Western UnionLast week, California became the 50th state to join the multistate settlement with Western Union over its alleged complicity in fraud-induced wire transfers.  This followed Western Union’s $5 million agreement with 49 state and the District of Columbia for costs and fees in January, not to mention a whopping $586 million in settlement agreements with the United States DOJ and FTC.  While DOJ brought wire fraud and anti-money laundering charges against Western Union, and the FTC alleged violations of Section 5 of the FTC Act, and the Telemarketing Sales Rule, the states raised violations of their respective consumer protection laws.  California brought its complaint pursuant to the Unfair Competition Law, Cal. Bus. & Prof. Code §§ 17200-17209 (“UCL”), its analog to the FTC Act.

Some quick background on the UCL:

  • Traditionally, the UCL is thought to prohibit unfair competition, which includes unfair, deceptive, misleading, or false advertising.  § 17200; see Lavie v. Procter & Gamble Co., 105 Cal. App. 4th 496, 512 (2003) (whether “the ordinary consumer acting reasonably under the circumstances” is likely to be deceived).
  • But the UCL also forbids business activity unconnected with advertising when such activity constitutes an “unlawful” or “unfair” business practice that either violates another law or violates an established public policy.  § 17200; see e.g., In re Anthem Data Breach Litig., 162 F. Supp. 3d 953, 990 (N.D. Cal. 2016); Ballard v. Equifax Check Servs., Inc., 158 F. Supp. 2d 1163, 1176 (E.D. Cal. 2001).  Some common defenses to these claims include compliance with the underlying law, the practice is not unfair or is justified, and federal preemption.
  • The UCL provides private plaintiffs with the ability to bring claims for restitution and injunctive relief, while the government can also impose civil penalties of up to $2,500 per violation.  §§ 17203, 17206; see e.g., People v. JTH Tax, Inc., 212 Cal. App. 4th 1219, 1254 (2013) (“[T]he court could have imposed penalties of over $9 million, but only imposed penalties of $715,344 for these advertisements.”).

Here, the California Attorney General alleged that Western Union, during the course of its money transferring services, failed to scrutinize and stop complicit agents that did not comply with anti-money laundering policies, inadequately trained, vetted and reported agents, and overall did not “prevent fraudulent telemarketers, sellers, and con artists from using Western Union’s money transfer system to perpetrate their frauds.”  In other words, Western Union exposed its customers to fraud in violation of the UCL.

As part of the global settlement, Western Union agreed to implement a comprehensive anti-fraud program to detect and prevent future incidents.  California consumers who made a wire transfer through Western Union are entitled to a share of the DOJ restitution fund and may be eligible for more than $65 million in refunds.  The California Department of Justice also may recoup costs and fees from the $5 million multistate fund.

Bottom line: the UCL is a dynamic enforcement mechanism with the potential to curtail many different types of business activities that seemingly harm consumers, and provides the Attorney General with the ability to inflict stiff penalties for violations.

Amazon AppsYesterday, a federal judge ruled that Amazon is liable for permitting unauthorized in-app purchases incurred by children.  Amazon is the last in a series of actions brought by the FTC against third-party platforms related to kids’ in-app charges (we previously blogged about the other two actions against Apple and Google here and here, which resulted in refunds to consumers totaling over $50 million).

FTC Allegations

The FTC first filed its complaint against Amazon in district court in July 2014, alleging that the billing of parents and other account holders for in-app purchases incurred by children “without having obtained the account holders’ express informed consent” violated Section 5 of the FTC Act.  Many of the apps offering in-app purchases were geared towards children and offered as “free” with no indication of in-app purchases.  These in-app charges generally ranged from $0.99 to $99.99, but could be incurred in unlimited amounts.  The FTC alleged that, while the app developers set the price for apps and in-app purchases, Amazon retained 30% of the revenue from every in-app sale.

In app purchaseThe complaint alleged that when Amazon first introduced in-app charges in November 2011, the default setting initially permitted in-app purchases without a passcode, unless this setting had been enabled by the user in the parental controls.  Following a firestorm of complaints by parents surprised to find these in-app charges, Amazon introduced a password prompt feature for in-app charges of $20 or more in March 2012.  This initial step, however, did not include charges that, in combination, exceeded $20.  In August 2012, the FTC notified Amazon that it was investigating its in-app billing practices.

