Last week, Jessica Rich wrote about the FTC’s rulemaking plans for 2022. Make sure you read that post for a detailed analysis of what the Commission is planning. As we looked at which of those topics have generated the most interest on Ad Law Access recently, we wanted to point you to where you can find additional information.

  • The FTC will review its Guides Against Deceptive Pricing and its Guide Concerning Use of the Word “Free” and Similar Representations. Although most of the activity in these areas has taken place at the state level, it will be interesting to see what the FTC adds to the ongoing conversation. (Click here for more coverage on pricing claims.)
  • The FTC will review its Guides for the Use of Environmental Marketing Claims. A lot has changed since the Guides were last updated in 2012 and, as we’ve noted before, the lack of clarity in certain areas is leading to an increase in lawsuits and other challenges. (Click here for more coverage on green marketing.)
  • The FTC is still analyzing and reviewing the public comments it has received as part of its review of the Children’s Online Privacy Protection Rule (or “COPPA”). That hasn’t stopped the FTC and other regulators for brining enforcement actions, though. (Click here for more coverage on children’s privacy.)
  • The FTC is still analyzing and reviewing the public comments it has received as part of its review of the Endorsement Guides. As we’ve noted, this has been a hot topic, and the FTC recently sent out 700 warning letters, which could signal upcoming enforcement. (Click here for more coverage on endorsement issues.)

We’ll keep you posted, as these develop. In the meantime, rest up over the holidays because 2022 could be a bumpy year. 

Some might have the mistaken impression that State AGs rarely delve into health related cases, believing them to be largely preempted by the FDA. However, these days there is little doubt that the Attorneys General are able to wield their Unfair and Deceptive Trade Practice laws with considerable weight in the health realm. As the Tobacco, Opioids, and now vaping health crises have developed, State AGs have been at the forefront to put a stop to marketing practices and obtain redress for those harms. The past several weeks we have seen interesting State AG developments as they have continued targeting individuals in their health enforcement actions.

On December 9, Massachusetts Attorney General Maura Healey settled her 2018 lawsuit against e-cigarette company Eonsmoke for $50 million, having alleged its marketing appealed to youth, downplayed nicotine content, and their websites failed to implement measures to prevent sales to minors.  The AG also settled with two individual defendants Gregory Grishayev and Michael Tolmach, who will pay a total of $750,000 for their roles. Eonsmoke dissolved in 2020, so the settlement’s injunction will have the most impact on the pair who will now be required to get FDA authorization and give AG notice prior to selling tobacco products in Massachusetts in the future.

Also on the e-cigarette front, North Carolina Attorney General Josh Stein has taken action against JUUL’s cofounders for their personal involvement in the company’s marketing to youth. This new action against James Monsees and Adam Bowen as individuals comes just months after resolving litigation against the company in June for $40 million. North Carolina is taking advantage of the language of the settlement with JUUL, in which the “Released Parties” are defined as, “each and all of the past and present principals, partners, officers, directors” but excluded individuals who have been named by “Other States” in any pending action.  As many states have sued a number of principals who founded and ran JUUL, this left open the ability to seek additional recoveries against such individuals even after settling their earlier litigation. Attorney General Stein in a press conference announcing the suit compared the cofounders’ actions to those of the Sackler family, the former owners of Purdue Pharma who were sued in their individual capacity by several AGs.

The Sacklers haven’t escaped individual liability either. Despite a resolution through the Purdue bankruptcy that would release the Sacklers from non-criminal liability in exchange for their contribution of $4.5 billion to the bankruptcy estate, several states appealed the court’s confirmation order primarily on the grounds that the bankruptcy of a corporation should not be used to grant non-consensual releases to third parties.  Southern District of New York Judge McMahon agreed and vacated the bankruptcy confirmation order on December 16, after determining the bankruptcy court did not have statutory authority to grant non-consensual non-debtor releases.  While this could reopen individual State pursuit of the Sacklers, more appeals will undoubtedly follow her ruling.

While public health cases may be extreme examples due to their impact on citizens, the aggressive pursuit of individuals by AGs is certainly not unique to this area.  Whether a company is dissolved, bankrupt, or has even settled with the State, the individual owners or operators may still be in the AGs’ crosshairs and in many instances, may be a more important target to ensure long term compliance.

