companies have shown substantial compliance with consumer protection laws, inadvertent error, or discontinued use of an unsubstantiated advertising claim.

For more on this, see the article, “Reading Between the Lines of an FTC Closing Letter.”

• Email This
• Print
• Share Link

On December 10, the FTC issued the staff report, “Mobile Apps for Kids: Disclosures Still Not Making the Grade.” The report describes the results of a recent survey by FTC staff that examined the privacy disclosures and practices associated with 400 mobile apps targeted to children. The report follows up on a similar FTC staff report issued in February 2012, which noted that, based on an initial survey of child-focused apps, very few mobile app developers or app stores provide privacy policies, disclosures, or other information that enable parents to determine what data is collected from their children and how that information is used or shared with third parties.

According to the Commission, the latest staff survey reveals that “little or no progress has been made” by the mobile app industry on increasing transparency in the mobile marketplace during the past year. In response, the Commission is urging app developers and app store operators to implement privacy best practices, such as those outlined in the FTC’s March 2012 privacy report. In addition, the report notes that FTC staff has launched multiple non-public investigations to determine whether certain entities in the mobile app ecosystem are violating the Children’s Online Privacy Protection Act (“COPPA”) or engaging in unfair or deceptive practices in violation of Section 5 of the FTC Act.

This Kelley Drye client advisory summarizes key results from the survey and provides recommendations for stakeholders in the mobile app ecosystem in light of the report.

• Email This
• Print
• Share Link

Last week, the FTC hosted the public workshop, “The Big Picture – Comprehensive Online Data Collection,” which focused on the privacy concerns relating to the comprehensive collection of consumer online data by Internet service providers, operating systems, browsers, search engines, and social media. The workshop, which fulfilled an action item contained in the FTC’s March 2012 final privacy report, featured a series of panels with representatives from government, academia, consumer groups, privacy professionals, and the technology industry who discussed the risks and benefits, consumer awareness and perceptions, and the future of online data collection.

According to the Commission, the purpose of the workshop was to identify differences in how existing online technologies collect consumer data, and determine whether these differences should have any bearing on current privacy policy discussions. The FTC and other stakeholders will use the information obtained during the workshop to assess whether certain technologies, such as deep packet inspection (“DPI”), warrant heightened restrictions or enhanced consumer consent requirements.

The topic and timing of the workshop provide clear indicators that consumer online privacy will remain an important area of focus for the Commission in 2013, both in terms of enforcement and potential policy initiatives. Please see the Kelley Drye client advisory for a summary of the key topics discussed during the workshop.

• Email This
• Print
• Share Link

Mobile marketing, sweepstakes and services, including location-based services, are governed by an alphabet soup of statutes and regulations: TCPA, COPPA, CAN-SPAM, CPNI, etc. To complicate compliance even further, numerous class action lawsuits in state and federal courts have addressed issues and nuances that the Federal Communications Commission, Federal Trade Commission, and state regulatory agencies or legislatures have not.

On November 16th, Kelley Drye held a webinar which discussed the new rules of the road for mobile communications, marketing, and sweepstakes, and offered suggestions for reaching consumers while mitigating the legal risks.

Click here to download the slides from the webinar and click here to watch the recording.

• Email This
• Print
• Share Link

Over the past year, several companies have entered into high-profile settlements with the FTC over allegations that their products didn’t work as advertised. For example, Skechers agreed to pay $40 million to settle charges that it made unsubstantiated claims about its toning shoes. Although the terms of those settlements provide valuable insights for all advertisers, it’s not always easy to understand how the settlements apply to other products.

Practical Law Company asked me to answer some of the key questions advertisers have about advertising law, including what types of claims need to be substantiated, how much substantiation is required, whether the laws are different for social media, and how to challenge competitors. You can read the questions and answers here. 

• Email This
• Print
• Share Link

The Federal Trade Commission (FTC) announced that Compete Inc., a web analytics company, agreed to settle allegations that it engaged in unfair and deceptive practices by collecting personal data without disclosing the extent of the information it was collecting and failing to honor promises it made to protect the personal data it collected.

In its complaint, the FTC alleged that Compete persuaded consumers to download its tracking software by urging them to join a Consumer Input Panel and promising them rewards in exchange for sharing their opinions about products and services. Once installed, the tracking software automatically collected not only information about consumers’ online activity such web pages visited, but also usernames, passwords, search terms, credit card and financial account information, security codes, expiration dates and Social Security numbers. Compete used the consumer data to generate reports that were sold to third parties about improving website traffic and sales.

The FTC alleged that Compete violated Section 5 of the FTC Act by failing to disclose that it would collect more information than just the web pages that consumers visit, and failing to honor its consumer assurances that “all data is stripped of personally identifiable information before it is transmitted to our servers” and “we take reasonable security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of personal information.” With respect to data security, the FTC specifically alleged that Compete failed to provide reasonable and appropriate data security, transmitted sensitive data in an unsecure manner, failed to design and implement reasonable safeguards for consumer data, and failed to use readily available measures to mitigate risk to the data.

Compete’s settlement provides another example of the FTC’s continued enforcement related to tracking consumers’ online activity and data security. Yet, unlike other recent FTC settlements, Compete does not directly use the consumer data it collects to sell its own products and services to consumers. Consumer data is Compete’s product. As such, this settlement should send a signal to those who use data, as well as those who collect and distribute it, that the FTC expects them to be respectful of consumer privacy, provide reasonable and appropriate safeguards for such data, and to do what they say and say what they do when it comes to consumer data.

Under the settlement, Compete is required to:

• Email This
• Print
• Share Link

In increasing numbers, courts have granted summary judgment to the defendants in (or dismissed) consumer class actions in which the plaintiffs have alleged that certain advertising claims are false, deceptive, and/or misleading because the defendants do not possess “prior substantiation” for the claims (i.e., the advertisers do not have a reasonable basis for making the challenged claims in the first instance). These “piggyback” cases often were filed shortly after the defendants entered into settlement agreements with the Federal Trade Commission (“FTC”) resolving the agency’s investigations into the defendants’ respective advertising and marketing campaigns; and the complaints did little more than parrot the FTC’s allegations of falsity and deception.

The issue of piggyback class actions was discussed in a previous blog post. A new article authored by John Villafranco and Dan Blynn, which appears in Nutritional Outlook magazine – "The Case of the Piggyback Class Action"  – examines recent developments and issues relating to piggyback class actions, such as which party bears the burden of proof in such cases, what evidentiary showing is required, and how courts have responded to plaintiffs who have attempted to place the burden on the defendants to prove that their advertising claims are substantiated and/or not deceptive.

• Email This
• Print
• Share Link

Yesterday, the FTC issued a revised version of their Green Guides that is designed to help marketers ensure that claims about the environmental benefits of their products are truthful and not misleading. In revising the Guides, the FTC modified and clarified existing sections and provided new guidance on claims that were not common when the Guides were last reviewed.

The Green Guides address the following types of claims: (a) general environmental benefit claims; (b) carbon offset claims; (c) certifications and seals of approval; (d) “compostable” claims; (e) “degradable” claims; (f) “free-of” claims; (g) “non-toxic” claims; (h) “ozone-safe” and “ozone-friendly” claims; (i) “recyclable” and “recyclable content” claims; (j) “refillable” claims; (k) “renewable energy” claims; (l) “renewable materials” claims; and (m) source reduction claims.

The Green Guides aren’t new regulations, but they describe the types of environmental claims the FTC may or may not find deceptive under Section 5 of the FTC Act. The FTC has brought several actions in recent years related to green claims, and indicated that they would continue to bring these types of actions. Accordingly, advertisers should carefully review the new Guides and ensure that their green claims comply with the FTC’s standards.

For a more detailed analysis of the Green Guides, please reference the Kelley Drye client advisory, and see the FTC video below.

• Email This
• Print
• Share Link

On September 10, law professor Joshua D. Wright was nominated by President Obama to serve on the Federal Trade Commission. Dr. Wright is a professor at George Mason University (GMU) School of Law and holds a courtesy appointment in GMU’s Department of Economics. He previously served as the inaugural Scholar in Residence at the Federal Trade Commission’s Bureau of Competition from January 2007 to July 2008. Prior to coming to GMU, Dr. Wright taught at Pepperdine University School of Public Policy and clerked for Judge James V. Selna of the United States District Court for the Central District of California. He received a B.A. in Economics at the University of California, San Diego and a J.D. and a Ph.D. in Economics from the University of California, Los Angeles.

Dr. Wright, a Republican, will replace Commissioner J. Thomas Rosch, also a Republican, whose term expires this month. Dr. Wright’s posts on Truth on the Market, an academic blog on law, business, and economics, provide some examples of his antitrust and consumer protection-related comments:

• On whether Google has committed antitrust violations by directing search results toward its own content: there is no significant evidence that Google is guilty of antitrust violations because there is little empirical evidence of search bias. Even if Google, like other search engines, favors its own content when producing the results of a search request… dissatisfied customers can easily switch search engines. In other words, the competition is just a click away.
• On local government efforts to restrict the use of mobile apps for pre-arranged taxi cab rides on the basis that taxis, unlike higher end car services, are not allowed to take pre-arranged rides: local barriers to entry cause substantially greater dissipation of consumer surplus than is conventionally acknowledged…
• On the confirmation hearings of now-CFPB Director Richard Cordray in September 2011: … the CFPB is hard-wired to take a myopic view of the tried-and-true benefits of consumer credit markets and runs the risk of harming many (and especially the socially and economically disadvantaged groups in the greatest need of access to consumer credit) in the name of protecting the few… If the CFPB agenda were limited to educating consumers about the costs and benefits of various products and improving disclosures, there would be far less need for concern that it will be a drag on consumers, entrepreneurial activity, and economic growth. However, the CFPB’s intellectual blueprint suggests a more aggressive and dangerous agenda, and the authority it has been granted renders that agenda feasible.

Wright must be confirmed by the Senate before he can begin his 7-year term as a commissioner. According to Truth on the Market, Wright would be the first commissioner to hold a law degree and a Ph.D in Economics.

• Email This
• Print
• Share Link

Yesterday, the FTC published a guide designed to help mobile app developers comply with advertising and privacy laws when marketing mobile apps. The guide doesn’t include new requirements — instead, it synthesizes many of the things the FTC has said about mobile apps in previous settlements, workshops, and policy documents. The guide focuses on two key areas: (1) advertising; and (2) privacy.

Companies are required to ensure their ads are truthful and substantiated. Although some marketers equate the word “ad” with a multi-million dollar TV campaign, the FTC clarifies that an ad can be pretty much anything a company says about what a product can do. Marketers need to ensure they can support these claims. The FTC also discusses the importance of making disclosures in a “clear and conspicuous” manner.

Marketers should think about privacy in the early stages of developing an app. Among other things, the FTC encourages marketers to only collect the information they need, to be transparent about data collection practices, to get consent before collecting sensitive information, and to keep user data secure. In addition, the FTC reminds marketers that they may be subject to the Children’s Online Privacy Protection Act if they collect personal information from children under 13.

The FTC’s guide addresses many of the issues that have gotten app developers in trouble over recent years. Therefore, it provides valuable insights for companies about what they need to do in order to stay out of trouble. Although it may cost more to run an app through a legal review prior to launch, it costs a lot less than having to deal with an FTC investigation later.

For a more detailed analysis of the FTC's guide, click here. And for more tips on developing a mobile app, click here, here, and here. 

• Email This
• Print
• Share Link

The NAD reviewed weight-loss success stories on Nutrisystem’s Pinterest board, and determined that the weight-loss claims featured atypical results. As we’ve posted before, the FTC’s Endorsement Guidelines state that if an endorser's experience does not reflect what consumers will generally achieve, the ad “should clearly and conspicuously disclose the generally expected performance in the depicted circumstances.” Accordingly, the NAD held that the Pinterest board should have included a disclosure with the typical weight-loss results.

The NAD’s decision contains two important lessons. First, claims on social media sites are still considered advertisements and, therefore, subject to advertising laws. And, second, advertisers should exercise caution when advertising atypical results. For more information about the FTC’s guidance on that issue, click here and here.

• Email This
• Print
• Share Link

On June 26, 2012, the Federal Trade Commission (“FTC”) filed a lawsuit against global hospitality company Wyndham Worldwide Corporation and three of its subsidiaries (the “Defendants”) alleging that the companies engaged in unfair and deceptive practices and violated Section 5 of the FTC Act by failing to implement adequate data security protections on computer systems located at 90 independently-owned Wyndham-branded hotels with whom the Defendants maintained franchise agreements.

