We’ve written about automatic renewals before, but the $10 million price tag in the FTC’s settlement with the operators of ABCmouse should grab your attention.

The FTC alleged that over a three-year period, the company advertised membership programs without clearly disclosing Renewal Buttonthat the programs would automatically renew at the end of the term. The automatic renewal was not disclosed during the checkout flow. Instead, it was “buried” in small print amidst other dense text that consumers would only see if they clicked on a link to read Terms & Conditions.

Even though ABCmouse prominently advertised “Easy Cancellation,” the FTC alleged that cancellation was very difficult. Consumers who tried to cancel were required to navigate a lengthy and confusing process that often prevented many of them from completing their cancellations. In fact, evidence suggests that hundreds of thousands of consumers started the cancellation process, but remained enrolled.

Among other things, the proposed settlement order generally requires ABCmouse to:

  • Clearly disclose certain information about the offer up-front, such that consumers will see it without having to click to read separate terms;
  • Obtain express informed consent before enrolling consumers in any automatic billing programs;
  • Send a confirmation message that includes key program terms; and
  • Provide a simple mechanism for consumers to cancel.

If you offer services that automatically renew, you should look at the details of the settlement to see what the FTC expects. Even if you don’t, it’s worth noting that the company had received tens of thousands of complaints about its auto-renewal and cancellation policies. If you’re not paying close attention to consumers complaints, you should start doing so. That can help you detect patterns and address problems before a regulator forces you to do so, and with a much lower price tag.

On August 30th, the California legislature passed a bill to continue the employee and business-to-business (B2B) exemptions contained in the CCPA for another year. Currently, the CCPA provides two limited exemptions for employee and B2B information, whereby this information is excluded from most CCPA requirements. Both of these exemptions become ineffective January 1, 2021. Assembly Bill 1281 (“AB 1281”) would continue these exemptions until January 1, 2022.

AB 1281 was crafted as a backstop in case the California Consumer Privacy Act (“CPRA”) does not pass during the state’s November 3rd general election.  AB 1281 only takes effect if the legislation is enacted and voters do not approve of CPRA. If CPRA receives enough votes (which most anticipate is likely), the ballot initiative would extend the exemptions until January 1, 2023. To learn more about CPRA and to view a comparison between CPRA and CCPA, visit our past blog post here and our podcast here.

Governor Newsom has until September 30th to sign AB 1281 into law. If neither AB 1281, nor CPRA becomes law, the CCPA employee and B2B exemptions will expire on January 1, 2021. Please contact any of the attorneys in Kelley Drye’s Privacy Group if you would like assistance with California privacy compliance.

Turns out the best defense may not be a good offense, at least when litigating against the FTC.  The Northern District of Illinois yesterday rejected an attempt by multi-level marketer Neora, LLC (formerly Nerium) to obtain a declaratory judgment that the company did not operate as a pyramid scheme and that the FTC was not authorized to seek restitution or disgorgement under Section 13(b) of the FTC Act.

The court granted the FTC’s motion to dismiss, finding that the “the claims presented are not ripe for judicial resolution and Plaintiffs can defend themselves in the enforcement action” that remains ongoing in the Northern District of Texas.”  As we discussed back in November 2019 when the suit was first filed, Neora sought a number of declaratory judgments, including that: (1) the FTC was overstepping its authority under the FTC Act in attempting to regulate multi-level marketing companies by guidance and declining to count certain internal consumption as genuine demand when conducting a pyramid scheme analysis; and (2) the FTC lacks authority under Section 13(b) to seek monetary relief.

The latter issue will be considered by the Supreme Court in the coming term in two consolidated cases, F.T.C. v. Credit Bureau Center and AMG Capital Management, LLC v. F.T.C.  Just last week, as discussed here, the Northern District of California granted a stay in the FTC’s pending enforcement action against Lending Club on the grounds that the Supreme Court’s decision on the FTC’s powers under Section 13(b) would “greatly simplif[y]” the case, “as no monetary relief will be at issue.”

For Neora, the battle remains ongoing.  The court emphasized that “Plaintiffs undoubtedly have an adequate remedy in the [pending] enforcement action” because they “can raise the same arguments they assert here as defenses in that action.”  That case was recently transferred from the District of New Jersey to the Northern District of Texas, where it remains pending.

Ad Law Access Podcast

When we posted about a $9.3 million FTC settlement involving the Mail Order Rule, many people commented that they had never heard of that Rule, and wondered what else they might be missing.