Some fireworks at Bedoya’s Senate confirmation hearing, but confirmation still seems likely

On December 13, the New Mexico Attorney General announced a settlement with Google to resolve claims regarding children’s privacy, including in the burgeoning EdTech space. The federal lawsuits Balderas v. Tiny Lab Productions, et al. and Balderas v. Google LLC, respectively, alleged COPPA and privacy violations related to collection of children’s information on game developer Tiny Lab’s apps and on Google’s G Suite for Education products. There are many features of this settlement that are worth discussing further as either potential future trends, or novel provisions.

Privacy Compliance Provisions

New Mexico’s injunction related to the Tiny Lab case includes changes to Google Play which will take effect after 120 days. Some of the specific measures include:

  • revising Google Play Families policies and including additional help pages to assist app developers in compliance;
  • requiring all developers to complete a form to indicate the targeted age group of apps;
  • using a rubric to evaluate app submissions to help determine whether it appeals to kids and check for consistency with the age group form;
  • requiring Families apps to certify they will comply with COPPA;
  • requiring all apps to only use SDKs that certify compliance with Google’s policies including COPPA;
  • requiring developers of Families apps to disclose collection of any children’s data including through third parties;
  • requiring a link to the app’s privacy policy on the Google Play store page; and
  • communicating whether an app is Child Directed to AdMob and AdMob will then follow COPPA pertaining to that data.

The content of the help pages the injunction requires do not just contain answers to frequently asked questions.  They prescribe certain decisions by and limitations on third parties using the Google Play store.  For example, Exhibit 3 to the injunction provides “if you serve ads in your app and your target audience only includes children, then you must use Google Play certified SDKs.”

In addition to these injunctive provisions, Google agreed to a set of voluntary enhancements to the Google Education platform intended to promote safety for students.  New Mexico’s enforcement of these provisions is limited to its ability to confirm that Google has made the changes, or inquire as to the status of changes not made.

These injunctions demonstrate continued state Attorney General scrutiny regarding children’s information.  And they come at a time that the Federal Trade Commission, which is responsible for issuing the COPPA Rule, is redoubling its COPPA efforts.  The FTC’s ongoing COPPA Rule Review includes a number of questions regarding the intersection of COPPA and education technology.  The FTC’s Statement of Regulatory Priorities, which we wrote about here, identifies COPPA as a top priority. And just this week, the FTC released its first COPPA settlement in almost 18 months.

Additional Settlement Terms Part from Historical State Settlements

Not to be ignored, several other provisions of the settlement have unique aspects that are extremely noteworthy.  Google has agreed to pay New Mexico $5.5 million – with $1.65 million of that going to outside counsel for the state.  The remaining payment will be used to fund the “Google New Mexico Kids Initiative” – a program jointly run by Google and New Mexico to award grants to schools, educational institutions, charitable organizations, or governmental entities.  This unique allocation of the payment to the State could result in scrutiny that other State Attorney General settlements have met in the past where they attempted to designate funds to specific third party recipients.  Some state legislatures may see it as an effort to appropriate funds without their involvement.

While New Mexico reserves its rights under the agreement regarding public statements, it has agreed to provide Google 24-hour notice before making any written public statement.  Moreover, New Mexico agrees to consider in good faith any suggestions or input Google has, and any statement will reference the parties’ shared commitment to innovation and education. States routinely resist any efforts to negotiate press in this manner, and it is unclear how enforceable a provision like this could really be anyway.  That said, this certainly reflects the cooperative nature of the agreement, in which case it’s fair to assume the State would issue press reflecting such cooperation anyway.

Google and New Mexico have also agreed to an ADR provision, requiring the state to pursue any disputes relating to the agreement in mediation prior to pursuing relief.  This again is fairly unique for a State AG settlement, as is the overall form of the document (a “Settlement Agreement and Release”) – normally states will only settle matters through a consent judgment or a statutorily authorized Assurance of Compliance or Discontinuance.  But just like some of the other unique provisions, agreeing to ADR may be more of a reflection of the cooperative nature of the agreement, and certainly presents opportunity for a more streamlined enforcement mechanism in the future.