Amazon began to require password prompts more frequently beginning in February 2013, only if the purchase initiated was over $20, a second in-app purchase was attempted within five minutes of the first, or when parental controls were enabled.  Even so, once a password was entered, in-app purchases were often authorized for the next hour.  Amazon continued to refine its in-app purchase process over the next few months, identifying that “In-App Purchasing” was available on an app’s description page, and adding a password requirement for all first-time in-app purchases, among other things.

The Court’s Order

The FTC moved for summary judgement in February 2016.  In it April 27 order, the court granted the FTC’s summary judgement motion finding that: (1) the FTC applied the proper three-prong legal test for determining unfair business practices (e.g., a substantial injury that is not reasonable to consumers, and not otherwise outweighed by countervailing benefits); (2) the FTC’s witness used to calculate money damages was timely disclosed, even though she was identified after the discovery cut-off date since the FTC made its intentions to seek monetary relief known from the beginning; and (3) Amazon’s business practices around in-app purchases violated Section 5. Continue Reading Federal Court Finds Amazon Liable for Kids’ In-App Purchases

While the sudden death of Supreme Court Justice Antonin Scalia creates an immediate vacancy on the bench, it also likely leaves the high court’s docket in limbo on a number of key consumer class actions awaiting the Court’s decision.

Many predict that President Obama will not be able to replace Scalia before the 2016 Presidential election, meaning that the seat may be vacant for the remainder of the term.  Democrats have been urging the President to immediately nominate a successor, with Republicans imploring the President to give that right to the next Commander-in-Chief.  Senate Majority Leader Mitch McConnell has stated that the Senate should not confirm a replacement until after the 2016 election.

Until a successor is confirmed, it means that the Supreme Court will be comprised of four reliable liberals, three reliable conservatives, and one Justice Kennedy, who typically leans to the right but has often acted as the Court’s swing vote.  With only eight justices, it is likely that we will see a number of important cases end in a 4-to-4 split this year, including several key cases relating to consumer class actions.  In the case of a tie, the appeals court decision will be upheld, no precedent will be set, and the Supreme Court traditionally will not issue an opinion.

Here’s a brief rundown of how Scalia’s passing may affect three key consumer class actions in front of the Court this term.

Case: Spokeo Inc. v Robins (Docket No. 13-1339)
Issue: Whether Congress may confer Article III standing upon a plaintiff who suffers no concrete harm, but alleges a private right of action based on a bare violation of a federal statute.
Outcome in a split:  Plaintiff’s win – would make a bare violation of a federal statute sufficient to confer Article III standing, thereby making it easier for plaintiffs to move forward in litigating cases alleging statutory violations. Continue Reading Scalia’s Death Leaves High Court in Limbo on Three Key Consumer Class Actions

This week, the FTC announced settlements with two mobile app developers – LAI Systems, LLC and Retro Dreamer (including two of its principals) – concerning allegations that their apps collected childrens’ personal information without obtaining parental consent in violation of COPPA.  These cases are the first in which the FTC has held a company liable for COPPA violations relating to the information collection practices of a third-party ad network .

In separate complaints, FTC alleges that LAI and Retro Dreamer created a number of apps directed to children.  The FTC’s determination that the apps were kid-oriented was based on a number of factors, such as the subject matter, visual content, language, and use of animated characters or child-oriented activities and incentives. In both complaints, FTC alleges that the Defendants permitted third-party advertising networks to collect childrens’ PII in the form of persistent identifiers through the apps in order to serve targeted advertising on the app based on users’ activity over time and across sites (the FTC added persistent identifiers to the COPPA Rule’s definition of “personal information” when it updated the rule in 2013). The complaints, however, do not identify the specific persistent identifiers used.

FTC alleges that both LAI and Retro Dreamer failed to: (1) inform the ad networks that the apps were directed to children; (2) instruct or contractually require the ad networks to refrain from targeted ads; or (3) provide the required notices or obtain the required parental consent.  In the case of Retro Dreamer, FTC also alleges that one of its advertising networks specifically warned the company about the obligations of the revised COPPA Rule, and also told the company that certain of its apps appeared to be targeted to children under the age of 13.  The settlements prohibit the companies from further violations of the COPPA Rule.  The settlement with LEI requires the company to pay a $60,000 civil penalty, while the settlement with Retro Dreamer requires it to pay a $300,000 civil penalty.

The settlements highlight that the FTC remains vigilant in this area.  The agency will likely continue to closely monitor the information collection practices of website operators and app developers, in addition to third-party ad networks.