In fact, the FTC has more than 50 Rules and Guides. Don’t let that number scare you – many of these rules are very narrow and wouldn’t apply to most of our readers. For example, you probably don’t have to worry about the rule that regulates power output claims for amplifiers used in home entertainment products or the rule that requires certain disclosures when selling funeral goods or services. But odds are that there are a number of Rules and Guides that do apply to you.

On the latest episode of the Ad Law Access Podcast, Gonzalo Mon and Lauren Myers take walk you through six FTC Rules and Guides that you should know.

Listen on Apple,  SpotifyGoogle Podcasts,  Soundcloud or wherever you get your podcasts.

For more information on the FTC and other topics, visit:

On August 20, a Northern District of California court stayed the trial of an action the FTC brought against Lending Club in 2018 pending a Supreme Court ruling on the FTC’s authority to seek monetary restitution under Section 13(b) of the FTC Act. The issue of whether the FTC has authority to seek monetary relief under Section 13(b) was placed squarely before the Supreme Court in two petitions for certiorari that were consolidated and accepted for review by the High Court in July. Those cases, F.T.C. v. Credit Bureau Center and AMG Capital Management, LLC v. F.T.C., will be argued in October.

In its LendingClub complaint, the FTC had sought substantial monetary relief from LendingClub pursuant to its authority under Section 13(b), in the form of “rescission or reformation of contracts, restitution, the refund of monies paid, and the disgorgement of ill-gotten monies.” The trial in LendingClub had been scheduled for October. In finding a stay of that trial warranted, the LendingClub court emphasized that the FTC’s authority to seek monetary relief under Section 13(b) (or lack thereof) is “an issue of enormous consequence to this case.” The court explained, “[g]oing forward with trial would needlessly burden LendingClub to put on a trial defense only to possibly have the entire enterprise mooted by the FTC’s inability to seek any monetary relief under Section 13(b).”

The FTC had argued that the hardship of presenting a meritorious defense while the Supreme Court’s 13(b) decision was pending did not merit a stay. The LendingClub court soundly rejected the FTC’s argument, finding that the issue was not simply about hardship, but about “the viability of the remedy motivating the case.” Given that the remedy itself has the potential to be extinguished in the coming months, the court concluded that holding a trial before the Supreme Court’s decision issues “is fundamentally inequitable.” The LendingClub court noted a Supreme Court ruling limiting the FTC’s powers under Section 13(b) would “greatly simplif[y]” the case, “as no monetary relief will be at issue.” The court predicted that “the elimination of monetary relief will likely facilitate a negotiated resolution.”


Advertising and Privacy Law Resource Center




A recent NAD decision that focuses on detergent claims touches on some issues – including implied claims and disclosures – that are relevant to all advertisers. The decision covers a lot of ground, but we’ll focus on a few key points that translate across industries.

The front label of Tide’s Purclean bottle prominently features the product name against a green, leafy backdrop. Tide Purclean LabelDirectly under that are the words “plant based.” And below that, there is a line, under which are various things, including a “USDA Certified Biobased Product” seal with “75%.”

The challenger argued that consumers are likely to interpret the label to mean that the product is 100% plant-based. Tide countered that the 75% disclosure on the USDA seal, coupled with information on the back of the label, clarified that the product was only 75% plant-based.

NAD agreed with the challenger. “Although the seal discloses the amount of bio-based content, 75%, it does so in very small font such that it does not meaningfully qualify the overarching unsupported message reasonably conveyed to consumers that the entire product is bio-based.”

The battle continued on the back of the label, which featured the headline “A Powerful Plant-Based Clean You Can Feel Good About” followed by a list of ingredients. The ingredients are identified as plant- or mineral-based,” except for petroleum-based ingredients, which are simply identified as “cleaning aids.”

NAD was concerned that the headline could create the false impression that all the ingredients are bio-based. The “cleaning aids” heading didn’t help clear up that impression. In a footnote, NAD clarified that ingredient list standing alone “would not be problematic were it otherwise clear that the product formula was 75% plant based.”

Whether you’re advertising detergent or something else, consider how consumers are likely to interpret your labels and ads. Even if your claims are true, if the overall message could create a misconception, arguing that you presented the information necessary to clear up that misconception in a small disclosure may not save you.

The California Office of Administrative Law today approved the CCPA Regulations that the California Attorney General submitted in June, and the regulations are effective immediately. As we discussed here, the now-final regulations, for the most part, substantively match those that the AG released in March, with a few notable changes.