It remains to be seen if these provisions will serve as a template for future state agreements with other companies, but given that state Attorneys General continue to pursue Google on a variety of fronts[1], New Mexico’s settlement will certainly be relevant in any future settlement efforts.

[1] Google Search Manipulation, Google Ad Tech, Google DOJ Search Monopoly, State of Arizona v. Google LLC geolocation privacy

On December 7, 2021, the Senate Finance Committee’s Subcommittee on Fiscal Responsibility and Economic Growth conducted a hearing on “promoting competition, growth, and privacy protection in the technology sector. The hearing could have been conducted using a split-screen format, since one group of Senators and witnesses focused on anti-competitive behavior by the tech giants and another focused on privacy and security concerns raised by data brokers.

Chair Elizabeth Warren (leader of the first group) said Congress should provide better tools to the FTC to break up companies like Amazon and, along with other senators, questioned witnesses on how monopolies hurt workers and the economy. Ranking member Bill Cassidy (leader of the second) focused on the threats of the unregulated data brokerage industry, and the need for comprehensive federal privacy legislation to protect consumer privacy and national security.

Here’s what the competition witnesses said (in brief):

  • Courtenay Brown, Amazon Associate at Avenel, New Jersey’s Fulfilment Center and Member Leader with United for Respect, focused on the need to hold Amazon accountable for the poor working conditions she and other employees face daily.
  • Karl A. Racine, Attorney General for the District of Columbia, described the lawsuit his office is pursuing against Amazon for unfairly and unlawfully increasing prices on Amazon’s website, stifling competition, and taking advantage of consumers.
  • Barry C. Lynn, Executive Director, Open Markets Institute, discussed the monopolistic practices of tech giants such as Google, Facebook, and Amazon, which, according to Lynn, (1) perpetuate low wages, high prices, sharp declines in entrepreneurship, and political extremism, and (2) have caused the supply chain problems that are now occurring across the world.

Here’s what the data broker witnesses said (in brief):

  • Justin Sherman, from the Data Brokerage Project at Duke’s Sanford School of Public Policy, explained that data brokerage is a “virtually unregulated practice” in the United States that enables advertisers and businesses to target marginalized communities and allows foreign governments to compile sensitive personal data with few controls. He proposed three steps Congress should take immediately: (1) strictly control data broker sales to foreign companies, citizens, and governments; (2) strictly control the sale of sensitive information, such as genetic, health, and location data; and (3) stop data brokers from circumventing controls by “inferring” data.
  • Samm Sacks, from Yale Law School’s Paul Tsai China Center and the New America Foundation, focused on data security in the context of the U.S.-China relationship, cross-border data flows, and national security. Noting that the lack of comprehensive data privacy regulation in the United States makes our data vulnerable to both sophisticated state actors and unregulated data brokers, Sacks advocated for enactment of a federal law setting basic standards for all companies, restricting data broker practices, and limiting exports of personal data to foreign countries. She cautioned, however, against simply “cutting and pasting” the GDPR, which can end up serving only the companies that are wealthy enough to bear the burdens and costs of compliance. Sacks also supported mechanisms to facilitate cross-border data flows with likeminded countries (subject to appropriate controls), since U.S. security and prosperity rely on international cooperation with allies.
  • Stacey Gray, from the Future of Privacy Forum, recommended that Congress pass baseline privacy legislation that establishes clear rules for both data brokers and first-party companies that process personal data. She also outlined more incremental steps that Congress could take, such as establishing a national registry or opt out, or limiting the ability of law enforcement and intelligence agencies to purchase information from data brokers (as required in proposed legislation from Senator Wyden). In addition, Gray recommended that Congress strengthen the FTC by increasing its staff and funding, establishing a privacy bureau, and authorizing civil penalty authority.

Like many hearings on these issues, this one examined the issues but did not appear to be leading to any particular legislative solution. We still are still left to wonder: (1) Will Congress finally be able to negotiate and pass comprehensive federal privacy legislation? (2) What will Congress do to address the many concerns that have been raised about the power of the tech giants, and how will Congress choose which issues to prioritize?

