Earlier this week, FDA issued draft guidance for staff updating the agency’s existing

enforcement policy regarding major food allergen labeling and cross-contact prevention. The updated guidance reflects the addition of sesame as a major allergen, discusses how allergens must be disclosed when used as an ingredient in packaged food, and details the preventive controls provisions in 21 CFR § 117 applicable to preventing allergen cross contact.  The updated guidance also details the circumstances in which failure to properly declare allergens or prevent cross-contact render a food misbranded or adulterated.  Stakeholders have until July 17th to submit comments

Although not included in the guidance, FDA’s press release also makes clear the agency’s position regarding recent industry trends of adding sesame to products and declaring it as an allergen rather than taking steps to remove it from products and facilities. The press release states:

The FDA is aware that some manufacturers are intentionally adding sesame to products that previously did not contain sesame and are labeling the products to indicate its presence. While the draft CPG does not specifically address the issue of industry adding sesame to products that did not previously contain it, the draft CPG does address the FDA’s enforcement policy for labeling and cross-contact controls for major food allergens, including sesame. The FDA is engaged with various stakeholders on this issue. The FDA recognizes that this practice may make it more difficult for sesame-allergic consumers to find foods that are safe for them to consume-an outcome that the FDA does not support. (emphasis added)

So, what’s the takeaway? Although the draft guidance is intended as direction to FDA staff, it also provides helpful clues for industry.  The updated guidance is far more detailed than the prior version, reflecting a heightened concern about food allergens and, likely, increased enforcement focus. 

To prepare for their next FDA facility inspection, packaged food manufacturers should review labels to ensure that ingredient lists are up to date and allergens are declared as required.  In addition, reviewing and updating cross-contact prevention controls, employee training, and recall policies will help the next facility inspection go as well as possible.

For food retailers such as supermarkets and restaurants, although local health authorities are the primary inspectors, the updated guidance also serves as a helpful guide for preparation, particularly in light of the allergen updates to the Model Food Code, which articulate best practices for retail food safety. 

Over the past few weeks, we’ve posted about a few cases involving pricing claims, including a post discussing a lawsuit over a grocer’s BOGO offers, a post discussing a lawsuit over major retailer’s frequent sales, and a post discussing an NAD challenge over claims that a smaller retailer made about its sales. If those didn’t catch your attention, today’s post about a $197 million settlement should.  

In 2020, online retailer Boohoo – whose brands include PrettyLittleThing, NastyGal, and boohooMAN – was hit with a lawsuit alleging that it frequently ran misleading sales. For example, had you been in the market for a pair of pink peach skin pocket flared pants at this time two year ago, you might have been excited to find this pair for $14, which is 67% off the crossed-out price of $42:

Pink Pants

California law generally prohibits a company from advertising a “former price,” unless that price was the prevailing market price within a three-month period preceding the ad. According to the plaintiffs, though, the retailer had not sold items at the advertised crossed-out price during that three-month period. Instead, the crossed-out price was allegedly made up to create the illusion of a discount.

As part of the settlement, each class member will receive a gift card to use toward the purchase of any item on the site from which they’d originally made a purchase. In addition, the retailer agreed to conspicuously disclose that the “original” price advertised on a product page is not intended to indicate a former price. The required disclosure reads:

Our percentage off promotions, discounts, or sale markdowns are customarily based on our own opinion of the value of this product, which is not intended to reflect a former price at which this product has sold in the recent past. This amount represents our opinion of the full retail value of this product today based on our own assessment after considering a number of factors.

It’s likely that these types of lawsuits will continue, so retailers need to pay close attention to these cases and to pricing laws, particularly when they advertise discounts, sales, or other price reductions. Everyone likes a sale (and some people like pink peach skin pocket flared pants), but if you aren’t careful about how you structure your sales, your company could end up paying a high price in the end.

On October 4th, the FDA and CDC announced that the agencies have entered into a Memorandum of Understanding, renewing their collaboration to reduce the occurrence of foodborne illness in retail and foodservice establishments.  The stated purpose of the partnership is to “help increase the consistency and capacity of retail food protection programs across the country, promote a general culture of food safety, and facilitate continued communication between the FDA and CDC in order to assist state, local, tribal, territorial, and industry partners.”

More specifically, the agencies’ goals related to reducing occurrence of foodborne illness are as follows:

  • Increase uniformity, consistency, and capacity of state, tribal, local, and territorial (STLT) retail food protection programs;
  • Promote industry’s active managerial control (AMC) of foodborne illness risk factors and promote a culture of food safety; and
  • Maintain a strong FDA National Retail Food Team (NRFT) and CDC National Center for Environmental Health (NCEH) workforce to assist STLT partners.

