On Wednesday, the California Assembly voted to approve two bills to amend the California Consumer Privacy Act (“CCPA”). The legislation now moves to the California Senate.

In total, the Assembly has approved five CCPA amendments. Four bills remain pending before the full Assembly. Here’s the full list:

Approved by the California Assembly This Week

  • Assembly Bill 873: broadens the definition of “deidentified” and clarifies that “personal information” includes information that “is reasonably capable of being associated with” a consumer or household. (Approved May 22, 2019.)
  • Assembly Bill 981: exempts insurance institutions, agents, and insurance-support organizations (i.e., organizations assembling or collecting information about natural persons for the primary purpose of providing the information to an insurance institution or agent for insurance transactions) from complying with CCPA. (Approved May 22, 2019.)

Previously Approved by the California Assembly

  • Assembly Bill 1564: requires consumers to submit CCPA requests to businesses via a toll free number or an email address and a physical address. (Approved May 13, 2019.)
  • Assembly Bill 874: streamlines the definition of “publicly available” to mean information that is lawfully made available from federal, state, or local government records. The bill also seeks to amend the definition of “personal information” to exclude deidentified or aggregate consumer information. (Approved May 9, 2019.)
  • Assembly Bill 1355:  exempts deidentified or aggregate consumer information from the definition of personal information, among other clarifying amendments. (Approved May 9, 2019.)

Voted out of Committee

  • Assembly Bill 25: changes the CCPA so that the law does not cover collection of personal information from job applicants, employees, contractors, or agents. (On docket for full Assembly vote this week.)
  • Assembly Bill 846: provides certainty to businesses that certain prohibitions in the CCPA would not apply to loyalty or rewards programs. (On docket for full Assembly vote this week.)
  • Assembly Bill 1146: exempts vehicle information retained or shared for purposes of a warranty or recall-related vehicle repair. (On docket for full Assembly vote this week.)
  • Assembly Bill 1202:  Data broker registration legislation would require data brokers to honor consumer opt-outs and any other rights afforded by the CCPA (On docket for full Assembly vote this week.)

The two newly passed CCPA amendments now move to the Senate. Our team will continue to track any new developments regarding these bills.

Kelley Drye & Warren LLP announced the launch of the Ad Law Access podcast – a new podcast from its advertising law and privacy law groups.  Hosted by Kelley Drye attorneys, including Christie Grymes Thompson, Alysa Hutnik, John Villafranco, Gonzalo Mon, and Kristi Wolff, the podcast provides updates on advertising and policy law trends, issues, and developments.

“Our goal is to provide listeners with high-level, insightful analysis on the major issues in consumer protection law as they develop,” said Christie Thompson, chair of the advertising and marketing practice.  “We have structured these as shorter episodes – perfect for a morning or evening commute or lunch break – to give people digestible information that they can easily apply.”

Currently, listeners can find the following episodes:

The Ad Law Access podcast is available now through Apple’s iTunes, Spotify, Google Play, SoundCloud, and soon through other podcast services.

On May 17, AdvoCare International LP, marketer of “innovative nutritional, weight-management and sports performance products,” made the extraordinary announcement that it was abandoning its business model. It would no longer engage in multilevel marketing; all sales from here on in would be direct-to-consumer, a single-level marketing compensation plan.

In making this announcement, AdvoCare disclosed that it “has been in confidential talks with the Federal Trade Commission (FTC) about the AdvoCare business model and how AdvoCare compensates its Distributors.” AdvoCare further stated that “[b]ased on more recent discussions, it became clear that this change is the only viable option.”[1] This “change,” effective July 17, will reportedly affect approximately 100,000 distributors.

Wait, what?

Today Law360 published the article “A Potential New Fight Over FTC’s 13(b) Authority.” The article provides an analysis of the “existential threat” to the FTC fraud enforcement program.

To read the article, please click here.

In February, we posted that the California Attorney General and state Senator Hannah-Beth Jackson had announced a bill that would have materially expanded legal exposure for businesses under the CCPA. The most concerning parts of the bill were the attempts to expand the private right of action to cover privacy practices, while simultaneously removing companies’ rights to cure violations before facing a suit.

  • Private Right of Action:  The enacted CCPA includes a private right of action limited to data breaches. Any consumer who is the victim of a breach of unencrypted or unredacted personal information (as that term is defined by the law) “as a result of a violation of the duty to implement and maintain reasonable security procedures and practices” can recover statutory damages of up to $750 per incident. The bill would have expanded the private right of action to cover violations of other sections of the law, namely the provisions covering privacy-related obligations (e.g., notice requirements, right to deletion, and the right of access).
  • Right to Cure:  The CCPA requires the Attorney General to give businesses notice and 30 days to cure alleged violations before the Attorney General can seek an injunction and civil penalties. This 30-day cure period can provide a warning to businesses that are trying to comply with a confusing law, if their efforts fall short.  The proposed bill, however, would have removed the right to cure, leaving businesses immediately exposed to any violations.