Last week, the U.S. Court of Appeals for the Third Circuit revived several privacy claims against Google pertaining to the Internet company’s practice of side-stepping “cookie blockers” on Microsoft’s Internet Explorer and Apple’s Safari browsers.

The Third Circuit found that Google intentionally circumvented “cookie blockers” on Internet browsers by exploiting loopholes found in the cookie blockers and that Google was actually tracking users’ browsing habits without these users’ knowledge.  Meanwhile, Google’s privacy policy as well as a number of other public statements indicated that the company was abiding by the browsers’ cookie-blocking settings.

“Cookie blockers” are features built in to web browsers that allow a user to prevent the installation of cookies by third-party servers.  Internet users have grown wary of Internet “cookies” because cookies can track visits to webpages and clicks throughout the site.  Information collected from cookies is often sold to third-party advertisers or marketers.

The case, In re: Google Cookie Placement Consumer Privacy Litigation, consists of 24 consolidated suits alleging violations of California state law and federal statutes, specifically, the Computer Fraud and Abuse Act (CFAA), the Stored Communications Act (SCA) and the Wiretap Act.  While the Third Circuit decision affirmed the dismissal of claims pertaining to the CFAA, SCA and the Wiretap Act, the Court vacated the trial court’s dismissal of claims under California tort law and the state’s constitutional right to privacy, reviving the suit.

The Third Circuit noted that Google’s actions amounted to “deceit and disregard” as the Company “not only contravened the cookie blockers – it held itself out as respecting the cookie blockers.”  The Court concluded that a reasonable jury could find that Google’s conduct was “highly offensive” or “an egregious breach of social norms” as the Company’s actions touched millions of unsuspecting internet users over an indeterminable amount of time.  Accordingly, the Third Circuit vacated the trial court’s dismissal of the plaintiffs’ claims under the California constitution and California tort law.

While Google’s “cookie blocking” practices sparked both the instant lawsuits and settlements with the FTC and 38 state attorneys general, Google isn’t the only company to come under fire for the use of cookie-blocking technology.  Earlier this week, MoPub Inc., a mobile ad server owned by Twitter, was sued in California court for using “super cookies” to track and store the Internet browsing history of anyone accessing the web through their Verizon smartphone.  The suit alleges that MoPub then used this information to build a personal profile which it then used to send targeted advertising, without subscribers’ knowledge or consent.  Similar to the Google litigation, MoPub is accused of misleading subscribers who believed that their browser’s “opt-out” mechanism would stop MoPub’s tracking.

Companies that use tracking cookies or similar technologies should pay close attention to Google’s current litigation.  Companies should also be aware of their own privacy practices, specifically, what data is being collected, how that data is used, and with whom the company may be sharing that data.  When it comes to privacy policies, companies should clearly communicate their practices to users and then live up to those commitments.

Amending the Electronic Communications Privacy Act (ECPA) has long been under consideration in Congress, but recent testimony indicates that ECPA reform may have deeper implications for companies subject to FTC investigations.

The ECPA, passed almost 30 years ago, generally prohibits the unauthorized access to communications systems and the disclosure of the contents of wire and electronic communications by a service provider.  The ECPA Amendments Act of 2015 (S.356/H.R. 283) is intended to “bring privacy protections for the digital world in line with those in the physical world.”

Since its introduction in Congress, several stakeholders have raised concerns that the current bill could hamper civil investigations by regulatory agencies, such as the FTC or SEC, since these agencies – like all others – must have a warrant to obtain emails and other electronic communications.  On September 16, 2015, the Senate Judiciary Committee held a hearing entitled “Reforming the Electronic Communications Privacy Act” to provide stakeholders the opportunity to provide additional insight.

In testimony by Daniel Salsburg, FTC’s Chief Counsel in the Office of Technology, Research and Investigation, Salsburg explained that although the Commission does not currently seek the content of electronic communications from ECPA service providers, he believes that in the future, as more electronic communication moves to the cloud, the effectiveness of the FTC’s fraud prevention program may be hampered if the proposed legislation is not appropriately modified.  Where the target is a fraudulent marketer, for example, obtaining the electronic communications through a civil investigative demand (“CID”) to the marketer may not be a viable option, and the FTC should be able to obtain this information through warrantless means.

Notably, Salsburg requested the ECPA be modified to:

  1. Allow the FTC to obtain copies of previously public commercial content that advertises or promotes a product or service directly from the service provider, without a warrant; and
  2. Provide a judicial mechanism that would authorize the FTC to seek a court order directing the service provider to produce the content if the FTC establishes it has sought to compel it directly from the target, but the target has failed to produce it.