The stated objectives include the following:

  • Improve STLT’s effectiveness in conducting risk-based inspections and foodborne illness investigations.
  • Promote a culture of food safety and food safety management systems within retail and foodservice establishments (including facilities that serve highly susceptible populations (HSP) such as institutional foodservice, correctional facilities, schools, and healthcare facilities).
  • Improve research in support of foodborne illness risk factor reduction.
  • Improve the knowledge, skills, and abilities of FDA NRFT and CDC NCEH staff.

While state, local, and tribal authorities are generally charged with inspecting retail and institutional food facilities, FDA provides oversight and guidance by way of the Model Food Code and the Voluntary National Retail Food Regulatory Program Standards.  In addition, companies or individuals who are looking to get up to speed or follow along with retail food safety regulatory issues should check out the Retail Food Safety Collaborative page for tools and resources.

Over the past several years, plaintiffs have filed several lawsuits around the country, alleging that retail websites that were not accessible to blind and visually impaired individuals constituted a violation of the Americans with Disabilities Act.  This was perhaps most prevalent in California, which has its own civil rights statute, the Unruh Act, that provides a right of action for both violations of the ADA and for other alleged denials of access to disabled individuals on the basis of intentional discrimination.

Retailers often objected to the allegations under these suits, arguing that a website is not a place of public accommodation and that maintaining a website cannot possibly evince intentional discrimination.  On August 1, 2022, the California Court of Appeals opinion in Martinez v. Cot’n Wash, Inc. agreed on both fronts.  First, it held that operation of a website cannot be a basis for “inferring intentional discrimination” under the Unruh Act.  Second, it agreed with a plurality of federal Circuit Courts that a retail website without any connection to a physical space does not constitute a place of public accommodation under the ADA.

Beginning with the Unruh Act, one of the ways to establish liability under the Unruh Act is by alleging “willful, affirmative misconduct with the specific intent to accomplish discrimination on the basis of a protected trait.”  In California, disparate impact of a neutral structure is not enough to establish an intent to discriminate.  To get around this bar, the Plaintiffs in Martinez attempted to establish intent by alleging that after becoming aware that the website was impacting blind and visually impaired individuals, the retailer failed to address the continuing effect, which shows that it had an intent to discriminate.  But the Court rejected this argument.  Instead, it held that the failure to address a known discriminatory effect is not alone sufficient to establish intentional discrimination.  As such, the Court held that the complaint failed to state a claim under the Unruh Act on that ground.

Next, the Court also examined the website under the ADA.  No individual may be denied access to any place of “public accommodation” under the ADA as a result of their disability.  In Martinez—and in other website accessibility cases—plaintiffs have argued that the website was such a public accommodation.  Plaintiff supported this argument in Martinez by pointing to both the goals of Title III of the ADA and the legislative intent behind the statute: improving accessibility.  Indeed, the plaintiff argued that a broad interpretation of public accommodation would benefit the goals of the ADA, claiming that “it would be absurd” to treat a sale through a digital-only retailer differently than a sale at a brick and mortar retailer.  The Court rejected this argument, however, noting that websites are not contemplated within the text of the ADA because there is no nexus to a physical location and that neither Congress nor the Department of Justice has yet issued guidance to necessitate such a finding.  Therefore, the Court held that a digital-only retailer cannot be a “place of public accommodation” under the ADA.

That is not to say that no website can be considered a place of public accommodation, however.  The Court’s holding was carefully limited to only standalone websites that do not have any connection to a physical facility.  This mirrors the approach taken by courts in the Third, Sixth, Ninth, and Eleventh Circuits, which all held that denial of access to a website can support an ADA claim if the denial prevents a blind or visually impaired plaintiff from enjoying the goods or services at the brick and mortar location.  As such, if a website is for a business that maintains a physical location, an inaccessible website may ultimately leave the business susceptible to a claim under the ADA (and by extension, the Unruh Act).

Still, the Martinez Court’s expansive holdings on both the Unruh Act’s and ADA’s applicability to websites should shed a light on the risks faced digital-only retailers and brick and mortar retailers alike.

*   *   *   *

Made in USA Closing Letter Addresses Retailer ObligationsAs we’ve noted in other posts, an FTC rule prohibits companies from stating or implying that a product is made in the USA unless: (1) the final assembly or processing of the product occurs in the USA; (2) all significant processing that goes into the product occurs in the USA; and (3) all or virtually all ingredients or components are made or sourced in the USA. It can be a challenge to figure out whether a product you make meets that standard, but it’s even harder to figure that out for products you didn’t make.