The Complaint, filed in U.S. District Court in Arizona, claims that the Defendants’ failure to implement reasonable data security safeguards at the franchisee locations allowed computer hackers to breach franchisee computer systems and the Wyndham hotel data center on three separate occasions and access the financial account information for more than 600,000 hotel customers. The Complaint also claims that the Defendants’ privacy policy misrepresented the extent to which the company protected consumers personal information. The Complaint seeks injunctive relief to prevent future violations of the FTC Act by the Defendants, as well as monetary relief for the affected hotel customers.

The FTC’s Complaint is significant for two reasons. One, it represents the first time that the FTC will litigate its theory as to whether an entity’s privacy and data security practices were deceptive and unfair under Section 5 of the FTC Act (past FTC cases have resulted in pre-litigation settlements or informal closings of investigations). Two, the lawsuit reflects the FTC’s position on what facts might cause a corporate brand to be held legally responsible under the FTC Act for the privacy and information security practices of a franchisee and affiliated third parties.

• Email This
• Print
• Share Link

Following up on my post on the subject, last week I had the opportunity to speak with Colin O'Keefe of LXBN regarding Spokeo's $800,000 settlement with the FTC. In the brief interview, I explain what Spokeo does, how they allegedly violated the Fair Credit Reporting Act and Section 5 of the FTC Act and what other companies can learn from this settlement. 

• Email This
• Print
• Share Link

Today, the Federal Trade Commission (FTC) announced that Spokeo, Inc., an information broker that markets and sells detailed consumer data profiles, will pay $800,000 to settle FTC charges that it violated the Fair Credit Reporting Act (FCRA).

In its complaint, the FTC alleged that Spokeo sold consumer profiles compiled from Internet and social networking sites, as well as offline data sources, to employment industry professionals as a tool to screen job applicants.  The FTC alleged that these profiles were “consumer reports” and Spokeo operated as a “consumer reporting agency.” 

The FTC alleged that Spokeo violated FCRA by failing to (1) verify who its users are and whether the consumer reports would be used for a permissible purpose, (2) ensure the accuracy of consumer reports, and (3) inform users of their duty under FCRA to notify consumers if the information in the consumer report served as the basis of the user’s adverse action against the consumer.  The FTC also alleged that Spokeo’s online endorsements were deceptive under Section 5 of the FTC Act, as they were provided by Spokeo’s employees and not customers.  In addition to paying an $800,000 civil penalty, Spokeo agreed to injunctive relief and compliance reporting for 20 years.  

As we’ve discussed, the FTC continues to closely monitor business practices that may involve FCRA.  Companies should note that FCRA applies not only to credit reporting, but also to reports concerning a consumer’s character and reputation to be used as a factor in determining eligibility for employment or other permissible purposes.  Although this is the first FTC case applying FCRA to the sale of Internet and social media data in the employment screening context, it likely will not be the last.

Written with assistance by Jalyce E. Mangum.

• Email This
• Print
• Share Link

We reported on May 23 on Chief Administrative Law Judge Chappell's initial decision in the FTC's action against POM Wonderful. On June 4, all parties filed notices of appeal. The FTC staff's notice states that it is appealing "(1) The failure to find that certain of the challenged advertisements made the claims alleged in the Complaint; (2) The level of substantiation required for the challenged advertising claims; and (3) Certain provisions of the Order entered by Judge Chappell." POM's notice (and the me-too notice filed by individual respondent Tupper) state that they are appealing "(1) all portions relating to the finding of liability against Respondents in their entirety and (2) all portions relating to the imposition of a remedial order against any and all Respondents, in their entirety" as well as "certain procedural, evidentiary, and substantive rulings relating to the findings of fact and law and remedial relief."

The notices are terse, but if there is a surprise anywhere in them, it is the FTC not explicitly appealing Judge Chappell's finding that the appearances of POM principals such as Lynda Resnick to promote POM on news and talk shows are not within the FTC's reach as "advertising" by reason of not having been paid for. Conceivably, however, such a theory could be lodged within the first part of the staff's statement, together with a challenge to Judge Chappell's interpretation of some of the challenged POM advertisements as not communicating specific disease treatment, prevention, mitigation or cure claims. As expected, the FTC staff also appeals Judge Chappell's rejection of the two-clinical-study requirement that the staff sought to impose on ads making such claims. POM and Mr Tupper simply appeal everything in the decision that didn't go their way.

• Email This
• Print
• Share Link

Last week the Federal Trade Commission (FTC) held an information gathering workshop titled “In Short: Advertising and Privacy Disclosures in a Digital World”. The purpose of the workshop was to discuss the need for updated guidance for web and mobile advertisers regarding disclosures and privacy practices. FTC issued the current guidance, known as the “Dot Com Disclosures,” in 2000. Topics discussed included:

“Universal and Cross-Platform Advertising Disclosures”

“Social Media Advertising Disclosures”

“Mobile Advertising Disclosures”

“Usability Research” and “Mobile Privacy Disclosures”

The comment period is open through July 11, 2012. The Commission is targeting this Fall for issuance of updated guidance.

• Email This
• Print
• Share Link

On May 17, Chief Administrative Law Judge Michael Chappell issued his Initial Decision in the FTC's case against POM Wonderful, accusing POM of making unsubstantiated claims that its pomegranate juice and pomegranate extract supplement pills can prevent, treat, cure or mitigate heart disease, prostate cancer, erectile dysfunction, and other medical conditions. The decision found POM, its parent company Roll Global, and individual principals Stewart and Lynda Resnick and Matthew Tupper to have violated the FTC Act, and imposed a 20-year injunction against making such unsubstantiated claims in connection with any food, drug or dietary supplement product.

At the outset, the court determined the evidentiary standard to be applied to claims that a food product prevents, treats, mitigates or cures diseases. Here, in the portion of the decision that dominates POM's own press release, POM succeeded in convincing Judge Chappell that the FTC does not require an advertiser to have either (1) prior FDA approval of the product for treating such diseases or (2) at least two solid, randomized clinical trials, as would normally be required for FDA approval of a new drug, before making such claims. The judge instead adopted the more flexible standard that the appropriate level of substantiation depends on the specific facts and on what experts in the field would consider adequate, relying on past Commission case law (e.g., In re Pfizer, Inc., 81 F.T.C. 23 (1972); FTC v. Direct Marketing Concepts, Inc., 624 F. 3d 1 (1st Cir. 2010); Removatron Int'l Corp. v. FTC, 884 F.2d 1489 (1st Cir. 1989)) and on the status of pomegranate juice as a non-hazardous food that is not marketed as a substitute for other medical treatment. In certain cases, he conceded, the FTC's flexible standard might parallel that of the FDA. See, e.g., FTC v. Nat'l Urological Group, 645 F. Supp. 2d 1167 (N.D. Ga. 2008).

The real crux of the opinion, however, was that even under the flexible substantiation standard, POM could not

• Email This
• Print
• Share Link

Professor Paul Ohm, Associate Professor at the University of Colorado Law School, will be joining the FTC as a senior policy adviser for consumer protection and competition issues in the Internet and mobile market space this August. Ohm's legal career has focused on information privacy and cyberlaw matters. He is the author of numerous law review articles and essays on computer science, privacy and law, and a frequent contributor to FTC roundtables and discussions on privacy and technology. His article, Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization, 57 UCLA Law Review 1701 (2010) has been often cited in the debate on privacy standards.

Ohm previously served as a federal prosecutor for the U.S. Department of Justice's Computer Crime and Intellectual Property Section. Before his legal career, Ohm earned undergraduate degrees in computer science and electrical engineering and worked as a programmer, network administrator and IT specialist.

FTC Chairman Jon Leibowitz released a statement on Ohm's appointment: "Paul's keen insights on how the law applies to technology and privacy issues will be invaluable to the FTC's work in these areas. We have been fortunate in bringing in a series [of] top-notch experts to advise us on cutting-edge issues and enhance our in-house expertise. We look forward to having Paul on board."

Additional coverage is available here, here, and here. A full press release is available here.

• Email This
• Print
• Share Link

Last year, we posted that Reebok had agreed to pay $25 million to settle charges that it had made unsubstantiated claims about its toning shoes. This week, the FTC announced that Skechers agreed to pay a record $40 million to settle charges that the company deceived consumers by making unfounded claims that its toning shoes would help people lose weight, strengthen and tone their muscles, and improve cardiovascular health.

Under the settlement, Skechers is barred from making certain claims for its shoes, unless the claims are backed by “competent and reliable scientific evidence.” As with other recent settlements, the FTC describes what evidence is required. For example, for strengthening claims, the company needs “at least one adequate and well controlled human clinical study of the [products] that conforms to acceptable designs and protocols, is of at least six-weeks duration, and the result of which, when considered in light of the entire body of relevant and reliable scientific evidence, is sufficient to substantiate that the representation is true.” Other claims require different levels of support.

Advertisers should pay attention to the FTC’s settlement in this case and other recent cases. Not only is the FTC raising the bar on what type of substantiation is needed to support certain types of claims, they are also raising the stakes with higher settlement amounts.

• Email This
• Print
• Share Link

On May 8, 2012, the Federal Trade Commission (FTC) announced its settlement with social networking service Myspace on charges that it misrepresented its protection of users' personal information in violation of federal law. Like many of its social media counterparts who were recently the target of FTC enforcement actions, Myspace is charged with espousing strict privacy measures and then failing to do as promised.

The Myspace social network comprises millions of users who create and customize online profiles. Myspace assigns a persistent unique identifier, called a "Friend ID," to each profile created. Though users have the ability to upload extensive personal information to their profile, Myspace designates a subset of personal user data as "basic profile information," which include the user's profile picture, Friend ID, location, gender, age, display name, and full name. According to the complaint, this basic profile information is publicly displayed by default and is outside the scope of the privacy settings. The only piece of basic information that users can hide from public view - provided that they change the default setting - is their full name. As of July 2010, only 16% of users had actually changed the default setting to hide their full name.

Under its privacy policy, Myspace promised that it would not share users' personal information or use it in a way that was inconsistent with the purpose for which it was submitted without their consent. In addition, Myspace promised that customized ads would not individually identify users to third parties and would not share non-anonymized browsing activity. According to the complaint, Myspace in fact shared the Friend ID, age, and gender of users with third-party advertisers. Advertisers used the Friend ID to locate the user's Myspace profiles to obtain personal information, including in most instances the user's full name. Advertisers could also combine the user's real name and other personal data with additional information to link broader web-browsing activity to a specific individual. In addition, Myspace certified in its privacy policy that it complied with the U.S.- EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States. These statements of compliance were false, according to the FTC.

The proposed settlement order bars Myspace from misrepresenting the extent to which it protects the privacy of users' personal information or the extent to which it belongs to or complies with any privacy, security, or other compliance program, including the U.S -EU Safe Harbor Framework. The order also requires that Myspace establish a comprehensive privacy program designed to protect users' information, and to obtain biennial assessments of its privacy program by independent, third-party auditors for twenty (20) years. This agreement will be subject to public comment for thirty (30) days through June 8th, after which the FTC will decide whether to make the proposed consent order final. Interested parties are strongly encourage to submit written comments prior to this date.
 

• Email This
• Print
• Share Link

On April 26, 2012, the Federal Trade Commission (FTC) held a public workshop entitled "Paper, Plastic . . . or Mobile?" to examine the use of mobile payments in the marketplace and the impact of emerging technologies on consumers. Three consumer issues surrounding mobile payments were highlighted: (1) the lack of clear consumer redress and dispute resolution processes, (2) data security, and (3) consumer privacy.

A Keley Drye client advisory, "Insights from the FTC's Mobile Payments Workshop: Potential Roadmap for Industry Best Practices," summarizes the FTC's workshop and the discussion on these three issues. For industry participants that are involved in the mobile payments ecosystem – or wish to be – having a clear understanding of these components and emerging best practices makes good business sense, and can help keep a company from becoming an enforcement or litigation target.