So what does this mean for your business?  Continue Reading Will the FTC Have Access to Your Electronic Communications?

green_seals_verticalOn September 14, FTC staff sent warning letters to five providers of environmental certification seals and 32 businesses that display them online, alerting them to the agency’s concerns that the seals may be deceptive and may not comply with the FTC’s Green Guides.  Although the warning letters do not identify which certifiers, seals, or businesses were targeted, they do confirm the FTC’s continued interest in “green” marketing.

The FTC Green Guides state that an environmental certification or seal of approval may imply a general environmental benefit claim when it does not specify the basis for the certification, either through the name or some other means.  The Guides further advise marketers that they may prevent deception by accompanying the seal with “clear and prominent language that clearly conveys that the certification or seal refers only to specific and limited benefits.”

Although the Green Guides are primarily directed at marketers of environmental claims, the warning letters indicate that certifiers themselves may also be on the hook.  In the warning letter directed to certifiers, FTC staff notes its concern that the seal at issue does not convey the basis for the certification and may be considered deceptive under Section 5 of the FTC Act.  Moreover, although the certifiers’ websites provide information to marketers regarding their use of the logo, they do not instruct marketers to use qualifying language.

The warning letter directed to marketers further provides that the seal featured on the company’s website may deceptively convey that a product offers a general environmental benefit because it is not accompanied by clear and prominent qualifying language limiting the seal to a specific benefit or benefits.  In some cases, even if consumers click on the seal for more information, the seal itself does not likely convey an effective hyperlink that leads to the necessary disclosures (FTC directly references its .Com Disclosures here).

Even though the FTC did not disclose which companies received the letters, the FTC’s action provides a few key insights for both certifiers and marketers of certifications and seals.

What certifiers can do:  

  • Create seals or logos that incorporate the basis for the certification directly into the seal or logo, so that consumers do not have to look further to understand the specific product attributes tested or certified
  • Clearly convey to marketers that further qualifying language may be needed when it comes to their specific product.

What marketers can do:

  • Make sure consumers will understand the basis for the certification when the seal is placed on the website, product, or packaging.
  • If the basis for certification is not clear from the seal or logo itself, consider placing additional qualifying language in close proximity to better inform consumers of the specific and limited benefits for certification.
  • Don’t assume consumers will simply click on a seal’s icon online for further explanation. Consumers may just view the icon as another graphic on the page.

California state law bill SB 763 has stayed relatively under the radar since its introduction in February 2015.  However, with recent traction in the state legislature – including passage in the Senate in June and passage in three Assembly Committees in July – this bill is definitely worth a second look.

SB 763 would require manufacturers of “juvenile products” sold in California to include a statement on the product’s label whether or not the product contains added flame retardant chemicals.  A “juvenile product” would be defined as a product subject to California’s Home Furnishings and Thermal Insulation Act,[1] and intended for use by infants and children under 12.  Covered products would include not only bassinets, floor play mats, crib mattresses, infant bouncers, and infant and booster seats which are used by infants and children, but also products intended for use by adults which the child or infant may come in contact with.  This includes, for example, nursing pads, nursing pillows, infant carriers, and changing table pads.

The bill would require manufacturers to affix the following lengthy labeling statement on covered juvenile products sold in California, and indicate the absence or presence of added flame retardant chemicals by marking a “X” in the applicable space below:

The State of California has determined that this product does not pose a serious fire hazard. The state has identified many flame retardant chemicals as being known to, or strongly suspected of, adversely impacting human health or development.
The fabric, filling, and plastic parts of this product:
_____contains added flame retardant chemicals
_____contains NO added flame retardant chemicals

Additionally, the bill imposes recordkeeping requirements, allows the CA Department of Toxic Substances Control to test products labeled as containing no added flame retardant chemicals for compliance, and permits fines ranging from $2,500 to $15,000 for mislabeling and other violations.

In the past few years, flame retardant chemicals have been highly scrutinized by consumer advocates.  According to the bill’s author, “[g]rowing evidence show(s) that many fire retardant chemicals have serious human and environmental health impacts, including cancer, decreased fertility, hormone disruption, lower IQ, and hyperactivity.”