On April 29, 2019, the California Senate Appropriations Committee – the Committee responsible for overseeing the state’s budget – placed the bill, S.B. 561, in the Committee’s “Suspense File” by a unanimous vote. The Suspense File is where bills with a significant financial impact are placed so that the Appropriations Committee can consider their financial impact once they have a better sense of the year’s budget. Yesterday, the Committee decided not to let the bill out of the Suspense File, effectively killing the bill.

Although companies still have a lot of work to do to address CCPA compliance obligations, they can breathe a little easier knowing that the threat of lawsuits for any minor violation has been diminished.

On May 9, the Federal Trade Commission Chairman and Commissioners testified before the House Committee on Energy and Commerce’s Subcommittee on Consumer Protection and Commerce on a number of issues. Reaffirming a previous commitment for increased scrutiny of deceptive “Made in USA” advertising, FTC Chairman Simons told Congress the agency plans to hold a workshop in which it will more closely examine penalties and remedies.

During the hearing, Congressman Tony Cardenas (D-CA) expressed concern about the lack of “Made in USA” enforcement activity and urged a more aggressive approach. Chairman Simons said the agency has historically relied upon injunctive relief in “Made in USA” cases, but the upcoming workshop would provide a venue for current Commissioners to examine how to “beef up” remedies going forward. Commissioner Chopra, who has been outspoken on the issue, stressed the need for monetary penalties to deter future violations and protect “honest” American manufacturers.

This hearing comes after the FTC Commissioners testified before the Senate Commerce Committee’s Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security addressing three settlements that came under scrutiny, which we previously wrote about here.

As we’ve tracked here, the FTC initiated talks of stricter enforcement of penalties and remedies for “Made in USA” fraud that includes the workshop referenced by Chairman Simons to Congress. Commissioner Chopra released a statement calling for more stringent enforcement of the agency’s “Made in USA” advertising policies, as he emphasized in his testimony above.

In an April 2019 settlement, a US-based marketer of water filtration systems agreed to pay a civil penalty of $110,000 in addition to injunctive measures to settle false claims charges brought by the FTC in 2017. The company admitted to deceiving consumers with “Made in USA” advertising when in fact the marketer’s filters are either wholly imported or are made with a significant portion of parts from overseas. The admission of deceptive conduct is new term in FTC settlements, and has the potential to increase liability given the likelihood of follow-on regulatory investigations or consumer class litigation.  This case is also notable because it is one of relatively few in which the FTC has sought civil penalties.

With this context in mind, advertisers relying on “Made in USA” claims may want to revisit the FTC’s guidance on “Made in USA” claims to ensure they are in compliance. For more information on “Made in USA” advertising, check out our webinar and materials.

The Consumer Review Fairness Act was enacted in 2016 to protect consumers’ ability to share their opinions about Negative Reviewsbusinesses. In general, the law prohibits companies from using form contracts that: (a) prohibit or restrict consumers from reviewing a business’ goods, services, or conduct; (b) impose penalties or fees on consumers for those reviews; or (c) requires consumers to give up their intellectual property rights in the content of those reviews. Last week, the FTC announced settlements with three companies for alleged violations of the Act.

It’s worth noting the types of clauses that caught the FTC’s attention:

  • One company included a provision stating each customer “agrees not to file any complaints with the Better Business Bureau.”
  • Another company included a provision telling customers “not to publicly disparage or defame [the company] in any way or through any medium.”
  • And the third company barred “any negative statement, whether written or oral including social media about our company, volunteers, owners, representatives, etc.”

As part of the settlements, each company is prohibited from including provisions in form contracts that violate the Act. In addition, the companies are required to notify consumers that previously entered into contracts with the problematic clauses, informing them – using language provided by the FTC – that the non-disparagement provisions are void. Needless to say, no company is going to enjoy sending that communication.

Although the companies were not required to pay money, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, hinted that future violations could end up differently. “These gag clauses are illegal, and companies that know it but use them anyway will be subject to civil penalties.”​

Yesterday, Commissioner Christine Wilson testified before the U.S. House Committee on Energy and Commerce Subcommittee on Consumer Protection and Commerce, and asked Congress to clarify the extent of the FTC’s authority to obtain monetary relief under Section 13(b) of the FTC Act.