We will continue to monitor developments on this issue and provide updates as they occur.

After months of speculation, we now know what rules the FTC will launch or possibly amend in 2022, thanks to a Statement of Regulatory Priorities the FTC published December 9.

The headlines? In addition to reviewing or taking action on almost 20 existing rules and guides, the FTC plans to develop multiple new rules on surveillance, unfair methods of competition, and potentially a slew of other issues. And the Republican Commissioners are crying foul.

New rules  

The new rules highlighted in the FTC’s Statement pack a whole lot of punch, as they encompass multiple issues and could lead to multiple separate rules. They include:

  • Rule(s) to halt “abuses stemming from surveillance-based business models,” which could curb “lax security practices” and “intrusive surveillance,” and “ensur[e] that algorithmic decision-making does not result in unlawful discrimination.” The FTC’s Statement signals that these rule(s) will address both consumer protection and competition issues.
  • Rules defining “unfair methods of competition,” which could include (citing the President’s Executive Order on Competition) rules related to “non-compete clauses, surveillance, the right to repair, pay-for-delay pharmaceutical agreements, unfair competition in online marketplaces, occupational licensing, real-estate listing and brokerage, and industry-specific practices that substantially inhibit competition.”
  • Rules to “define with specificity unfair or deceptive acts or practices” – a potentially infinite category of issues and regulations.

As the FTC explains, the agency’s renewed focus on rulemaking is a response to “changed circumstances,” including the Supreme Court’s AMG ruling (limiting the FTC’s redress authority), the insufficiency of the “case-by-case” approach to competition, and the FTC’s removal of steps in its Section 18 (Mag-Moss) rulemaking process. Notably, when the FTC is enforcing a rule, it can seek consumer redress and/or civil penalties; this authority was not affected by AMG. Continue Reading What Rulemaking is the FTC planning for 2022? Now We Know

The National Association of Attorneys General just concluded one of its premiere events of the year, the Capital Forum, in Washington DC.  With many Attorneys General, staff, and members of the private sector in attendance, it has been an excellent opportunity to exchange ideas and hear from the AG community about their concerns and priorities.  While we will provide our readers with updates on some of the important topics discussed this week, we wanted to highlight two substantive sessions that focused on partnership with federal regulators.

The first brought together New York Attorney General Letitia James, Nebraska Attorney General Doug Peterson, FTC Chair Lina Khan, and DOJ Assistant Attorney General for Antitrust Jonathan Kanter.  Both Khan and Kanter gave opening remarks emphasizing their view that we are in a “critical moment” in competition enforcement and that an “all hands on deck” approach is necessary to address it.  As such, most of the discussion described ways FTC and DOJ would be working to implement President Biden’s Executive Order on Promoting Competition in the American Economy, which includes a “whole-of-government approach” to maintain fair competition.  Khan and Kanter both discussed the intersection of antitrust and consumer protection law in implementing the order – noting that increased consolidation of a marketplace allows more consumer protection violations to occur, and conversely, increased consumer protection violations can allow a company to gain an unfair advantage in the marketplace.

Both enforcers discussed the critical role State Attorneys General play and the need for increased partnerships between federal enforcers and the states.  Chair Khan was quite direct in some of the rationale – she noted that in the area of consumer protection, it had become important for the FTC to work extremely closely with AGs recently because doing so allows the FTC and regulator partners to recover monetary redress with authority that the FTC alone does not have, as confirmed by the U.S. Supreme Court in AMG Capital Management v. FTC.  Drawing on an anecdote from his youth, Attorney General Peterson asked whether States would be treated like a kid brother in this partnership, and told to be quiet and sit in the corner.  Both Khan and Kanter disagreed that States have ever been seen that way or will be treated that way in future, noting that States are trailblazers and equals to the federal enforcers.  Chair Khan also described her intention to put more resources into the FTC’s regional offices, in part to be able to more directly engage with the States.