• Email This
• Print
• Share Link

It’s not too late to view content from Kelley Drye’s Privacy Law Symposium, which was hosted in Los Angeles on Monday. The program included presentations on privacy enforcement, consumer class action litigation, and insurance recovery in the data privacy context, including:

• Avoiding an FTC Privacy Investigation and What To Do When You Find Yourself the Target of One
• Top Issues in Class Action Lawsuits Arising Out of Privacy, Data Security, and New Media Technology
• Insurance Coverage for Data Privacy Liability – Do You Already Have It, and If Not, Can You Buy It?

Click here to view the webinar recording.
 

• Email This
• Print
• Share Link

The Federal Trade Commission ("FTC"), in the last couple of years, has made clear that it expects advertisers making strong cause-and-effect claims (e.g., “Lose weight,” “Helps prevent irregularity”) to possess, at a minimum, at least one well-designed and reliable clinical study. Yet, at the same time, FTC staff—those who conduct FTC investigations—have made statements that suggest a growing skepticism of clinical trials conducted abroad.

A recent article by John E. Villafranco and Katie Bond, published by Nutritional Outlook, "Foreign Territory: Dietary Supplement Clinical Trials Conducted Abroad," discusses this dilemma and provides practical pointers on minimizing risk, whether a company seeks to commission a trial abroad or rely on an existing study for claims.

• Email This
• Print
• Share Link

On Thursday, March 19, 2012, the United States Senate unanimously confirmed Maureen Ohlhausen as a Commissioner of the Federal Trade Commission (“FTC”). Ms. Ohlhausen is a seasoned attorney who has handled consumer privacy and data security issues in public service and private practice, and her confirmation suggests that the FTC will continue to emphasize these areas of the law.

Ms. Ohlhausen, currently a partner with Wilkinson Barker Knauer LLP, was nominated by President Obama in July 2011 to replace Republican William Kovacic, whose term expired in September 2011. As one of five Commissioners, Ms. Ohlhausen will have a seven-year term.

Ms. Ohlhausen returns to the FTC, where she served for eleven years, including a four-year tenure as Director of the Office of Policy Planning. In this role, Ms. Ohlhausen addressed a variety of high-tech legal and policy issues, including barriers to electronic commerce, and online merchants’ use of consumer data. In addition, she headed up the FTC’s Internet Access Task Force. Previously, Ms. Ohlhausen clerked for current Chief Judge David B. Sentelle of the U.S. Court of Appeals for the D.C. Circuit, and clerked at the U.S. Court of Federal Claims for Judge Robert Yock. Ms. Ohlhausen is a graduate of George Mason University Law School, and received her undergraduate degree from the University of Virginia.

• Email This
• Print
• Share Link

Today the Federal Trade Commission released its much anticipated final Privacy Report, entitled Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers. The final report calls on companies to implement best practices to protect consumers’ private information (both on- and off-line), Congress to enact baseline privacy and data security legislation with civil penalties, and industry to accelerate the pace of self-regulation. The Report also supports legislation to provide consumers with access to information stored by data brokers and the opportunity to dispute the accuracy of such data.

The final Privacy Report applies to “all commercial entities that collect or use consumer data that can be reasonably linked to a specific consumer, computer, or other device, unless the entity collects only non-sensitive data from fewer than 5,000 consumers per year and does not share the data with third parties.” For companies that fall within such scope, the FTC recommends that companies implement the following best practices, and adds that, to the extent such recommended practices go beyond existing law, the privacy framework is not intended to be a template for law enforcement actions or regulations currently enforced by the FTC.

• Email This
• Print
• Share Link

Live in Los Angeles or via webinar, please join Kelley Drye & Warren LLP on April 23 for an afternoon program covering privacy-related trends in enforcement, class action litigation, and insurance recovery. Click here to register for the webinar.

Privacy Law Symposium and Webinar: Enforcement, Litigation and Risk Management

Avoiding an FTC Privacy Investigation and What To Do When You Find Yourself the Target of One
A number of data practices are clearly catching the FTC’s eye. Kelley Drye privacy attorneys Dana B. Rosenfeld and Alysa Z. Hutnik will discuss which business practices are most likely to draw the FTC’s attention, and practical steps that businesses can take to reduce their risk of becoming the next target of an FTC privacy investigation or improve their defenses if businesses are investigated. And for those companies that do find themselves at the center of an investigation, learn key practice pointers that should go into every business’s strategy when determining how best to respond to the investigation.

Top Issues in Class Action Lawsuits Arising Out of Privacy, Data Security, and New Media Technology
California is a hotbed for consumer class action lawsuits, and business practices involving the collection and use of personally identifiable information can often prompt class actions. Kelley Drye litigators Keri E. Campbell and Lauri A. Mazzuchetti will discuss the top issues at play in class action suits involving privacy, information security, mobile applications, and related areas.

Insurance Coverage for Data Privacy Liability - Do You Already Have It, and If Not, Can You Buy It?
Companies suffering data security breaches have had varying degrees of success in their efforts to obtain insurance coverage for their liabilities and costs of defense. Kelley Drye insurance recovery lawyers Edward E. Weiman and Richard D. Milone will provide an overview of the types of insurance coverage potentially available in the data privacy context, focusing on which types of policies might apply, which arguments are likely to prevail to establish coverage, and what practical steps a company should take to maximize its insurance recovery in the event of a data breach.

Date:
Monday, April 23, 12:00 – 3:00 PM Pacific
Lunch begins at noon, with formal program to start at 12:30 PM.

Location:
Kelley Drye & Warren LLP
10100 Santa Monica Blvd.
Twenty-third Floor
Los Angeles, CA 90067
(301) 712-6199

RSVP:

To attend live in LA, email adlaw@kelleydrye.com or contact Cassidy Russell at 202.342.800.

To attend remotely by webinar, click here to register.

• Email This
• Print
• Share Link

If you work with mobile apps, you may already know that privacy is a hot issue. Regulators are pushing companies to improve their privacy practices, Congress is contemplating new laws, and class action lawyers are suing companies that don’t clearly disclose their practices. In the past few weeks, this focus on privacy intensified as the FTC, the California Attorney General, and even the White House weighed in with new announcements.

Two things are clear from this recent burst of activity. First, regulators are putting pressure on everyone in the mobile app ecosystem to improve their practices, so you can’t just assume that it’s your partner’s responsibility to comply. And with the number of regulators focusing on these issues, it’s going to be a lot harder for companies to hide. No matter what role you play in the mobile app ecosystem, you should pay attention to these developments. Gonzalo Mon and John Heitmann summarize what you need to know in a new article published by Mashable, "Mobile Privacy: 5 Legal Concerns for Developers."
 

• Email This
• Print
• Share Link

In the wake of the White House's February 23, 2012 release of Consumer Data Privacy in a Networked World: A Framework for Protecting and Promoting Innovation in a Global Digital Economy ("Framework"), the Commerce Department's National Telecommunications and Information Administration (NTIA) published in today's Federal Register a request for public comments from all interested stakeholders on consumer data privacy issues to be addressed through enforceable voluntary codes of conduct. Comments are due on March 26, 2012.

Although any topic is fair game, NTIA opens the process by signaling that implementation of the Framework's transparency principle in privacy notices for mobile applications is among the agency's highest priorities. Also listed as a specific topic on which NTIA seeks comment are other issues associated with mobile apps, including location based services. Cloud computing, online services directed toward teens and children, trusted identity systems, and the use of multiple technologies such as browser-based cookies to collect personal data also are highlighted as areas for comment.

NTIA also seeks comment on how the multistakeholder process should be conducted so as to best ensure openness, transparency, and consensus building. These comments are the first part of this process aimed at developing voluntary industry codes of conduct that eventually be enforced by the Federal Trade Commission.

• Email This
• Print
• Share Link

On February 16, 2012, Kelley Drye & Warren LLP hosted the seminar and audiocast, “Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends.” The seminar highlighted regulatory and legislative developments in privacy and information security during the past year, with an emphasis on children's online privacy and mobile applications.

Peter Swire, a professor at The Ohio State University Michael E. Moritz College of Law and a Senior Fellow with the Center for American Progress, opened the seminar with a keynote address that gave historical context to the most recent regulatory efforts addressing consumer privacy. Professor Swire’s remarks were followed by two panel sessions that included six experts representing key industry representatives and the federal agencies integral to recent privacy initiatives. The first panel discussed children's online privacy and the Federal Trade Commission’s proposed revisions to the Children's Online Privacy Protection Rule. The second panel discussed various consumer privacy enforcement and regulatory initiatives relating to mobile apps.

For more on the seminar, including a synopsis of key takeaways, see the Kelley Drye client advisory. An audio recording of the full program is also available.

• Email This
• Print
• Share Link

The FTC this week warned marketers of six mobile apps that provide background screening that the companies may be violating the Fair Credit Reporting Act (FCRA). The FTC warned the apps marketers that, if they believe that the background reports (which included criminal record histories) generated by their apps are being used for employment screening, housing, credit, or other similar purposes, they must comply with the FCRA.

Who Got the Warnings: The FTC sent these warning letters to Everify, Inc., marketer of the Police Records app, InfoPay, Inc., marketer of the Criminal Pages app, and Intelligator, Inc., marketer of Background Checks, Criminal Records Search, Investigate and Locate Anyone, and People Search and Investigator apps.

Who Should Pay Attention: The warning letters serve as a reminder that broader enforcement by the FTC of the mobile apps sector is likely to follow if mobile app providers engaged in similar practices do not take steps to comply with the FCRA.

Why: Under the FCRA, businesses that assemble or evaluate information that can be considered a “credit report” and provide it to third parties can qualify as consumer reporting agencies. Many companies are often surprised to learn that the information they assemble and/or evaluate and provide to a third party may be considered a “credit report.”

• Email This
• Print
• Share Link

The year 2012 is certain to reflect U.S. consumers’ continued love affair with sophisticated smartphones and tablets. One of the driving forces in the popularity of these devices is their ability to run mobile apps using wireless location-based services (LBS). Among other benefits, LBS allow access to real-time and historical location information online – whether to facilitate a social interaction or event, play games, house-hunt or engage in many other activities.

However, with these benefits also come privacy risks. And it is not uncommon for some popular LBS-enabled tools to lack clear disclosure about personal information collection, how that data is used, and the process for consumer consent.

Our article posted recently on Mashable, "5 Privacy Tips for Location-Based Services," discusses several privacy "do's and don'ts" for designing mobile apps.

For a more in-depth discussion of these issues, plus other privacy law trends, join us on February 16 for Kelley Drye’s seminar and teleconference, “Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends.”

• Email This
• Print
• Share Link

Changes to privacy regulations, such as proposed revisions to the Children's Online Privacy Protection Act (COPPA), and continuously evolving technologies, including mobile apps with location-based services, can make it difficult for businesses to ensure their privacy practices are up to par.

On February 16, Kelley Drye will gather government leaders from the FTC and FCC, and thought leaders in the industry, for a discussion about new regulations, enforcement trends, and best practices to avoid consumer privacy risks. Please join us for "Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends."

Email dcevents@kelleydrye.com to register for the live seminar or teleconference.

KEYNOTE SPEAKER

Peter Swire, Professor of Law, Ohio State University; former Clinton Administration Chief Counselor for Privacy, U.S. Office of Management and Budget

PANEL 1:  COPING WITH COPPA: CHILDREN'S PRIVACY AND PROPOSED REVISIONS TO THE COPPA RULE

Ellen Blackler, Vice President - Global Public Policy, The Walt Disney Company

Mamie Kresses, Senior Attorney, Division of Advertising Practices, Federal Trade Commission

Saira Nayak, Director of Policy, TRUSTe

Moderated by partners Dana Rosenfeld and Alysa Hutnik of Kelley Drye & Warren LLP

PANEL 2:  MOBILE APPS: A PRIVACY AND CONSUMER PROTECTION HOT SPOT

Michael Altschul, Senior Vice President and General Counsel, CTIA

Jessica Rich, Associate Director, Division of Financial Practices, Federal Trade Commission

Jennifer Tatel, Associate General Counsel, Federal Communications Commission (invited)

Moderated by partners John Heitmann and Gonzalo Mon of Kelley Drye & Warren LLP

When:
February 16, 2012,  2:30 PM - 5:30 PM EST

Location:
Kelley Drye & Warren LLP
3050 K Street, NW, Suite 400
Washington, DC 20007-5108

And via audio webcast

RSVP:
Email dcevents@kelleydrye.com or contact Cassidy Russell at 202.342.8400.

This seminar is free of charge, but space is limited. Reserve your place today.