The Commissioner’s remarks reflect the agency’s concern over the recent decision of the U.S. Court of Appeals for the Third Circuit in FTC v. Shire Viropharma Inc., holding that the FTC may only bring a case under Section 13(b) of the FTC Act when the FTC can articulate specific facts that a defendant “is violating” or “is about to violate” the law. And Shire may not be a one-off decision; the same issue is under review in the Seventh Circuit, which heard argument last month in FTC v. Credit Bureau Center, is likely headed to the U.S. Court of Appeals for the Eleventh Circuit in FTC v. Hornbeam Special Situations, and is before the Ninth Circuit, where Judge Diarmuid O’Scannlain in FTC v. AMG Capital Management, urged the Circuit to sit en banc to review what he sees as wrongly-decided prior decisions that had allowed the FTC to pursue monetary damages under Section 13(b).

In her remarks, Commissioner Wilson provided some perspective on how important this issue is to the FTC:

Decades of cases have established two key principles. First, the FTC may bring actions in federal district court to obtain injunctive relief. Second, the authority to grant injunctive relief confers upon courts the full panoply of equitable remedies, including equitable monetary relief. Our ability to protect consumers relies heavily on this authority. For decades, the FTC has used Section 13(b) to halt unfair and deceptive practices that have caused billions of dollars in consumer injury.

Commissioner Wilson referred to Shire and AMG Capital Management, noting that “recent decisions have raised questions about our authority that conflict with the clear intent of Congress and long-established case law.” She rejected the reasoning of the Third Circuit, which concluded that the FTC cannot seek injunctive relief when the challenged conduct is not “ongoing or imminent” adding that “fraudsters frequently cease their unlawful conduct when they learn of an impending law enforcement action” or “often suspend dubious advertising claims or anticompetitive conduct during the pendency of an FTC investigation.” She concluded that “this outcome is contrary to both Congressional intent and the vast majority of Section 13(b) case law” and urged Congress to provide clarification consistent with the FTC’s reading of the statute.

Representative Tony Cardenas (D-CA) was sympathetic to the appeal for clarification. He noted that, in 2018, the FTC was able to provide $2.3 billion in refunds to consumers who were defrauded. He asked for further comment about the implications of the recent decisions. Chairman Joseph Simons characterized the effect as devastating to fraud enforcement efforts and the FTC’s ability to make consumers whole. In response to this this exchange, Representative Cardenas stated that he agreed that Congress needs to clarify the law.

The CFPB released its proposed rule governing debt collection, which would impose new requirements for debt collectors related to when and how a consumer can be contacted, what can and must be said when a consumer is reached, and the procedures to validate and verify a debt.  Industry and other stakeholders have long anticipated the proposed rule, which follows a July 2016 outline of proposals and November 2013 Advanced Notice of Proposed Rulemaking, previously discussed here.  The immediate response to the proposed rule has been mixed from both industry and consumer advocates – with provisions addressing call frequency and texting generating the most attention, as discussed more fully below.

The proposed rule generally applies only to “debt collectors,” as that term is defined under the Fair Debt Collection Practices Act (FDCPA), and thus would not apply to creditors or so-called “first-party” collectors seeking to collect a debt owed directly.  Additionally, certain requirements would apply only to those who collect debt related to a consumer financial product or service, based on the Bureau’s interpretation of its authority to promulgate rules under the Dodd-Frank Act to implement the FDCPA.

Notable substantive aspects of the proposal include:

  • Call frequency limitations. The proposed rule would generally prohibit collectors from calling consumers more than seven times per week regarding a specific debt and require a collector to wait at least a week before calling the consumer once a conversation takes place. While consumer advocates have argued that this provision would effectively green light seven calls per week in connection with each consumer debt, debt collectors would continue to be subject to preexisting laws that already prescribe requirements for contacting consumers by phone generally, such as the Telephone Consumer Protection Act (TCPA).  Some in industry, on the hand, have countered that an absolute call frequency limit would neither be workable nor practical, and have asserted that appropriate call frequency should instead be determined on a case-by-case basis.
  • Text messages and emails as acceptable communication methods with new limitations.  The proposed rule acknowledges that emails and text messages are regularly used for debt collection purposes and permits that use subject to certain restrictions, such as requiring instructions that permit the consumer to opt out from receiving messages.  The rule would impose new limitations that would operate in addition to existing requirements under the TCPA and state laws, which are not preempted under the proposal.  The proposed rule would also create a new category of messages called a “limited-content message,” which would only contain certain information and not be deemed a “communication” for purposes of general limitations under the FDCPA.
  • Disclosures and validation notices.  The proposed rule provides more details regarding the information that must be included in written notices following an initial communication a debt, and requires collectors to provide prompts that a consumer could use to dispute a debt, request information about the original creditor, or take certain other actions.  The proposal offers a model validation notice that could be used to comply with these requirements and creates a safe harbor if a collector complies with certain steps when delivering the validation notice.
  • Recordkeeping.  The proposed rule would also require collectors to retain evidence of compliance, including records evidencing that collectors perform the actions and made the disclosures required under the rule.  The rule allows such records to be retained by any method that reproduces the records accurately (including electronically) and that ensures that the debt collector can easily access the records.