This month, the FTC published a closing letter in an investigation about “Made in USA” claims that Crate and Barrel made about various products that were made by other companies. Although the case doesn’t break new ground, the steps that Crate and Barrel promised to take related to “Made in USA” claims on its site could provide some helpful guidance about what the FTC expects retailers to do when making claims about other companies’ products.

Crate and Barrel promised to:

  • only make U.S.-origin claims if the responsible manufacturer or supplier has signed and submitted appropriate documentation substantiating the claim;
  • impose contractual obligations on vendors to update substantiation as circumstances require; and
  • prompt vendors to check and re-certify origin claims on a regular basis.

Retailers should be careful about simply using “Made in USA” claims provided by suppliers without doing some level of due-diligence. Taking the steps outlined above should provide a good start.

Ad Law Access PodcastAs retailers have shifted to online and ship to store/ship from store sales, we’ve been getting a variety of questions from our retailing clients.

On the latest episode of the Ad Law Access Podcast, Advertising and Marketing chair Christie Grymes Thompson and partner Kristi Wolff answer retailer questions regarding pricing, shipping, refunds, customer reviews, and telethermographic cameras (cameras that can detect human temperature).

Listen on AppleGoogle PodcastsSoundcloud, Spotify, or wherever you get your podcasts.

For more information on these and other topics, visit the COVID-19 Response Resource Center and Advertising and Privacy Law Resource Center.


Getting Back to Work Webinar
The coronavirus threat will still be active when many employers begin to return their employees to the job. What will you do when employees refuse to return? When some have been sick but not diagnosed? When social distancing measures remain in place? When some parts of the country (or even your city) are “more open” than others? What should employers do to prepare?

In Part I of this two-part series, L&E Group co-chairs Barbara Hoey and Mark Konkel will guide employers through the snares of legal, logistical and practical considerations as the nation returns to work.

Register Here

Advertising and Privacy Law Resource Center

If you’ve been shopping lately, it’s likely that you’ve encountered empty shelves and shortages of items, such as (for inexplicable reasons) toilet paper. This tends to happen whenever a disaster – whether that’s a hurricane or COVID-19 – strikes. In some cases, retailers respond to these shortages by increasing prices. Although there may be legitimate reasons for doing that, retailers should keep in mind that price gouging laws in many states can impact their ability to increase prices. State regulators are likely to give increased attention to price gouging issues in the coming weeks and months. For example, California Attorney General Xavier Becerra announced today that his office sent “several letters calling on large online marketplaces to intensify their efforts to combat price gouging related to novel coronavirus—or COVID-19—on their platforms.”

More than half the states have laws that prohibit charging excessive prices on certain products after a triggering event, such as a declaration of a state of emergency. What constitutes an excessive price varies by state, but many laws look at the price that had been charged for an item over a specific period prior to the emergency. Some statutes have specific thresholds. For instance, a 10% price increase is presumed to be excessive in New Jersey, while Pennsylvania assumes that a 20% increase is excessive.

Most laws have exceptions to these prohibitions. For example, in many states, a price increase is not unlawful if a company can prove that the increase was directly attributable to additional costs imposed on it by the supplier of the goods, or directly attributable to additional costs for labor or materials used to provide services. If you are a retailer and need to increase prices as a result of increases from your suppliers, make sure to check the relevant state laws and to document those increases.  While generally enforced against retailers, some laws expressly apply to suppliers, distributors, and/or wholesalers – and others are broad enough to arguably apply to these entities. At minimum, this means that retailers may have leverage to request documentation to support the increase.

Civil penalties for violations generally range from $99 to $250,000 per violation. (The high end of that range applies in Texas if a consumer who is impacted is at least 65 years old.)  Some states also have criminal penalties for violations.  If you’re going to increase prices on goods, make sure you take a look at these laws first.​

For other helpful information during this pandemic, visit our COVID-19 Resource Center.

Last week, the New York Attorney General’s Office announced that Bombas had agreed to pay $65,000 and implement a number of injunctive provisions to settle allegations that the sock startup failed to comply with the state’s data breach notification statute. According to the press release, Bombas learned in November 2014, that an unauthorized intruder had inserted malicious code designed to steal payment card information into its ecommerce platform. Bombas allegedly waited almost two months before remediating, and then mistakenly re-inserted the code into the website a few weeks later.