CLE and CPE credit may be available in certain jurisdictions.

• Email This
• Print
• Share Link

A disturbing trend has emerged in false advertising litigation: plaintiffs are filing class action complaints that are virtually identical to or rely heavily on FTC complaints or FDA warning letters. Those complaints allege that certain advertising claims are false, deceptive, and/or misleading because the defendants do not possess “prior substantiation” for the claims, i.e., the advertisers do not have a reasonable basis for making the challenged claims in the first instance.

Recently, however, both federal and state courts have dismissed cases that do little more than echo FTC complaints or FDA warning letters, and have simply alleged that the defendants lacked substantiation for the challenged advertising claims, on grounds that those allegations fail to state a claim. More specifically, courts have explained that the allegations in those cases impermissibly attempt to shift the plaintiffs’ burden of proving falsity onto the defendants to show that the challenged claims, in fact, are substantiated.

A new article authored by Dana Rosenfeld and Dan Blynn that appears in the ABA’s Antitrust magazine, “The ‘Prior Substantiation’ Doctrine: An Important Check On the Piggyback Class Action,” discusses the “prior substantiation” defense to class-action lawsuits, which attempt to piggyback off of FTC pleadings and FDA warning letters.

• Email This
• Print
• Share Link

As we've noted in previous posts, if a company provides incentives to a consumer in order to encourage the consumer to promote the company's products, the consumer is required to disclose those incentives. It's not just the consumer's problem, though. The FTC has stated that a company can be held liable for a consumer's failure to make the disclosure. Fortunately, though, there are easy steps that a company can take to protect itself in case consumers don’t comply.

The FTC recently investigated a promotion conducted by one of Hyundai’s advertising agencies in which bloggers were given gift certificates as an incentive to include links to Hyundai videos in their posts or to comment on Hyundai’s upcoming Super Bowl ads. Many of the consumers did not disclose that they had received the gift certificates. After reviewing the promotion, however, the FTC decided not to pursue the case for a few reasons.

First, the FTC determined that Hyundai did not know about the incentives, that a small number of bloggers were involved, and that some of them did disclose they had received an incentive. Second, although advertisers can be held responsible for the actions of their agents, the actions in this case ran counter to both Hyundai’s and the agency’s social media policies. Moreover, the agency promptly took action after it learned that some bloggers hadn’t made the appropriate disclosures.

This case serves as a reminder that companies who engage in social media should have a policy that provides endorsers with guidelines about what they can, can’t, and must do. It’s not just enough to have the policy in place, however. Companies must also monitor to ensure endorsers comply with the policy, and take action against those who don’t. 

• Email This
• Print
• Share Link

Earlier this year, the FTC and the Colorado Attorney General filed a lawsuit against a company that sells a wealth-building program. The company’s infomercials included testimonials from consumers who purportedly made money through the program and fine print disclosures stating that results would vary. The regulators recently announced they had obtained a court order that, among other things, requires the company to highlight the low success rate of its customers.

As we’ve mentioned in previous posts, two years ago, the FTC updated their guidelines on endorsements and testimonials. Under the new guidelines, a company can no longer feature testimonials with atypically good results and simply use a “Results Not Typical” disclaimer. Instead, a company must either feature testimonials that show typical results or include a disclosure that clearly explains the results that a typical consumer can expect to achieve.

As part of the court order, the infomercial company is forced to “clearly and prominently” include the following statement in all ads and infomercials: “Most of our customers will earn little or no money.” The order includes detailed requirements about how, when, and how often the disclosure must be made in various types of ads. In addition, the company is prohibited from representing that consumers are likely to quickly and easily make a lot of money.

This case serves as a reminder that advertisers need to ensure that all claims in their ads -- including claims that are made by consumers -- are truthful and not misleading. And companies need to be particularly careful that claims made by consumers are either representative of typical results or that the ads otherwise clearly disclose the typical results. Otherwise, a much more onerous disclosure may be forced on them by a court.

• Email This
• Print
• Share Link

Yesterday, the Federal Trade Commission (“FTC”) approved a final settlement with marketers of the “Acne Pwner” and “AcneApp” mobile applications (“apps”). This is the first FTC settlement targeting health claims by mobile app developers/marketers, but one of several FTC mobile app enforcement actions.

In the AcneApp case, the defendants claimed that their apps could treat acne with colored lights emitted from a mobile device. To support the claim, the AcneApp marketers relied on a study published by the British Journal of Dermatology, claiming that the study showed blue and red light treatments eliminated p-bacteria (a major cause of acne) and reduced skin blemishes. The FTC determined that AcneApp falsely claimed that the British Journal of Dermatology study proves that red and blue light therapy is an effective acne treatment.

The FTC order prohibits Acne Pwner and AcneApp “from making acne-treatment claims about their mobile apps and other medical devices” without at least two adequate and well controlled human clinical studies. The requirement for two clinical studies is the same standard that the FTC applied in recent settlements with a dietary supplement manufacturer over weight loss claims for its dietary supplements, and with a food marketer over its claims that one of its products reduced the duration of acute diarrhea and reduced school absences. In another recent settlement, FTC ordered Reebok to provide one clinical study to substantiate fitness claims for its toning shoes.

The marketers of Acne Pwner and AcneApp were also ordered to pay the FTC $1,700 and $14,294, respectively.

This blog post was written by Bridget Richardson, Alysa Hutnik and Sarah Roller.
 

• Email This
• Print
• Share Link

On September 21, 2011, FTC Bureau of Consumer Protection Director David Vladeck sent a letter to the court appointed consumer privacy ombudsman in the Borders Group, Inc. (Borders) bankruptcy proceeding advising against the sale of Border's customer information absent customer consent or significant restrictions on the transfer and use of the information. The letter was sent in response to a request from the ombudsman seeking a written description of the agency's concerns regarding the possible sale of the customer information, which includes purchase history and email addresses from over 20 million customers. According to the FTC's letter, the purchase history information dates back to May 2005, and includes merchandise purchased (e.g., books and videos), the location of the purchase (store, kiosk, or internet), Borders Rewards number, and, in some cases, credit card information.

As described in the letter, Border's 2006 and 2007 privacy policies stated that it would "only disclose your email address or other personal information to third parties if you expressly consent to such disclosure." (Emphasis in original). In addition, a revised policy from 2008 contained the same language restricting the sale or rental of personal information, but also included information describing circumstances under which Borders might disclose personal information, as follows:

• Email This
• Print
• Share Link

Late this week, the FTC issued its proposed amendments to the Children’s Online Privacy Protection Rule ("COPPA Rule"). The proposed revisions are intended to maintain privacy protections for children who increasingly participate in social networking and interactive gaming, or engage in online activities through a mobile device. The FTC seeks written comments to the proposed amendments, which are due by November 28, 2011.

Kelley Drye prepared an advisory that outlines the proposed revisions to the Rule and describes what the new requirements would mean for businesses that have an online presence with respect to obtaining parental notice and consent, what data they can collect from children, and corresponding safeguards and data minimization requirements, to avoid incurring civil penalties of up to $16,000 per violation.

• Email This
• Print
• Share Link

Posted by Sarah Roller and Raqiyyah Pippins

On August 18, 2011 the FTC issued a request for public comment and advance notice of proposed rulemaking (ANPR) as part of the Commission's review of the costs, benefits, necessity, and regulatory and economic implications of its “Retail Food Store Advertising and Marketing Practices” rule, commonly called the “Unavailability Rule,” 16 C.F.R. Part 424.

Currently, the Unavailability Rule states that it is an unfair or deceptive act or practice for “retail food stores” to advertise “food, grocery products or other merchandise” at a stated price if those stores do not have the advertised products in stock and readily available to consumers during the effective period of the advertisement. The Rule includes a provision that permits stores that do not have the advertised products in stock and readily available to comply with the Rule if “the advertisement clearly and adequately discloses that supplies of the advertised products are limited or the advertised products are available only at some outlets.” In addition, the rule provides that it would not be a rule violation if: (1) The store ordered the advertised products in adequate time for delivery in quantities sufficient to meet reasonably anticipated demand; (2) the store offers a “rain check” for the advertised products; (3) the store offers a comparable product at the advertised price reduction; or (4) the store offers other compensation at least equal to the advertised value.

According to the ANPR, “the Commission now solicits comments on, among other things, the economic impact of, and the continuing need for, the Unavailability Rule; the benefits of the Rule to consumers purchasing products at retail food stores; and the burdens the Rule places on firms subject to this requirement.”  The Commission also is considering whether to broaden the Rule to include stores not currently covered, such as drugstores, department stores, and electronic retailers. Comments can be filed online or on paper and must be received by the FTC on or before October 19, 2011.
 

• Email This
• Print
• Share Link

On August 15, 2011, the FTC announced a settlement with W3 Innovations, LLC (“W3”) and its President over charges that the company violated the Children’s Online Privacy Protection Act (“COPPA”) when W3 allegedly collected and disclosed personal information from tens of thousands of children without their parents’ consent. The settlement requires W3 and its president to pay $50,000, and they must delete all personal information collected in violation of COPPA. The case marks the FTC’s first action against a mobile applications (“apps”) developer.

W3 Innovations, which does business as Broken Thumbs Apps, develops and distributes apps including Emily’s Girl World and Emily’s Runway High Fashion (the “Emily Apps”), which are sold through the “Games-Kids” section of Apple, Inc.’s App Store. According to the FTC Complaint, the Emily Apps encouraged children to submit emails, including messages to friends and requests for advice, that were then posted as publicly-available blog entries to the “Emily’s blog” feature available on all Emily Apps sites. Children also could submit comments in response to the blog entries using a standard comment form that required users to provide their name and email address.

The FTC’s COPPA Rule (16 C.F.R. Part 312) is triggered when companies collect online personal information about children under the age of 13. The Rule requires website operators to notify parents and obtain their express consent before they collect, use, or disclose such children’s personal information. The Rule also requires website operators to post a clear and conspicuous privacy policy at each area of an online site that collects personal information from children. The FTC alleged that W3 violated COPPA when it did not obtain parental consent before it (1) collected and maintained at least 30,000 email addresses from children who participated in the “Emily’s blog” feature; and (2) allowed children to publicly post information, including personal information, to the blog and comments section of the app.

As this case demonstrates, the FTC is following through on statements that it made earlier this year that it was actively investigating a number of privacy issues associated with mobile devices, including features targeting children. Given the FTC’s interest in this area, companies seeking to enter the mobile app market or engage a younger audience using games or other online features should be aware of the key considerations and best practices (see here and here) that can help reduce risks resulting from increased legal and regulatory scrutiny.

This post was written by Alysa Z. Hutnik and Matthew P. Sullivan.

• Email This
• Print
• Share Link

The rise of smartphones, wifi hotspots, and high-speed data networks has spurred new technology-based business models and the exponential growth of consumer information online. Chief among new technologies, the use of mobile applications—“apps”—has exploded in the past few years. From near-constant posts on Facebook to attacking the green pigs on Angry Birds, consumers have opened their hearts and wallets to mobile apps. While the upside is great, companies and developers considering a mobile app should also be mindful of the legal and business pitfalls of mobile apps and implement a process to sidestep common challenges.

A new article from E-Commerce Law & Policy, “Avoiding Trouble When Adding an App to the Business Model,” outlines several of these potential pitfalls and the best practices to avoid them.

For more information about this uncharted legal territory and emerging "rules for the road" for developing and marketing mobile apps, click here to view and listen to a recording of the Kelley Drye webinar, “Mobile Applications: Privacy and Data Security Considerations.”

• Email This
• Print
• Share Link

Consumers around the world are increasing their use of dietary supplements. In the United States alone, consumers spend almost $27 billion per year on dietary supplements, and the EU and China are also rapidly developing and promising markets for supplements. With growing demand, dietary supplement companies have diversified their product portfolios and expanded their manufacturing and sales distribution to existing and emerging markets. In so doing, these same companies are confronted with myriad regulations that apply to the registration, sale and advertising of their products, each of which must be evaluated on a country by country or regional basis, as in the case of the EU.

A new article from the Food and Drug Law Institute Update magazine explores the differences between the U.S. system of regulating sale and advertising of dietary supplements with those of the EU and China, which have regulations that limit products and claims to defined categories in the name of consumer protection. Click here to access the full article, “It’s All Local: What You Need to Know About the Law Relating to the Marketing of Dietary Supplements in the United States, the European Union and China,” with permission from FDLI.