Although the bill’s intentions are honorable – i.e., to provide parents with information needed to choose safe and healthy products for their children – the reality is that the bill would impose additional requirements on products already regulated by the CPSC, impose costly and burdensome labeling requirements on businesses, and may actually undermine consumer confidence in covered products.

As noted by Anne Northup, Former Congresswoman and Former U.S. CPSC Commissioner, “[i]magine the confusion from expectant parents shopping for needed items when they see that the high chair is labeled as being free of flame-retardants and the crib mattress being labeled as containing them. What are they to conclude about which product is safe?”

Continue Reading California Bill Would Complicate Labeling Requirements for Children’s Products

On May 18, 2015, the FTC announced a settlement with Nice-Pak Products, Inc., concerning claims that its moist wipes are “flushable,” “break apart after being flushed,” and are “safe” for sewer and septic systems. Nice-Pak marketed and sold its flushable wipes primarily through private label brands, such as Costco’s Kirkland Signature Moist Flushable Wipes, CVS’s Flushable Cleansing Wipes, Target’s Up & Up Flushable Moist Wipes, and BJ’s Family & Toddler Moist Wipes.

The FTC complaint contends that, because of their composition, Nice-Pak’s non-woven fabric wipes did not break down in water in a reasonably short amount of time. Moreover, the complaint alleges that that Nice-Pak did not have substantiation for these performance claims because its tests did not accurately reflect the real-world conditions that Nice-Pak wipes would encounter after being flushed (i.e., conditions that exist in household toilets, plumbing, or septic systems, or in public sewer systems or public wastewater treatment facilities).

The FTC’s proposed consent order prohibits the company from making claims about any moist toilet tissue unless the company has competent and reliable evidence to support such claims. The order does not, however, define the period of time in which a product must break down in order to be considered “flushable” or “safe.” The order would require only that the substantiation: (1) demonstrate that the wipes disperse in a sufficiently short amount of time after flushing to avoid clogging or other operational problems in household and municipal sewage lines, septic systems, and other standard wastewater equipment; and (2) substantially replicate the physical conditions of the environment where the wipes are likely to be disposed.

The FTC began investigating products claimed to be “flushable” back in 2013. The issue gained media attention shortly after the Washington Post ran a story on ‘flushable’ personal wipes clogging sewer systems around the country. In December 2013, Consumer Reports followed up with testing showing that, although toilet paper breaks apart in seconds, several brands of flushable wipes took at least 10 minutes to break into small pieces. Often times, wipes can reach a pump within just a couple of minutes.

The moral of the story is – don’t just “take the plunge” when advertising your products; companies should make sure that they have “backed up” their claims with adequate substantiation that reflects real-world conditions. Companies should also track consumer complaints and media reports because those can often trigger regulatory investigations.

On September 4, 2014, the FTC announced a settlement with Google Inc., which requires the search giant to pay at least $19 million in refunds to consumers that the Commission alleges were billed for unauthorized in-app charges incurred by kids.  The settlement follows a similar settlement in January with Apple (which required Apple to pay a minimum of $32.5 million in refunds), and a recent complaint filed by the FTC in federal court against Amazon.

The FTC’s complaint against Google alleges that the company offered free and paid apps through its Play store.  Many of these apps are rated for kids and offer “in-app purchases” ranging from $0.99 to $200, which can be incurred in unlimited amounts.  The FTC alleges that many apps invite children to obtain virtual items in a context that blurs the line between what costs virtual currency and what costs real money. 

At the time Google introduced in-app charges in March 2011, users were notified of an in-app charge with a popup containing information about the virtual item and the amount of the charge.  A child, however, could clear the popup simply by pressing a button labeled “CONTINUE.”   In many instances, once a user had cleared the popup, Google did not request any further action before billing the account holder for the corresponding in-app charge. 

It was not until mid- to late-2012 that Google begin requiring password entry in connection with in-app charges. The complaint alleges, however, that once a password was entered, it was stored for 30 minutes, allowing a user to incur unlimited in-app charges during that time period.  Regardless of the number or amount of charges incurred, Google did not prompt for additional password entry during this 30 minute period.

Google controls the billing process for these in-app charges and retains 30 percent of all revenue.  For all apps, account holders can associate their Google accounts with certain payment mechanisms, such as a credit card, gift card, or mobile phone billing.  The complaint highlights that Google received thousands of complaints related to unauthorized in-app charges by children and that unauthorized in-app purchases was the lead cause of chargebacks to consumers. Continue Reading Google to Refund at Least $19 Million Over Kids’ In-App Purchases