Interested parties should review the proposed rule closely to assess how the new requirements could impact current and future practices.  Comments on the proposed rule are due 90 days from publication in the Federal Register, which should take place shortly.

The line between what’s an objective claim (which does require proof) and puffery (which does not require proof) isn’t always clear, and reasonable minds can differ as to on which side of the line a claim belongs. When the Eighth Circuit held in 2004 that “America’s Favorite Pasta” was puffery, many people were surprised and wondered how the NAD would have decided that case. Now, in a case involving Goya’s “Puerto Rico’s favorite pasta” tagline, we have an idea.

Goya Pasta Box

Goya advertises that its Excelsior brand pasta is “La Pasta Favorita de Puerto Rico.” In some cases, that tagline is accompanied by other superlatives, such as statements that the pasta is “delicious” and the “best for your family.” A competitor challenged these claims at the NAD, demanding that Goya provide substantiation. Pointing to the Eighth Circuit case, Goya argued that its claims were merely puffery and that it didn’t need any proof. The NAD disagreed.

Starting with a dictionary, the NAD noted that “Favorite” is defined as a “person or thing that is preferred to all others of the same kind or is especially well liked.” Moreover, by referencing “Puerto Rico,” NAD determined that Goya had clearly defined the market in which the preference claim applies. Accordingly, NAD found that Goya’s tagline could reasonably convey a message that Excelsior is preferred to all other pasta brands in Puerto Rico.

Goya pointed to ads in which its tagline was used in conjunction with “fanciful superlatives,” such as “delicious,” which cannot themselves be measured. But the NAD noted that the use of those superlatives didn’t change its analysis. Highlighting those attributes could suggest that they are the reasons “why consumers prefer Excelsior pasta and contributes to the net impression that consumers in Puerto Rico prefer Excelsior to all other brands.”

Claims that a brand is the “favorite” must generally be supported by sales data or consumer survey data. Because Goya didn’t have either, the NAD recommended that Goya stop using the tagline, both online and on product packages.

This case illustrates why the line between objective claims and puffery can be blurry. It also suggests that if a company determines that there is risk associated with a claim, it should think carefully about where it makes that claim. While removing claims online is can be relatively straightforward, removing claims on product packages is a lot more complicated and burdensome.

On April 23, the California Assembly’s Committee on Privacy and Consumer Protection held a hearing to discuss a number of proposed amendments to the California Consumer Privacy Act (CCPA).  Here are some of the key bills the Committee voted to move forward:

  • Assembly Bill 25: seeks to amend the definition of a “consumer” to exclude personal information from a job applicant, employee, contractor, or agent.
  • Assembly Bill 846: seeks to amend the prohibitions on a business from differential treatment of a consumer by excluding a consumer’s voluntary participation in a loyalty, rewards, premium features, discount, or club card program.
  • Assembly Bill 873: seeks to broaden the definition of “deindentified” and remove “is capable of being associated with” and “household” from the definition of “personal information.”
  • Assembly Bill 874: seeks to redefine “publicly available” to mean information that is lawfully made available from federal, state, or local records and delete language specifying the conditions in which that information is not “publicly available.” The bill also seeks to amend the definition of “personal information” to exclude deidentified or aggregate consumer information.
  • Assembly Bill 981: seeks to exempt insurance institutions, agents, and insurance-support organizations (i.e., organizations assembling or collecting information about natural persons for the primary purpose of providing the information to an insurance institution or agent for insurance transactions) from complying with CCPA.
  • Assembly Bill 1564: seeks to amend the methods businesses must make available to consumers for submitting requests for specified information businesses are required to be disclosed.

In related news, as we discussed last week, the California Senate Judiciary Committee also held a hearing on April 23 that included SB-753 on the agenda.  However, Senator Henry Stern (who introduced the bill) pulled SB-753 from the agenda towards the end of the hearing.  It is not clear if or when the bill will be rescheduled for a hearing.

We will continue to monitor these bills and provide updates as they become available.