• Email This
• Print
• Share Link

On Tuesday, July 19, 2011, President Obama announced that he will nominate Maureen Ohlhausen to serve as a Commissioner with the Federal Trade Commission (“FTC”). Ms. Ohlhausen has broad experience in the areas of online privacy and consumer information protection, and the nomination underscores the increasing importance of such issues to the Commission.

Currently, Ms. Ohlhausen is a partner at Wilkinson Barker Knauer LLP, where she works in the firm’s privacy, data protection, and cybersecurity practice. Prior to joining the firm, she served as policy counsel for the Business Software Alliance trade group. From 1997 to 2008, Ms. Ohlhausen worked at the FTC, including as Director of the Office of Policy Planning, where she handled issues related to e-commerce, advertising, and technology. During her tenure with the Commission, she led an Internet access task force that focused on net neutrality and broadband competition.

Earlier in her career, Ms. Ohlhausen worked at the U.S. Court of Appeals for the D.C. Circuit as a law clerk for Judge David Santelle, and clerked for Judge Robert Yock of the U.S. Court of Federal Claims. Ms. Ohlhausen is a former adjunct law professor and a graduate of the George Mason University Law School. She received her bachelor’s degree from the University of Virginia.

If confirmed by the Senate, Ms. Ohlhausen will replace Republican William Kovacic, whose term expires in September. She would serve a seven-year term on the Commission’s five member board.
 

• Email This
• Print
• Share Link

On July 14, 2011, a joint House Energy and Commerce Subcommittee hearing focused on online privacy policy and perspectives of the ‘big three’ federal agencies with potential jurisdiction over online privacy – the Federal Trade Commission (FTC), the Federal Communications Commission (FCC), and the National Telecommunications and Information Administration (NTIA). The hearing, Internet Privacy: The Views of the FTC, the FCC, and NTIA, offered a comprehensive review of the state of online consumer privacy and the appropriate industry and government response to developments in online behavioral advertising and tracking. The hearing comes on the heels of a flurry of online privacy and data security legislation introduced in recent weeks and months. Witnesses included FCC Chairman Julius Genachowski, FTC Commissioner Edith Ramirez and NTIA Administrator Lawrence E. Strickling.

The hearing touched on issues including the economic impact of privacy regulation, defining the harms caused by data collection, agency jurisdiction and authority, protecting children, data security, and social networking. Click here for more detail regarding the major themes discussed at the hearing, which expanded the growing legislative record on online privacy and security.

• Email This
• Print
• Share Link

Recently, one of Twitter’s business partners announced that it had been contacted by the Federal Trade Commission (“FTC”) and planned to comply with the agency’s request for information. The company, UberMedia, develops software which helps users access and organize Twitter content through smart phones and desktop computers. While the FTC has not disclosed the scope of its inquiry, sources familiar with the investigation say that the FTC suspects Twitter of pressuring UberMedia and other partners which have developed features Twitter wants to offer itself, in a way that harms competition. Over time, Twitter has purchased some developers, and the company recently asked its existing developers to refrain from imitating Twitter’s own mobile device applications and web interface, in the interest of standardizing the user experience.

Although the nature of the investigation remains to be seen, marketers should be aware that a company’s business relationship with an app developer may not merely be a contract issue between the two parties; in some cases, it can give rise to concern from a regulatory agency about whether consumer choice is being impacted.

• Email This
• Print
• Share Link

Last week, the FTC and the Colorado Attorney General filed a lawsuit against a company that sells a wealth-building program through infomercials. The infomercials included various claims that consumers could make large amounts of money by using the company’s program, as well as testimonials from consumers who purportedly made money through the program. Fine print disclosures stated that results would vary. According to the complaint, the claims were misleading, many of the testimonials were false, and most consumers did not earn any money.

What’s unique about this case is that the complaint also named one of the consumers who provided a testimonial. According to the complaint, the consumer earned much less money than she claimed to have earned in the infomercial. The consumer agreed to settle the case against her by agreeing not to make misrepresentations in the future and to cooperate with law enforcers in their case against the remaining defendants. The order is the FTC’s first against a consumer charged with making misrepresentations in a testimonial.

Advertisers should ensure that all claims in their ads -- including claims that are made by consumers -- are truthful and not misleading. As we’ve noted before, the FTC released new guidelines that address testimonials and “results not typical” disclosures. Be sure to consult those guidelines whenever you plan to use a testimonial.
 

• Email This
• Print
• Share Link

It is no secret that marketers are striving for ways to legally and effectively educate consumers about the health benefits provided by food and dietary supplement products. In fact, Natasha Singer of the New York Times recently reported on the growth of "functional foods" marketed with health benefit claims -- a $37.3 billion market in the United States in 2009.

However, marketers must proceed with caution when considering advertising strategies that can sustain heightened regulatory scrutiny. Increased collaboration between FDA and the FTC is creating a notable shift in regulatory enforcement that blurs the jurisdictional lines between the agencies and requires a new assessment of potential liabilities for companies making health-benefit claims for their products.

For more information regarding this trend and important considerations for food and dietary supplement companies, please see the May 2011 article in Nutritional Outlook written by Kelley Drye attorneys John E. Villafranco, Raqiyyah R. Pippins, and Kristi L. Wolff entitled "Working Together: How Growing FDA and FTC Collaboration Changes the Regulatory Landscape for Food and Dietary Supplement Marketers."

• Email This
• Print
• Share Link

On May 12, 2011, the FTC announced that it reached a $3 million settlement with online “virtual worlds” website provider Playdom, Inc., a Disney subsidiary, for allegedly violating its own privacy policies and collecting and disclosing personal information on hundreds of thousands of children without parental consent – potential violations of the Children’s Online Privacy Protection Act (COPPA).

Playdom owns and operates a number of online “virtual world” websites, including sites geared for children such as Pony Stars, where users can play online games, post profile pages and engage in other online activities. In the process, between 2006 and 2010, Playdom’s websites collected personal information on over 400,000 children under the age of 13. In July 2010, Playdom was acquired by a subsidiary of The Walt Disney Company.

COPPA requires website operators to maintain clear privacy policies and obtain parental consent prior to the collection, use or disclosure of personal information – such as name, address, email, and telephone number – for children under the age of 13. Playdom allegedly violated COPPA by collecting children’s ages and email addresses during online registration and enabling children-users to post personal information – their names, email addresses, instant messenger names and location information – on profile pages without first obtaining parental consent. Further, Playdom allegedly violated the FTC Act by misrepresenting on their privacy policies that children could not post profile pages, when in fact they could.

On May 11, 2011, the Department of Justice (on behalf of the FTC) formally filed a Complaint and entered the proposed $3 million Consent Decree and Order in the U.S. District Court for the Central District of California in Los Angeles. The $3 million Consent Decree marks the largest civil penalty doled out by the FTC under COPPA. This case and the growing list of cases involving online consumer privacy rights highlight the due diligence required when website operators and other companies collect, use and disclose consumer information (or acquire a company that does).

Christopher S. Koves contributed to this post.

• Email This
• Print
• Share Link

Do you know what kind of data your smartphone apps are collecting?

Understanding the flow of data, how it is shared, and whether your apps collect sensitive information such as mobile payments or location-based data is critical to avoiding regulatory scrutiny and litigation risks.

Join Kelley Drye on May 16 from 12 noon – 1:00pm EST for a webinar exploring this uncharted legal territory, “Mobile Applications: Privacy and Data Security Considerations.” Topics of discussion will include:

• The mobile ecosystem, including data flows and parties involved.
• Privacy and security considerations, including unintended data uses.
• Current issues in the legal landscape, including media coverage; inquiries and actions from Congress, the FTC, and FCC; litigation risks; and industry activity.
• Emerging “rules for the road” for developing and marketing mobile apps.

This webinar will address the privacy and information security questions that are top of mind for anyone involved in developing, marketing, selling, or serving mobile apps.

Kelley Drye Speakers:

Dana B. Rosenfeld
Chair, Privacy & Information Security Practice and Partner, Advertising & Marketing Practice

Alysa Z. Hutnik
Partner, Privacy & Information Security and Advertising & Marketing Practices

John J. Heitmann
Partner, Telecommunications and Privacy & Information Security Practices

Email dcevents@kelleydrye.com to register.

• Email This
• Print
• Share Link

Today, the FTC announced data security settlements with two companies based on allegations that the companies failed to employ reasonable data security measures. The twist in these cases, compared to prior FTC cases, is the focus on companies who act as service providers to businesses related to their employee data (as opposed to customer data).

The FTC settlements underscore:

1. that reasonably protecting employee/HR data is within the FTC's scope of enforcement under Section 5 of the FTC Act, and
2. the importance for all businesses to (a) exercise due diligence in selecting vendors that will have access to their employee/human resources data, and (b) confirm via contract and otherwise that the vendors have reasonable security measures in place (as to both the products being offered and the vendor's own business where the HR data will be maintained).

The Charges: In the two cases at issue, the HR service providers both incurred data breaches resulting in compromised employee information (e.g., employee names, addresses, social security numbers, dates of birth, direct deposit information). According to the FTC complaints:

• Ceridian (a payroll and human resource services provider) operated a web-based payroll processing service for small business customers. The FTC's allegations focused on the vendor's practice of storing the HR PII in plain text and indefinitely without a business need, remaining vulnerable to predictable SQL injection attacks, and not employing measures to detect and prevent unauthorized access to the PII. As a result, the FTC alleged the company lacked adequate network protections and mishandled its customers' employee information, resulting in a data breach that affected 28,000 employees of its small business customers.
• Lookout Services, Inc. markets a web-based compliance product for employers who need to maintain citizenship information about its employees. The FTC's allegations charged that the vendor failed to implement reasonable security safeguards, including the absence of reasonable security policies, inadequate passwords and user credentials, and an insecure web application, resulting in a data breach to the company's database that retained 37,000 social security numbers.

The Settlements: Under the settlements, Ceridian and Lookout Services must implement comprehensive information security programs that need to be independently audited every other year for 20 years. Additionally, the companies are barred from misrepresenting the privacy, confidentiality, and integrity of the personal information that they maintain in their systems. Violations of an FTC Order can subject a company to up to $16,000 per violation.

• Email This
• Print
• Share Link

Yesterday, the FTC announced a $750,000 settlement with the makers of an air purifier and a vacuum cleaner that were intended to create a healthier household environment. The vacuum cleaner featured a HEPA filter and ultraviolet light, while the air purifier featured an electrostatic precipitator that was intended to attract and trap particles in the air. The FTC alleged that the company deceived consumers by advertising that the respective products, "through normal use," could "kill[] virtually all bacteria, viruses, germs, mold, and allergens" either "on carpets and other floor surfaces" or "in the air of an average-sized household room." The FTC further alleged that the company's advertising promoted the products for preventing or reducing the risk of flu, colds, asthma, allergy symptoms, and other ailments. The company had disseminated claims through "infomercials, traditional television ads, print ads, in-store displays, and ads [appearing] online." Additionally, according to the FTC, the company had provided its distributors the "means and instrumentalities" for deceiving consumers. Presumably, the company provided its distributors with marketing materials or sales scripts. In addition to requiring monetary redress, the resulting consent order bars the company from making or assisting others in making germ or disease-fighting claims or any other health benefit claims for any vacuum cleaner or air filter -- unless it possesses appropriate "competent and reliable scientific evidence."

This settlement is significant for at least two reasons. First, no matter the industry, if a company is making health-related claims, it should tread lightly and be sure its substantiation meets the FTC's competent and reliable scientific evidence standard. In recent years, the FTC has targeted health-related claims being made for foods, dietary supplements, and more exotic products, like "detox foot pads." This settlement shows that health-related claims for any type of product in the FTC's purview may become a target. Second, this settlement serves as a reminder that companies are ultimately responsible for the claims and marketing materials they send downstream. The companies in the best position are those with measures in place to ensure that compliance follows as products move through the stream of commerce and into the hands of consumers.
 