While the sentiment of equality was well received by the Attorneys General, in a later session Rohit Chopra, the new Director of the Consumer Financial Protection Bureau, acknowledged that historically, some federal agencies have seen things differently.  Citing past relationships with the Office of the Comptroller of Currency and preemption of state laws that he pointed to as the reason for the subprime lending crisis, Chopra promised a different approach from his CFPB.  He has called on his office to find ways to expand the State enforcement authority of federal law, including by clarifying States’ rights to pursue a number of violations directly under the CFPB Act.  In addition, he has asked his office to find ways to allow the States to directly access the CFPB’s Victim Relief Fund (and its over $400 million balance) to provide redress to consumers in State actions, even without any CFPB involvement in the case.

Unpacking all of this, these three federal agencies charged with consumer protection at the federal level seem to be signaling a new kind of enforcement landscape (and vastly different than any I experienced in my 20+ years working for a State Attorney General).  All three fully adopted the concept that States are the “laboratories of democracy” – they are closer to the ground and able to more quickly and easily identify issues impacting consumers, and are often the ones to pass innovative laws and regulations to address those issues.  Putting all that together, we are left with some takeaways:

Federal enforcers intend to make use of the power, tools, and resources of the States.  The federal enforcers all acknowledged that States are able to spot issues first, can move more quickly, and may have tools that they don’t have.  This unprecedented push for stronger state-federal partnerships reflects their acknowledgement of this fact and undoubtedly will lead to having the federal government more involved in investigations that may largely be under state law.  It will be instructive to watch how Attorney General Peterson’s concern about the silencing of state input plays out in this relationship.

This joint approach is going to be used to combat perceived gaps in big tech and privacy enforcement.  In addition to the ability to seek redress as noted by Chair Khan, she and AAG Kanter also described the need for an updated “tool kit” – noting their views that current laws aren’t sufficient to deal with today’s economic realities and the digital marketplace.  Both also discussed privacy concerns regarding the accumulation and use of consumers’ data, calling for a move away from the notice and consent framework. As states get out in front with new legislation including comprehensive privacy laws, expect joint investigations to involve more federal enforcer collaboration into how those new laws are utilized.

State Attorneys’ General role in consumer protection will be on full display this coming year.  Not only will increased state/federal partnership put even more emphasis on the already prominent role State Attorneys General play in consumer protection, but as we previously reported, Iowa Attorney General and NAAG President Tom Miller has made consumer protection his presidential initiative this year, specifically in the technology sector.  We will report more on this initiative – but expect to see State Attorneys General leading the conversation on enforcement priorities and importantly, how companies and Attorneys General can form partnerships to help educate consumers on pervasive frauds.

Feds + State Attorneys General = A New Enforcement Landscape

In case you missed it, last week (on November 30), the National Telecommunications and Information Administration (NTIA) announced that it would convene a series of virtual listening sessions on privacy, equity, and civil rights. According to NTIA, the sessions (scheduled for December 14, 15, and 16) will provide data for a report on “the ways in which commercial data flows of personal information can lead to disparate impact and outcomes for marginalized or disadvantaged communities.”

NTIA cites the following examples to illustrate how data collection, “even for legitimate purposes,” leads to disparate impacts:

  • Digital advertising offers content and opportunities based on proxy indicators of race, gender, disability and other characteristics, perpetuating historical patterns of discrimination.
  • Insurance companies use information such as neighborhood, safety, bankruptcy, and gun ownership to infer who will need expensive health care, warranting higher premiums.
  • Universities predict which students will struggle academically based on factors that include race.

Why is this News?   

As our readers may have noticed, NTIA is hardly the first agency or constituency to draw the link between data collection and discrimination. In 2013, Harvard Professor Latanya Sweeney published a groundbreaking study showing racial discrimination and stereotyping in online search and ad delivery. In 2014, FTC hosted a workshop, followed by a report (Big Data: A Tool for Inclusion or Exclusion?) detailing the problem and making recommendations for companies and researchers. In recent years, scores of studies and conferences have examined the discriminatory assumptions embedded in algorithms and artificial intelligence (AI). And civil rights groups have raised concerns for years and, in 2019, obtained an historic settlement with Facebook to stop discrimination on its online advertising platform.