Significantly, the AG has removed the shortened “Do Not Sell My Info” language throughout the final regulations to align with the statutory language. While the final regulations do not explicitly prohibit abbreviations, this removal indicates that businesses must include the full “Do Not Sell My Personal Information” language in their website link to an opt-out request. This is consistent with the statute, which requires businesses to include “a clear and conspicuous link on the business’s Internet homepage, titled ‘Do Not Sell My Personal Information’” that links to an opt-out request. Apparently, there is no room for flexibility on this display.

The Addendum to the Final Statement of Reasons also identifies four other provisions that the AG has “withdrawn”:

  • Former § 999.305(a)(5) requiring a business to provide notice and obtain explicit consent prior to using a consumer’s personal information for a “materially different purpose” than disclosed in the notice at collection.
  • Former § 999.306(b)(2) requiring businesses that substantially interact with consumers offline to provide consumers with an offline notice informing them of their right to opt-out.  In other words, there is no longer an express requirement to provide an offline Do Not Sell My Personal Information notice, such as a paper form or store signage. Notably, the obligation to provide an offline Notice at Collection still applies.
  • Former § 999.315(c) indicating that a business must implement an easy opt-out method for consumers, and must not use a method that would impair a consumer’s decision to opt-out (though a business is still required to consider ease of use when implementing an opt-out method).
  • Former § 999.326(c) permitting a business to deny a request from an authorized agent who does not submit proof of consumer authorization (though a business may still require a consumer to verify his or her identity directly with the business when using an authorized agent, and the business may deny opt-out requests from an authorized agent if the agent cannot provide signed permission that demonstrates authorization from the consumer).

While the Addendum does not provide any rationale for these withdrawals, it notes that the AG “may resubmit [the withdrawn] section[s] after further review and possible revision.” The Addendum also identifies other “non-substantive changes” the AG has made, including grammatical and syntax modifications.

While July 1 marked the CCPA’s enforcement date, the finalized regulations solidify an entity’s requirements under the CCPA to comply with the CCPA as clarified through the now-finalized regulations. With each violation subject to a penalty of between $2,500 and $7,500, entities should carefully review their current CCPA practices to ensure compliance with both the statute and the final regulations.

If you have questions on how the finalized regulations may affect your business, please contact Alysa Hutnik and Lauren Myers.  If you have other CCPA questions, please see our other CCPA blog posts and our Advertising and Privacy Law Resource Center.

Last week the FTC filed suits against a few online merchandisers regarding their alleged failures to promptly deliver personal protective equipment (PPE) to consumers. The lawsuits allege that three online sellers violated the FTC’s Mail Order Rule, which mandates that companies notify consumers of shipping delays in a timely manner and give them the option to cancel orders and receive prompt refunds.

In its complaint against Zaappaaz, Inc, the FTC alleges that wrist-band.com “guaranteed” same day shipping of COVID-related products, but took weeks to ship orders and failed to inform consumers of delays. The complaint also cites multiple instances of incorrect or defective products received by consumers for which the company denied refeeds, as well as un-kept promises of refunds to consumers who never received their purchased products.

The FTC also alleges that American Screening, LLC, Ron Kilgarlin Jr., and Shawn Kilgarlin violated the Mail Order Rule by stating that PPE products would be shipped “within 24-48 hours,” when many items were not shipped until weeks or months later.

All sellers offering products via website or catalog should take note and review existing compliance practices. Our breakdown of the Mail Order Rule can help companies navigate the requirements. Our recent article, Top FTC Rules and Guides You Should Keep in Mind, may also be useful.


Advertising and Privacy Law Resource Center

This is not another post about coronavirus claims, but we do need to start there.

Truvani makes a dietary supplement that was formerly called “Under the Weather.” The company’s webpage devoted to that supplement featured reviews from various users, including the following:

  • Michael K. (Verified Buyer): “Very happy with the product, I feel BC so well protected from COVID-19 with your supplements….”
  • Theresa O. (Verified Buyer): “I really think I had undiagnosed corona virus. Nothing helped. Until I started taking under the weather. A few days later I started improving. I haven’t stopped taking it since.”

NAD was concerned that the reviews were presented as testimonials and that they conveyed an unsupported message regarding the product’s ability to protect against COVID-19. In response, Truvani pointed to Section 230 of the Communication Decency Act and argued that the reviews were independent content provided by third parties, rather than ads.

NAD disagreed, noting that “customer reviews on a company’s website may be advertising if they are curated Reviewsto promote specific messages about the underlying product or if they are collected in a manner that does not ensure that they are reliable (i.e., submitted by verified users and reflect their truthful opinions) and representative of the range of consumer reactions to the product.”