• Email This
• Print
• Share Link

Google has agreed to settle Federal Trade Commission (“FTC”) claims alleging that the 2010 launch of Google Buzz, a social networking feature linking Gmail users with other people on Google’s network, involved deceptive tactics and violated Google’s privacy policy. The proposed settlement includes two firsts for the FTC:

• First FTC settlement that requires a company to implement a comprehensive privacy program
• First FTC settlement involving alleged violations of the U.S.-EU Safe Harbor Framework privacy requirements

The FTC Complaint

In its administrative complaint, the FTC alleged that: (1) some Gmail users who declined to enroll in Google Buzz were enrolled anyway; (2) Gmail users that enrolled in Google Buzz were not adequately informed that the people they email most frequently would be publicly disclosed through the “following/followers” function; and (3) the identities of Gmail users that later “turned off” Google Buzz were not removed from the social network. Google’s privacy policy stated that information would never be used “in a manner different than the purpose for which it was collected” without the user’s prior consent; however, the FTC alleged that use of information provided to Gmail was used for another purpose, the Google Buzz social networking feature, without the users’ consent.

• Email This
• Print
• Share Link

Pursuant to an enforcement policy the FTC announced earlier today, retailers of fur products that were previously subject to the $150 exemption under the Fur Products Labeling Act (“Fur Act”) will not have to pull those products from shelves by Friday. Under previous Fur Act authority, the FTC had exempted products containing fur or fur trim with a component value of $150 or less from fur-content labeling (de minimis exemption). The recently-passed Truth in Fur Labeling Act eliminates that authority and mandates that, starting March 18, 2011, products previously covered by the de minimis exemption will be subject to the Fur Act’s disclosure requirements.

Although coat selling season is winding down, many retail floors and websites still include fur products that, when purchased by the retailer and initially offered for sale, were subject to the exemption. The fur industry expressed concern that compliance with the March 18 deadline for these products would cause significant economic loss, including destruction of some of those products. In response to those concerns, the new enforcement policy includes a forbearance period with the Commission noting that, “While compliance with the letter of the law is important, the Commission also recognizes that new obligations may sometimes create significant burdens on parties that have relied in good faith on previous requirements.” Thus, the Commission will not enforce Fur Act labeling requirements against any retailer offering previously-exempt products as long as (1) the products were delivered to the retailer on or before March 18, 2011 and sold by March 18, 2012 and (2) the products are not mislabeled under the old requirements. The Commission encourages retailers to communicate fur content information in other ways during the forbearance period.

The Commission also requests comments on its Fur Labeling and Advertising Rules, which require fur products to bear certain labeling. The comment request is pursuant to the FTC's periodic regulatory review and the requirement in the Truth in Fur Labeling Act to review the Fur Products Name Guide. Please contact us if you're interested in preparing comments, which are due by May 16, 2011. 

• Email This
• Print
• Share Link

This morning, the FTC announced a settlement with a company that sells guitar lesson DVDs using social media. According to the complaint, the company recruited affiliates to promote its courses through endorsements. In exchange, affiliates received commissions on sales resulting from referrals. The FTC charged that the company disseminated deceptive ads by representing that the endorsements reflected the views of ordinary “independent” consumers, without clearly disclosing that the affiliates were compensated. To settle the case, the company must pay $250,000 and monitor affiliates to ensure they are disclosing the commissions.

This isn’t the first case a regulator has brought against this type of campaign. For example, last year, the FTC entered into a similar settlement with a company that failed to disclose that endorsers were connected to the company. And the New York Attorney General recently also challenged a company whose employees wrote reviews while posing as independent consumers.

As we have noted in previous posts, endorsers are required to disclose any material connections to the companies whose products they endorse. Companies would be well-advised to establish written policies designed to ensure that their employees, bloggers, and other agents make the required disclosures. In addition, companies should closely monitor bloggers and take actions against those that do not comply with their policies.
 

• Email This
• Print
• Share Link

On February 1, 2011, the Food and Drug Administration (FDA) issued a warning letter to dietary supplement maker Tennessee Scientific, Inc., relating to a number of product claims on the company’s website. The letter states that the products are unapproved drugs and that the claims are unauthorized disease claims. The claims at issue involve treatment and mitigation of a host of diseases including numerous cancers, inflammatory conditions, and heart disease.

What is unusual about this particular warning letter is that the FDA cites the Federal Trade Commission’s (FTC) advertising standards as a further basis for challenging the company’s conduct. The letter states: “In addition, it is unlawful under the FTC Act, 15 U.S.C. § 41 et seq., to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating the claims are true at the time they are made.”

FTC enforcement actions pertaining to Nestlé, Iovate and Dannon have garnered significant attention in the food and dietary supplement communities because the consent orders in these cases require the advertiser to obtain FDA approval before making certain health benefit claims in advertising.

For marketers of foods and dietary supplements, the Tennessee Scientific warning letter is notable for the following points:

• it further confirms the high level of cooperation ongoing between the FDA and FTC given that this is the second joint warning letter issued by the agencies in recent months;
• it confirms that websites may be considered both labeling and advertising, and that features such as product name, website name, metatags and clinical study titles on websites may give rise to actionable claims by either agency; and
• by sending a joint letter, the FTC has already established a record that Tennessee Scientific does not have FDA approval for their products or their product claims. Although FTC Consumer Protection Bureau Director David Vladeck recently stated that FDA approval is not a prerequisite to health benefit advertising claims, a joint letter sets an easy stage from which the FTC can take the position that unauthorized disease claims violate the FTC Act. This action further supports the conclusion that the drug-like substantiation provisions in the Nestlé, Iovate and Dannon orders are the new de facto standards for all advertisers making similar claims.

Industry stakeholders should evaluate the substantiation behind their products’ health benefit claims in light of these recent developments and fully consider FDA and FTC standards when creating website or other claims content that could be considered advertising or labeling.

• Email This
• Print
• Share Link

On January 21, 2011, Kelley Drye & Warren hosted the seminar and audiocast, "Privacy By Design, Choice, and Transparency: What a New Framework Will Mean for Business and Technology." The seminar highlighted key regulatory and legislative developments in privacy and information security law during the past year.

Click here to listen to the audio recording.

Dana Rosenfeld, Kelley Drye partner and chair of the firm's Privacy and Information Security practice, opened the seminar by reflecting on the emphasis in 2010 and going forward for 2011 on bringing greater clarity to commercial privacy practices for the benefit of both consumers and commercial entities. Six experts representing the federal agencies and policymakers integral to recent privacy initiatives spoke during two separate panel sessions. The first panel reviewed and expanded upon the separate privacy frameworks released in December 2010 by the Federal Trade Commission ("FTC") and the U.S. Department of Commerce1. The second panel included a discussion on the confluence of privacy policy and broadband adoption, along with perspectives on the privacy themes of greatest interest to the new Congress. Click here to read an overview of the key takeaways from each panel.

• Email This
• Print
• Share Link

Earlier this month, we posted that the Washington AG announced a settlement with a company that misrepresented that consumers’ computers were at risk. As part of the settlement, the company agreed to pay refunds to consumers. This week, the FTC announced a settlement involving similar issues and remedies. According to the FTC, the company used deceptive ads to trick consumers into thinking their computers were infected with malicious software, and then sold them software to “fix” the non-existent problems. As part of the settlement, the company agreed to pay over $8 million that will be used to reimburse consumers.

We’ve also made several posts regarding free trials. This week, the FTC also announced that a federal court has frozen the assets of corporations and an individual behind an enterprise that allegedly made more than $275 million by luring consumers into deceptive “trial” memberships. According to the FTC complaint, the companies offered “free” information at no risk and asked consumers to provide billing information to pay a shipping and handling fee. But when consumers provided their billing information, the companies charged a hefty one-time fee, as well as recurring monthly fees. The FTC is seeking to return money to consumers.

Although these cases involve allegations of egregious marketing practices, the basic principles underlying the cases apply to all companies. Advertisers need to make sure they accurately describe their offers and clearly disclose the terms of any free trials. The cases also demonstrate that the costs of failing to comply with advertising laws can be significant.

• Email This
• Print
• Share Link

In October, we posted that the FTC had proposed revisions to the “Guides for the Use of Environmental Marketing Claims,” more commonly known as the “Green Guides.” Among other things, the FTC’s proposed revisions address carbon offset claims and environmental certifications. In recent weeks, there has been legal actions on both of these issues.

A consumer recently filed a class action lawsuit against Fiji Water Company, alleging that Fiji falsely claims its bottled water is “carbon negative.” In addition, Fiji advertised: “we will continue to offset 120% of our emissions. That means that we are not only mitigating our environmental impact but also making up for a little bit of someone else’s.” The plaintiff alleges that consumers understand Fiji’s claims to mean that Fiji’s current operations remove more carbon from the atmosphere than they release into it. According the complaint, though, this is not true. Instead, Fiji uses a “discredited” accounting method called “forward crediting.”

This week, FTC announced a settlement with Tested Green over the company’s environmental certification program. According to the FTC, Tested Green advertised and sold environmental certifications while claiming to be the “nation’s leading certification program with over 45,000 certifications in the United States.” The FTC alleged, however, that Tested Green never tested any of the companies it provided with environmental certifications, and would “certify” anyone willing pay a certification fee. The agency charged that the company violated the FTC Act by providing the means to deceive consumers.

There has been an increased focus on green claims in light of the FTC’s announcement last year. Companies should carefully examine their claims to ensure that they are aligned with the FTC’s guidance and that they do not overstate potential environmental benefits.

• Email This
• Print
• Share Link

Today, the U.S. Department of Commerce released its version of an online commercial data privacy framework in a report entitled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework. The report is the result of a review by the Commerce Department’s Internet Policy Task Force, launched in April of 2010, which included staff from National Telecommunications and Information Administration (NTIA), the International Trade Administration, and the National Institute for Standards and Technology. The report comes two weeks after the Federal Trade Commission (FTC) released a preliminary staff report also on recommendations for an online privacy framework.

The report presents possible approaches to develop an online data privacy framework and proposes questions for further comment. The report includes four broad categories of

• Email This
• Print
• Share Link

Further to our December 1, 2010 post "FTC Releases Proposed Framework for Protecting Consumer Privacy", Kelley Drye has issued a client advisory with a more detailed discussion of the FTC's proposed privacy framework.

• Email This
• Print
• Share Link

Last night, the U.S. Senate passed by unanimous consent the Truth in Fur Labeling Act (H.R. 2480).  The legislation, identical to the legislation that previously passed the House of Representatives, will now go to the White House for signature.  President Obama is expected to sign, and the bill will then become effective in 90 days.

The bill will eliminate the current exemption from the Fur Products Labeling Act if the cost to a manufacturer of fur trim used on a garment (not including the cost of adding the trim to the product) or a manufacturer’s selling price of a fur product is $150 or less.  The bill requires the Federal Trade Commission to review the labeling requirements of the Fur Products Labeling Act in 2011. 

Manufacturers, importers, and retailers of fur products should consider current practices in anticipation of the elimination of the $150 exemption and closely monitor the FTC's upcoming review. 

• Email This
• Print
• Share Link

 This post was written by the Kelley Drye & Warren Privacy and Information Security Practice Group.

Today, the FTC issued its highly-anticipated preliminary staff report on privacy, “Protecting Consumer Privacy in an Era of Rapid Change.”  The report proposes a new privacy framework for businesses and policymakers and addresses the Commission’s view that self-regulation has, up to now, failed to provide adequate consumer protection.  The framework would be applicable to the online and offline data handling practices of consumer data that can be reasonably linked to a specific consumer, computer, or device.  The report is largely based on a series of three public roundtables held over the past year that explored current privacy approaches. 

The proposed framework set forth in the report includes three primary recommendations: (1) Privacy by design; (2) Simplified choice for consumers on how their data is handled; and (3) Greater transparency for consumers on privacy practices:

1)      Privacy By Design – Incorporate consumer privacy protections into everyday business and each stage of product or service development.  Specifically, the report recommends that this process should:

  a)      Provide for reasonable security for consumer data;

  b)      Limit personal data collection to only data needed for a specific business purpose;

  c)      Limit personal data retention to only the period of time needed to fulfill the specific business purpose;

  d)      Securely dispose of personal data no longer being used; and

  e)      Implement reasonable procedures to promote personal data accuracy.

Additionally, the report recommends that a business’s internal privacy practices should include:

a)      Dedicated personnel to oversee privacy issues;

b)      Employee training on privacy issues; and

c)      Privacy reviews for new products or services.