NTIA’s announcement is nevertheless significant for two reasons. First, by its own description, NTIA is the President’s principal advisor on information policy issues, responsible for evaluating the impact of technology on privacy and the sufficiency of existing privacy laws. Further, its announcement states that the listening sessions are designed to “build the factual record for further policy development in this area.” For these reasons, the notice has been heralded as the Administration’s “first move” on privacy and a possible attempt to revive stalled efforts in Congress to enact a federal privacy law.

Second, in case there was any doubt, NTIA’s announcement affirms that the link between privacy and civil rights is now a widely accepted policy position, and will remain front-and-center in any debate about whether to enact a comprehensive federal privacy law. Whereas once there were questions about whether civil rights provisions should be “added” to a privacy law, now they’re essential building blocks.

This is true not only among Democrats, but among Republicans too. For example, provisions related to discrimination and/or algorithmic decision-making appear in recent privacy legislative proposals from, not just Representative Eshoo and Senator Cantwell, but also Senator Wicker and the Republican members of the House Energy and Commerce (E&C) Committee. The Republican E&C bill is especially notable for how much it leans into the issue – prohibiting data practices that “discriminate against or make an economic opportunity unavailable on the basis of race, color, religion, national origin, sex, age, political ideology, or disability or class of persons.”

But What Does this Mean for Companies Today?

You may be wondering – what does this mean for companies now, with Congress still (endlessly) debating whether to pass federal privacy legislation? It means that:

  • Data discrimination is on everyone’s radar, regardless of whether Congress finally decides to pass a federal privacy law.
  • Companies should expect more enforcement – even now, under existing laws – challenging data practices that lead to discriminatory outcomes. Such laws include the FTC Act (recently used to challenge racial profiling by an auto dealer), state UDAP laws, the Fair Credit Reporting Act, the Equal Credit Opportunity Act, and (of course) the civil rights laws.
  • To steer clear of discrimination (and any allegations of discrimination), companies should test their data systems and use of algorithms and AI for accuracy and fairness before using them in the real world.

We will continue to monitor developments on this issue and post updates as they occur.


In a post last week, we looked at NAD’s review of Everlane’s green claims relating to the company’s use of recycled plastic in its products and its aspirational goals to remove virgin plastic from its entire supply chain by 2021. In this post, we’ll look at what NAD had to say about Everlane’s “Safer For The Environment” claim.

Everlane advertised some of its apparel as “Safer For The Environment: This product is dyed with bluesign®-approved dyes, which are safer for dyehouse workers and better for the environment.” Bluesign is a third-party certification that assesses chemical safety standards in the textile industry and evaluates their impact on human health and the environment. Product certification requires auditing and verification that the manufacturing process complies with Bluesign’s rules and chemical safety standards at each step of the supply chain. Everlane relied on its bluesign certification where 12% of its mills and 10% of its factories are bluesign-certified and noted its goal of fully adopting Bluesign certification by 2025.

When reviewing this claim, NAD considered the reference to the Bluesign third-party certification as a qualification for the general environmental benefit claim. NAD determined that while the Everlane claim is qualified as it pertains to why the product is safer (use of bluesign®-approved dyes), there was no immediate reference to Bluesign as an independent certification on the specific product page where the “safer for the environment” claim appears. We interpret that to mean that NAD thought referencing the certification was similar to a general environmental benefit claim without explaining more about the certification. Thus, NAD recommended that Everlane explain that Bluesign is an independent third-party certification designed to remove harmful chemicals from the environment.

NAD also evaluated whether or not the certification provides a reasonable basis for the claim. While NAD found Bluesign to be a reliable and effective third-party certification body for assessing chemical safety, it noted that Bluesign assesses only one out of five areas in which a material’s environmental impact is typically assessed. For example, a widely recognized material assessment tool in the fashion industry, the Higg Material Sustainability Index (“MSI”), evaluates the environmental impacts of a material in five areas, and chemical composition is just one of those areas. In addition, NAD concluded that consumers may not recognize the nascent state of Everlane’s adoption of Bluesign certification. Based on this assessment, NAD recommended that Everlane qualify the claim to clearly convey that Bluesign has a more limited environmental impact on environmental practices and Everlane’s nascent incorporation of the certification.

This serves as a reminder for fashion companies wanting to demonstrate their efforts and commitment to the environment to consider whether any claim they want to make needs language to explain the claim or otherwise clarify any limitations.