The company determined that the incident resulted in unauthorized access to the names, addresses, and credit card information of almost 40,000 customers nationwide, but did not notify those consumers until May 2018. New York’s data breach notification statute requires that businesses provide notice of a breach of personal information “in the most expedient time possible and without unreasonable delay” to both the affected resident(s) and the Attorney General, the Department of State, and the Division of State Police.

The AG’s Office has not made a copy of the settlement agreement public, but explains that the injunctive provisions are intended to help prevent future breaches and ensure compliance with the law, N.Y. Gen. Bus. Law § 899-aa. They include requirements for thorough and expeditious investigations into any future breaches and training for all appropriate officers, managers, and employees. This settlement highlights the importance of preparing for a breach, including developing and implementing policies and procedures that will allow the business to comply with the patchwork of state requirements in an efficient and timely manner.

The Oregon AG recently announced a $545,000 settlement with the Vitamin Shoppe over allegations that the store violated Oregon state law by selling dietary supplements containing ingredients that FDA has deemed unsafe or unlawful. The new settlement agreement places significant burdens on the Vitamin Shoppe to monitor developments on ingredient status. The burdens are the same regardless of whether the Vitamin Shoppe sells a product under one of its own brands – or if it sells a product that was manufactured, labeled, and sold to it by a third party vendor.

Under the terms of the agreement, if the Vitamin Shoppe “receives or learns of” a “written notice” from FDA that an ingredient may be unsafe or unlawful, it must “take immediate action to suspend the sale of such products or products known to contain the ingredients.” If the Vitamin Shoppe becomes aware of any other “public announcement, warning, alert, publication, notice, or report” suggesting that the U.S. government, Australia, Canada, Britain, or the EU might consider a dietary ingredient unsafe or unlawful under the FDCA, then the Vitamin Shoppe must conduct a “reasonable due diligence review,” which may result in a decision not to sell any products containing the ingredient.

This settlement is notable for at least two reasons:

  1. It identifies FDA warning letters sent to the Vitamin Shoppe or anyone else as “written notice” that FDA has deemed an ingredient unsafe or unlawful.  Warning letters, however, state only allegations and are not considered “guidance” under FDA’s rule on “good guidance practices.”  Well after a warning letter is issued, the lawfulness of a particular dietary ingredient can be the subject of much ongoing debate, and even the FDA’s official guidance document on ingredient status remains in flux after years of debate.
  2. The settlement represents an aggressive stance by Oregon on a retailer’s liability for product formulation and labeling by third parties.  As we’ve discussed before, there isn’t a whole lot of precedent for regulators going after the retailer, rather than the product seller.

The Oregon Attorney General is currently in litigation against another retailer over similar allegations related to the legal status and safety of a dietary ingredient.

Kelley Drye Ad Law publishes News & Views: Dietary Supplement Advertising, which covers developments ranging from FTC and FDA regulation, class actions, Customs developments, and Prop 65. Subscribe to future issues by filling out your information and checking the Dietary Supplements Practice Group box here.

Last week, the Federal Trade Commission announced its first settlement with a retail tracking company, resolving allegations that Nomi Technologies, Inc., a micro-location platform that provides analytics services to retailers through its product “Listen,” failed to abide by several promises it made in its privacy policy. Under the terms of the agreement, Nomi is prohibited from misrepresenting the options it provides to consumers to control whether and how their information is collected, used, disclosed, or shared.

Listen, which serves approximately 45 retailer clients, uses a retailer’s in-store Wi-Fi to collect statistical information from customers’ mobile devices and provide aggregate customer traffic pattern reports to the retailer. According to the FTC’s complaint, Nomi’s privacy policy represented that the company would provide an opt-out mechanism for customers on the Nomi website and at any retail location, implying that customers would be notified when stores were using the technology. The FTC alleges, however, that, not only did Nomi and the retailers fail to notify customers when stores were using Listen, but no in-store opt-out mechanism was ever available. As a result, Nomi allegedly tracked customers both inside and outside of stores by their MAC address, device type, date and time, and signal strength, and provided aggregate information to its clients, such as the percentage of repeat customers and the average duration of customer visits. In particular, the complaint alleges that Nomi collected information on approximately nine million mobile devices within its first year of operation.

This consent order reminds companies that they have a responsibility to abide by the promises made in their privacy policies, even when dealing with new and emerging technology such as retail tracking. One way to avoid making this mistake is to evaluate and confirm how data are collected and likewise confirm that the privacy policy representations are consistent with practices. Additionally, mindful that business practices evolve, companies should periodically review and consider revising privacy policy statements to keep those statements accurate.