2)      Simplified Choice – Provide consumers with simpler, more streamlined choices about privacy practices. The report recommends that businesses should:

a)      Identify “commonly accepted” data practices for which consumer choice is not necessary, e.g., product fulfillment, improvement of internal business operations, fraud prevention, legal compliance, and first-party marketing; and

b)      Identify data practices that are not “commonly accepted,” and provide consumers with clear descriptions of these practices in context with the request (e.g., at the time when the consumer provides his or her information or through a universal mechanism);

c)      Offer consumers greater choice, particularly with data practices not “commonly accepted,” such as behavioral advertising. To this end, the Commission staff supports a “Do Not Track” tool that allows the consumer to decide whether to receive targeted ads.

3)      Greater Transparency – The report recommends the following measures for companies to take to make their data practices more transparent to consumers:

a)      Make privacy policies easy to understand and useful as a consumer tool to compare businesses’ practices;

b)      Provide consumers with access to data that companies maintain about them;

c)      Obtain affirmative consent for material, retroactive changes to data policies; and

d)      Educate consumers about commercial data privacy practices.

The proposals within the preliminary report are not directly enforceable regulations, but they are instructive and provide insight on what businesses can expect in privacy enforcement trends in the future. The report invites public comment with a filing deadline of January 31, 2011. 

Kelley Drye will be circulating a client advisory with a more detailed discussion of the FTC’s proposed privacy framework shortly.

• Email This
• Print
• Share Link

For nearly 30 years, the Federal Trade Commission ("FTC") has sought, and federal courts have awarded, monetary redress for consumers in actions brought under Section 13(b) of the Federal Trade Commission Act ("FTC Act"). A recent article authored by John Villafranco and Dan Blynn entitled, "Consumer Redress Under Section 13(b): Correcting the Record," which was published in the November 2010 issue of Regulatory Affairs Professionals Society's Regulatory Focus magazine, clarifies what a court can and cannot award in Section 13(b) litigation.

The article (i) identifies the types of equitable monetary relief that typically are awarded in such actions, and distinguishes between equitable restitution (which may be awarded) and legal restitution (which may not); (ii) discusses the concept of “tracing,” which is a necessary prerequisite to an award of restitution; and (iii) explains why disgorgement of a defendant’s net profits generally will be the only proper form and measure of consumer redress in Section 13(b) litigation.

Whether a court awards restitution or disgorgement in a Section 13(b) action can have a substantial impact on the amount of money that a defendant who violates the FTC Act might be ordered to pay in consumer redress. For example, a company that spends a significant amount of money on product advertising, marketing, and promotion might have low net profits (the measure of a disgorgement award) despite, at the same time, having high gross revenues from product sales (typically awarded in restitution). In that case, the difference between an award of disgorgement or restitution could be the difference in a redress award totaling thousands rather than millions of dollars. Thus, companies and individuals who are named defendants in Section 13(b) actions should be aware of what form of consumer redress is awardable in such litigation and how that redress is measured, as it could impact settlement negotiations with the FTC and litigation strategy generally.

• Email This
• Print
• Share Link

Hot off the presses -- registration for the ABA Consumer Protection Conference (Feb. 3, 2011, Washington DC) is now open! There is limited seating, so early registration is encouraged.

The all-star line-up of speakers includes:

• FTC Commissioners Julie Brill, Edith Ramirez, and J. Thomas Rosch
• Canada Privacy Commissioner Jennifer Stoddart
• Tony West, Assistant Attorney General, DOJ
• David Vladeck, Director, Bureau of Consumer Protection, FTC
• Joel Winston, Associate Director, Division of Financial Practices, FTC
• Sarah Mathias, Associate General Counsel, FTC

And representatives from the California and Texas Attorneys General Offices, the National Advertising Division, the Center for Democracy & Technology, Electronic Frontier Foundation, the American Bankers Association, among others.

Hot topics to be addressed include privacy, CP enforcement priorities, new substantiation rules, third party liability, social media, and more.

The full program brochure and registration information are available at the ABA's website. Space is limited so register soon to secure your spot, and please spread the word!

Kelley Drye partner Alysa Hutnik is a Conference Co-Chair.

• Email This
• Print
• Share Link

Companies marketing functional foods or dietary supplements should be aware of the Federal Trade Commission’s new regime for using health-related advertising claims and the Food and Drug Administration’s heightened scrutiny of health-related front-of-package (FOP) labeling claims.

In two game-changing settlement orders, issued in July of this year, the FTC, for the first time, required that the companies under order (1) possess two clinical trials for weight loss claims and certain disease claims, (2) have FDA approval for most other disease claims, and (3) follow a new standard for relying on ingredient testing as claim substantiation. The FTC has indicated that it intends to include similar requirements in its future food and supplement orders, suggesting that these new standards soon could set the bar for all companies, regardless of whether they are under order or not.

Similarly, FDA has issued a series of warning letters challenging the use of nutrient content claims, health claims, and other health benefit claims in food and beverage product labeling. Recent FDA warning letters challenge a number of claims appearing on the principal display panel of food and beverage product labels, underscoring the agency’s enforcement and policy development priorities concerning the standards governing FOP labeling systems.

Kelley Drye's Advertising and Marketing practice group has prepared several articles to help companies navigate the new terrain successfully:

• “The FTC’s New Take on Health-Related Advertising: What Companies Facing FTC Enforcement Need to Know” provides strategies for companies that are faced with FTC action and includes summaries and analysis that will be useful for anyone trying to wrap their head around the new standards.
• “Ingredient Testing for Food and Supplement Advertising Claims: Keeping Up with an Evolving Standard” presents a comparison of the old ingredient testing standard versus the new standard from the recent orders. This article also provides practical pointers for how to base claims on ingredient testing within FTC’s current guidance.
• “Marketing Nutrition & Health-Related Benefits of Food & Beverage Products: Enforcement, Litigation & Liability Issues” examines key developments over the past year and a half involving food and beverage product marketing claims. This examination suggests that FDA and FTC enforcement priorities have contributed to increasing liability trends associated with nutrition and health-related product benefit claims.

With increasing enforcement and litigation activity, food and supplement companies should stay informed about government scrutiny of health-related claims and the standards for competent and reliable scientific evidence.

• Email This
• Print
• Share Link

This week, the FTC issued its proposed revisions to the "Guides for the Use of Environmental Marketing Claims" (the "Green Guides") and announced that it will be accepting public comment on the Proposed Guides until December 10, 2010. The Green Guides, first issued in 1992 and last revised in 1998, are designed to help businesses ensure that the environmental marketing claims they make are true and substantiated. Although the Green Guides are not legislative rules (and thus not directly enforceable regulations), they are instructive on how the FTC views certain types of environmental marketing claims, and the evidence necessary to support such claims to prevent them from being considered deceptive or unsubstantiated.

The proposed revisions update the existing Guides with respect to claims such as "degradable," "compostable," and "recyclable," and they propose new guidance for claims not currently addressed by the existing Guides. Popular recent environmental claims that receive specific guidance for the first time include "renewable" and "carbon offsets."

The Commission declined to propose definitions or specific guidance for other environmentally-friendly terms such as "sustainable," "natural," "organic," "life cycle assessment," and "biobased." The FTC's rationale for not giving these terms specific treatment was based in large part on lack of consumer perception data, along with deference to sister agencies' existing standards and definitions for these terms.

Click here for a summary of the FTC's changes to the existing Green Guides and its proposed revisions.

• Email This
• Print
• Share Link

On August 19, 2010, FTC staff closed an investigation into Limewire, LLC.  Limewire provides both a free and purchasable version of P2P software.  Based on the staff's closing letter, available here, the investigation focused on a security vulnerability in legacy versions of the P2P software that put users at risk of inadvertently sharing sensitive information stored on their computers.

FTC staff decided to voluntarily close the investigation. Among the factors considered as part of closing the investigation were:

• Limewire's incorporation of safeguards into the updated software's user interface to help users avoid the inadvertent sharing of sensitive documents;
• the high attrition rate for legacy versions of the software;
• Limewire's inability to force users to update to a newer software version; and
• users of some of the older software versions may have been able to avoid disclosure of sensitive PII (noting that an act/practice is not "unfair" under Section 5 unless it causes consumer injury that is not reasonably avoidable by consumers).

Given the staff's ongoing concern that consumers using the legacy software may remain at risk of PII disclosures, the staff stated its expectation that Limewire would continue to advise consumers to upgrade the software and participate in industry efforts to inform consumers about how best to avoid inadvertent sharing of sensitive documents.

This closing follows the FTC's press release earlier this year that it had notified nearly 100 organizations that their sensitive PII records were on P2P networks, and that it was investigating several organizations whose customer or employee information had been exposed on P2P networks. That press release is available here.
 

• Email This
• Print
• Share Link

In October 2009, the Federal Trade Commission (“FTC”) introduced a revised version of its Guides Concerning the Use of Endorsements and Testimonials in Advertising (the “Guides”). Key changes to the Guides include: (1) clarifying that the Guides apply to all advertising messages presented as the opinion or findings of a party other than the advertiser, regardless of the media that is used to disseminate the advertising message (e.g., blog, newspaper, infomercial, “word of mouth” marketing, talk show appearance); (2) elaborating on the types of situations involving new media (e.g., blogs, social networks) where the FTC will likely consider statements to be “advertising messages” sponsored by the advertiser; and (3) recommending that non-typical testimonials be accompanied by a clear and conspicuous disclosure of generally expected results.

On June 23, 2010, the FTC Bureau of Consumer Protection’s Division of Consumer and Business Education posted “The FTC’s Revised Endorsement Guides: What People Are Asking” (the “FAQs”), to help businesses and consumers better understand the FTC’s revisions to the Guides. The FTC’s FAQs address various questions the FTC has received since the revised Guides were introduced in October, including questions about when the revised Guides apply to endorsements in new media, how disclosures regarding a sponsored relationship or typical consumer results should be made, and how the Guides apply to affiliate and network marketing.

See the Kelley Drye client advisory for more details about the FAQs.

• Email This
• Print
• Share Link

This post was written by Sarah Roller and Megan L. Olsen.

On May 19, 2010, the Federal Trade Commission (FTC) approved a final settlement order with the Indoor Tanning Association charging that the association exaggerated the health benefits of indoor tanning and misrepresented that indoor tanning increases the risk of skin cancer. The settlement bars the Association from making misrepresentations about the health and safety of indoor tanning and requires that future advertisements from the association that make health or safety claims be accompanied by clear and prominent disclosures about the risks of indoor tanning. The Indoor Tanning Association represents tanning facilities and suppliers of tanning equipment.

• Email This
• Print
• Share Link

This post was written by Christopher M. Loeffler and Alysa Z. Hutnik.

On Tuesday, April 26, 2010, the Federal Trade Commission (FTC) announced that it intends to develop Internet privacy guidelines. The guidelines will examine social networking sites' data handling practices and create a framework to guide social networks and others going forward. Given the FTC's recently concluded Privacy Roundtables (see our posts here, here and here) and pending action items from the roundtables, the guidelines for social networks may provide a foundation for further FTC privacy guidance for businesses down the road.

The FTC's recent announcement follows complaints by US and international lawmakers and regulators regarding the privacy practices of several online companies. Senators Schumer (D-NY), Franken (D-MN), Bennet (D-CO), and Begich (D-AK) sent a letter to Facebook, expressing concern about the changes Facebook made to its privacy policy that make more user information publicly available, permit third parties to store users' information indefinitely, and allow for Facebook technology to be integrated with other websites. The Senators also called on the FTC to issue rules or guidance in this area. As noted previously, international regulators also recently sent a letter to Google expressing concern about its privacy practices.

While privacy laws have been in flux for some time, these events underscore how rapidly the regulatory environment for online businesses is changing, and a close watch on the FTC's actions and guidance will be critical to navigate the compliance road ahead.

• Email This
• Print
• Share Link

The Federal Trade Commission has launched a multi-media campaign through the website www.admongo.gov to educate children and teens, ages 8 to 12, about advertising. With “tweens” becoming a larger and more important part of the marketplace, the initiative seeks to raise kids’ awareness about advertising so they can make more informed decisions when they shop or play a role in family buying decisions.

The goal of the campaign is to boost advertising literacy by:

• Raising awareness of advertising and marketing messages
• Teaching critical thinking skills that will allow tweens to better analyze and interpret advertisements
• Demonstrating the benefits of being an informed consumer

In addition to an online game featured on Admongo.gov, other elements of the campaign include in-school curricula, sample ads that can be used at home and in the classroom, and teacher training videos. The FTC partnered with Scholastic in creating resources which have been distributed to elementary and middle school teachers nationwide.