Katrina Hatahet, a law clerk with Kelley Drye & Warren, assisted in the drafting of this post.

As advertisers wait to see what the FTC will do after sending 700 warning letters related to influencers and incentivized reviews, the NAD has been resolving disputes on similar issues. Yesterday, NAD announced a new decision involving incentivized reviews. Although the decision is consistent with previous cases in this area, there are some nuances worth exploring.

Use of General Disclosures

Byte, a company that sells teeth aligner products, featured various customer reviews on its website. While some of those reviews were written by independent customers, others were written by customers who had received an incentive in exchange for the review. As our readers know, companies must disclose when reviews are incentivized. Here’s how Byte did it:

“We’ve asked our reviewers to share the good, the bad, and the ugly with us. These reviews may include ones where known purchasers were given free product in exchange for their honest opinions.”

Byte argued that this general disclosure was sufficient and that it was both impractical and unnecessary to individually flag each incentivized review. Although it may have been impractical to do so, NAD found that it was necessary. Readers should know specifically which reviews were incentivized.

Consumer Reviews on a Third-Party Site

NAD also considered whether customers reviews on included the necessary disclosures. Byte argued that it should not be responsible for reviews on a third-party site that it does not control. Although that may be the correct analysis in many cases, the situation in this case was a little different.

NAD noted that Byte pays Best Company to solicit reviews and that it has a relationship with Best Company to promote its products. When “Best Company promotes Byte’s products as a result of this relationship, it is advertising for Byte.” Accordingly, “Byte has ultimate responsibility for advertising claims run by Best Company on its behalf” and Byte should have ensured the each incentive review included the necessary disclosures.

Ranking Claims

Best Company ranks various invisible braces on its site, and Byte took the top place in several areas. When a site has a connection to the companies it is reviewing, that must be disclosed. Best Company did that through a link at the top of the site labelled “Income Disclosure.” Consumers who clicked on that link would find a disclosure which stated, in part, that Best Company attempts to “partner with all the companies that we review, and may get compensated when you click or call them from our site.”

NAD found the disclosure wasn’t sufficient, for a number of reasons. Consumers would not see the disclosure, unless they clicked the link, and there was nothing about the link to suggest that consumers should click on it to understand Best Company’s relationship with the companies they reviewed. Moreover, even if consumers were to click on the link, they wouldn’t be able to tell which companies provided compensation. As above, a general disclosure is not enough.


This decision makes clear that advertisers need to clearly disclose when a reviewer – whether a customer or a review site – has a connection to the advertiser. That disclosure needs to be clear and specific, even if it difficult to make that happen. The decision also highlights the principle that if an advertiser engages another company to promote its products or services, the advertiser will likely be held responsible for the other company’s activities.

Subscription services and other automatic renewals continue to be a hot topic, at both the federal and state levels. The FTC recently announced that it was going to increase its enforcement against companies that don’t comply with the law, while various states have been updating or passing new laws. Next up are new laws in Colorado and Delaware.

The key requirements are largely consistent with the ones highlighted by the FTC (and which are also reflected in other state statutes):

  • Disclosure:  Marketers must clearly and conspicuously disclose key terms, such as that the contract will automatically renew unless a consumer cancels, the length of the term, the amount of the charges, and the cancellation policy.
  • Consent:  Marketers must get consent to the autorenewal terms.
  • Reminders:  Marketers must send reminders before a contract renews within a specified timeline. The reminders must generally inform consumers that the subscription will renew unless cancelled, and provide cancellation instructions.
  • Cancellation:  Marketers must establish an easy-to-use cancellation mechanism. For example, if consumers sign up online, they should generally be able to cancel online.

It’s important to note that although automatic renewal laws have similar requirements, they can differ in important ways. For example, although theRenewal Button Colorado law applies to most subscription plans, the Delaware law only applies to subscriptions that involve “merchandise” though that term is still defined pretty broadly. And although the Colorado law can only be enforced by the state AG or DAs, the Delaware law also includes a limited private right of action.

Both laws will take effect on January 1, 2022. As our colleagues wrote in a recent post, this is an area where we expect to see more aggressive AG enforcement.