In an interview on NBC's Today Show, Bureau of Consumer Protection Director David Vladeck explained that the program is designed to teach kids how to think critically about advertising messaging. He explained that while the FTC is not taking a position of whether ads are good or bad, the campaign gives kids the tools they need to "navigate through this very intensely commercial environment they live in."

As the tweens market is estimated at $200 billion in sales, advertisers should take note of these efforts to educate young consumers about how to distinguish between advertising and content, and consider how best to both inform and engage tweens with innovative messaging and product promotions.

For additional background on Director Vladeck's enforcement agenda, reference The Antitrust Source article, "Interview with David Vladeck, Director, FTC Bureau of Consumer Protection."
 

• Email This
• Print
• Share Link

In previous posts, we noted that the FTC's new Guides Concerning the Use of Endorsements and Testimonials in Advertising contain numerous provisions that apply to messages in social media, such as blogs, word-of-mouth marketing, and other promotions in which companies encourage consumers to speak on their behalf. Among other things, the Guides require bloggers to disclose if they have received a gift from, or have any other material connection to, a company whose products they write about. Although the companies themselves may be liable if bloggers fail to make the required disclosures, the FTC has suggested that the Commission would not hold a company liable if the company instructs bloggers about their requirements and takes steps to ensure the bloggers comply.

Earlier this week, the FTC announced that it was closing an investigation into whether Ann Taylor Stores violated Section 5 of the FTC Act in connection with a promotion in which the company provided gifts to bloggers who the company expected would blog about the company's LOFT division. According to the FTC's letter, some of the bloggers failed to disclose that they had received free gifts from LOFT, as required by law. After conducting an investigation, the FTC ultimately determined not to recommend enforcement action because, in part, "LOFT adopted a written policy . . . stating that LOFT will not issue any gift to any blogger without first telling the blogger that the blogger must disclose the gift in his or her blog." The FTC also noted that they expect the company to "monitor bloggers' compliance with the obligation to disclose gifts they receive from LOFT."

The FTC's investigation holds a number of important lessons for marketers. First, it is clear that the FTC is paying attention to whether bloggers and companies comply with the new Guides. Second, companies would be well-advised to establish written policies designed to ensure that their employees, bloggers, and other agents comply with the Guides. And, third, companies should closely monitor bloggers and take actions against those that do not comply with their policies. If companies fail to take these steps, they are more likely to be held liable for the actions of bloggers.

• Email This
• Print
• Share Link

The American Bar Association’s The Antitrust Source published an article, “Interview with David Vladeck, Director, FTC Bureau of Consumer Protection.” The in-depth interview examines Mr. Vladeck’s career as a litigator and professor and how his accomplishments and challenges are shaping his tenure at the Federal Trade Commission. The interview probes Mr. Vladeck’s views on topics including the commercial speech doctrine, social media, alternative remedies for data breaches, and a proposed Consumer Financial Protection Agency, among other subjects.

Click here to read a PDF of the article.
 

• Email This
• Print
• Share Link

On March 17, 2010, the Federal Trade Commission (FTC) held its third and final discussion from its roundtable series-Exploring Privacy. Panel topics focused on Internet Architecture and Privacy, Health Information, Addressing Sensitive Information, and Lessons Learned and Looking Forward.

The FTC intends to use the information gathered from these roundtables to restructure and guide its privacy agenda. Next steps for the FTC may include extending the application of fair information practices, increasing enforcement of unfair and deceptive privacy practices, and developing privacy models and frameworks to address new technologies and business models. FTC officials have stressed, however, that the Commission will review and analyze the information received through the roundtables and other channels before adopting any specific policies or initiatives.

• Email This
• Print
• Share Link

Late last night, the Senate unanimously confirmed Edith Ramirez and Julie Brill to fill the two vacant seats on the Federal Trade Commission (FTC).1 Ms. Ramirez will replace Republican Deborah Majoras, who stepped down from the Commission in March 2008, and Ms. Brill will replace Independent Pamela Jones Harbour, whose term ended in September 2009. Their positions start immediately upon confirmation. A brief background on each new Commissioner is provided below.

Julie Brill

Since February 2009, Ms. Brill has been a Senior Deputy Attorney General and Chief of the Consumer Protection and Antitrust Division for the North Carolina Department of Justice. Prior to joining North Carolina’s Department of Justice, Ms. Brill served as an Assistant Attorney General for the Vermont Attorney General’s Consumer Protection and Antitrust Divisions for over 20 years. Ms. Brill’s experience at the Vermont Attorney General’s office included a wide-variety of consumer protection litigation, legislative, and regulatory matters in the fields of privacy, credit reporting, financial services, tobacco, food, drugs and other health-related industries. As an Assistant Attorney General for the state of Vermont, Ms. Brill also testified before Congress regarding data security breach legislation and consumer privacy issues.

Ms. Brill has served as a Vice-Chair of the Consumer Protection Committee of the American Bar Association Antitrust Section since 2004 – the ABA committee chaired by John Villafranco (2002 to 2005) and August Horvath (2005-2009) of Kelley Drye. She has received several honors for her consumer protection and privacy work, including the National Association of Attorneys General Privacy Subcommittee Award in 2001 for drafting proposed privacy principles, Privacy International’s 2001 Brandies award for work on state and federal privacy issues, and the National Association of Attorneys General Marvin Award in 1995 for her “outstanding leadership, expertise, and achievement in advancing the goals of the association.” Additionally, she is also a Lecturer-in-Law at Columbia Law School.

Before beginning her career in law enforcement, Ms. Brill was an associate at Paul, Weiss, Rifkind, Wharton & Garrison in New York and she clerked for Vermont Federal District Court Judge Franklin S. Billings Jr. Ms. Brill is a graduate of New York University School of Law, where she received a Root-Tilden Scholarship for her commitment to public service. She received her bachelor’s degree from Princeton University.

Edith Ramirez

Ms. Ramirez is currently a partner in the Los Angeles office of Quinn Emanuel Urquhart Oliver & Hedges, LLP where she specializes in intellectual property and complex business litigation matters. She has represented a diverse range of clients in actions involving copyright and trademark infringement, antitrust and unfair competition claims, business tort, and other general business litigation cases. Notable litigation includes Hathaway Dinwiddie Construction Co. v. United Air Lines, Inc., where Ms. Ramirez successfully represented Hathaway Dinwiddie Construction on breach of contract claims, and Christian v. Mattel, Inc., where Ms. Ramirez helped obtain a $500,000 sanction against Mattel’s opposing counsel pursuant to Federal Rule of Civil Procedure 11 for filing a frivolous copyright infringement action against Mattel. Ms. Ramirez has also represented American Broadcasting Companies, The Walt Disney Company, The Scotts Company, and Northrop Grumman in a variety of intellectual property, antitrust, and contract litigation matters.

Ms. Ramirez is also involved with a number of community outreach activities. She has served as the Vice President on the Board of Commissioners for the Los Angeles Department of Water and Power, a member of the Board of Directors for Volunteers of America, and the California Deputy Political Director and Director of Latino Outreach for Obama for America.

Previously, Ms. Ramirez served as a law clerk to the Honorable Alfred T. Goodwin, United States Court of Appeals for the Ninth Circuit. She also worked as an associate at Gibson, Dunn & Crutcher, LLP. Ms. Ramirez attended Harvard Law School, where she was an editor for the Harvard Law Review, and she received her bachelor’s degree from Harvard-Radcliffe College.

1  http://senatus.wordpress.com/2010/03/03/nominations-confirmed-march-3/

• Email This
• Print
• Share Link

This post was written by Dana B. Rosenfeld and Christopher M. Loeffler.

On February 22, 2010, the Federal Trade Commission (“FTC”) announced that it notified nearly 100 organizations that personal information about the organizations’ customers or employees is available on peer-to-peer (“P2P”) file sharing networks. [1] Most recently, it notified nearly 100 businesses and governmental entities through an Internet-wide sweep, the FTC discovered that sensitive data such as health-related information, financial records, drivers’ license numbers, and Social Security numbers have been shared from organizations’ computer networks and are susceptible to those who may use the data for illegal practices such as fraud or identity theft. The Commission has not publicly identified which organizations were notified, but it stated that letters were sent to large and small private and public entities including schools and local governments.

• Email This
• Print
• Share Link

The law of comparative advertising covers advertising that compares alternative brands on price or other measurable attributes and expressly or impliedly identifies the alternative brand by name, illustration, or other distinctive information.

A new article in IP Litigator, “The Law of Comparative Advertising in the United States,” provides an overview, including the treatment of comparative advertising claims by the Federal Trade Commission and the National Advertising Division of the Council of Better Business Bureaus, Inc., and a discussion of some of the particular proof and burden-shifting issues triggered when comparative advertising claims are challenged under the Lanham Act. The article then provides practical guidance to in-house attorneys and outside counsel on strategies for challenging comparative advertising claims made by a competitor when the client contends that the claims cannot be substantiated.

• Email This
• Print
• Share Link

The Federal Trade Commission told the U.S. Senate Committee on Commerce, Science and Transportation on Thursday, February 4, 2010, that additional law enforcement powers would allow the agency to protect consumers more effectively.

While much of the testimony detailed the FTC’s efforts to protect consumers from financial fraud that has occurred in connection with the downturn in the economy, the additional powers sought by the FTC would enhance its ability to protect consumers for any violation of one of the laws that it enforces.  The agency encouraged Congress for authority:

1. to use more efficient rulemaking procedures to address consumer protection issues and enhance the agency’s ability to stop financial fraud;
2. to seek civil penalties for violations of the FTC Act rather than just rules or orders that have already been promulgated;
3. to act against those who assist others they know, or consciously avoid knowing, are engaged in unfair or deceptive practices under the FTC Act; and
4. to prosecute civil penalty cases in federal court in its own name so that it can bring cases more quickly and more effectively.

Interestingly, Commissioner Kovacic dissented from the Commission’s endorsement of authority to use, for promulgating all rules respecting unfair or deceptive acts or practices under the FTC Act, the notice and comment procedures of the Administrative Procedures Act (“APA”). While other agencies have the authority to issue significant rules following notice and comment procedures, Commissioner Kovacic stated that the Commission's rulemaking authority is unique in its range of subject matter (unfair or deceptive acts or practices) and sectors (reaching across the economy, except for specific, albeit significant, carve-outs). Except where Congress has given the Commission a more focused mandate to address particular problems, beyond the FTC Act's broad prohibition of unfair or deceptive acts or practices, Commissioner Kovacic believes it prudent to retain procedures beyond those encompassed in the APA. However, he supports sector-specific APA rulemaking to promulgate rules that set forth unfair or deceptive acts or practices relating to all financial services. Further, he would be willing to consider more generally whether all the procedures currently required to issue, repeal, or amend rules issued under the FTC Act are necessary.

Commissioner Kovacic also dissented from the Commission's endorsement of across-the-board civil penalty authority.  Commissioner Kovacic believes that the existing consequences attendant to a finding that an act or practice is unfair or deceptive under the FTC Act are generally appropriate remedies, and they are consistent with the goal of developing FTC law to develop new doctrine and to reach new and emerging problems. In his view, the routine availability of civil penalties, even if subject to a scienter requirement, would risk constraining the development of doctrine, much as judicial concerns about the availability of private litigation with mandatory treble damages appear to be constraining the development of antitrust doctrine.  Commissioner Kovacic would prefer that Congress grant more targeted authority to seek civil penalties, perhaps including civil penalty authority where financial services are involved, and particularly including civil penalty authority in matters where existing remedies are likely to be inadequate.

Regarding President Obama’s proposed Consumer Financial Protection Agency, the testimony expressed FTC support for the goal of making consumer financial protection more effective while ensuring that the FTC’s authority and ability to protect consumers remains uneroded and clear. The FTC told Congress that it should remain active and effective in policing financial and nonfinancial products and services.  Commissioner Kovacic and Commissioner Rosch recommended, perhaps as an alternative to creating a new agency to perform the federal banking agencies’ current consumer protection functions, that the Committee consider a model by which consumer protection with respect to banks and other depository institutions would be enhanced by providing the Commission with a role in protecting consumers of depository institutions. Such expansion of the Commission’s consumer protection role would require a concomitant increase in the Commission’s resources to ensure the continuing excellence of its enforcement record.

• Email This
• Print
• Share Link