The decision doesn’t provide a lot of information about the context in which the reviews appeared or how they were collected, so it’s hard to know exactly where Truvani went wrong. However, this case serves as a good reminder that while companies are generally not liable for the content of consumer reviews (as illustrated by this case), they can be held liable if they promote those reviews or curate them in a misleading manner.

This summer continues to be a busy season at the intersection of data protection and national security. As we reported in July, the Schrems II decision invalidated Privacy Shield on the ground that its national security derogations were too expansive.

Last week, the President seized on concerns about surveillance by the Chinese government as a core rationale for Executive Orders directing the Department of Commerce to prohibit transactions involving TikTok (and its parent company, ByteDance) and WeChat (and its parent company, Tencent Holdings).  For instance, the TikTok Order asserts that the company’s data practices “potentially allow[] China to track the locations of Federal employees and contractors, build dossiers of personal information for blackmail, and conduct corporate espionage;” and the WeChat Order states that WeChat’s data collection “threatens to allow the Chinese Communist Party access to Americans’ personal and proprietary information.”

The scope of these Orders remains unclear.  Members of Kelley Drye’s Export Control and Sanctions team provide further analysis on Kelley Drye’s Trade and Manufacturing Monitor (see below), and we will continue to monitor how implementation of the Orders could affect companies’ communications and transactions on these popular platforms.

Last Thursday, the President issued two executive orders (“E.O.s”) targeting social media applications TikTok (and its parent company, ByteDance) and WeChat (and its parent company, Tencent Holdings).  The E.O.s direct the Department of Commerce (“DOC”) to prohibit transactions involving the applications.  Companies that deal directly with TikTok or WeChat in the United States and abroad or use their services need to evaluate the scope of those activities and determine if they will be affected by the E.O.s.

The E.O.s were issued pursuant to the national emergency declared in E.O. 13873 regarding information and communication services in the United States that are controlled by persons within the jurisdiction of a “foreign adversary.”  In issuing the E.O.s, the President cited concerns that the Chinese government could gain access to Americans’ personal information collected by the applications, among other policy considerations.  The President has the power to issue the directives under the International Emergency Economic Powers Act (“IEEPA,” 50 U.S.C. 1701 et seq.), which provides the President with the authority to declare national emergencies and implement sweeping trade controls based on national security concerns.

The intended scope of the E.O.s is not clear due to ambiguous language used in Section 1, which contain the E.O.s’ primary prohibitions.  Here is an excerpt of that section from the TikTok order:

Section 1.  (a)  The following actions shall be prohibited beginning 45 days after the date of this order, to the extent permitted under applicable law: any transaction by any person, or with respect to any property, subject to the jurisdiction of the United States, with ByteDance Ltd. (a.k.a. Zìjié Tiàodòng), Beijing, China, or its subsidiaries, in which any such company has any interest, as identified by the Secretary of Commerce (Secretary) under section 1(c) of this order.


(c)  45 days after the date of this order, the Secretary shall identify the transactions subject to subsection (a) of this section.

There are two plausible readings of that section.  The first is that all transactions involving ByteDance and its subsidiaries will be prohibited within 45 days.  The second, and we believe more appropriate reading, is that all types of transactions specified by DOC will be prohibited.  The inclusion of the last sentence of Section 1(a) and of Section 1(c) suggests that DOC has discretion to impose targeted prohibitions that only apply to certain types of transactions involving the subject companies, rather than all transactions involving ByteDance.  While the ultimate scope of the prohibitions may not be clear until DOC takes action, the term “transactions” is often interpreted broadly, and could include many types of business dealings, not just financial transactions involving the companies.  The White House is reportedly pushing for a broad interpretation of both E.O.s, noting that prohibited transactions could include making the apps available on app stores, purchasing advertising on TikTok, or accepting terms of service to download the applications.

It is also important to note that the TikTok and WeChat E.O.s differ in scope.  The TikTok E.O. authorizes prohibitions on any transaction involving ByteDance and its subsidiaries.  In contrast, the WeChat E.O. is more narrowly constructed to authorize prohibitions on transactions with Tencent Holdings or its subsidiaries that are “related to WeChat.”  The more narrow construction with respect to Tencent may be intended to exclude Tencent’s many U.S. investments unrelated to WeChat from coverage under the E.O.

Much remains unclear about the intended scope and ultimate application of the E.O.s.  Given this regulatory uncertainty, companies with business dealings directly or indirectly involving ByteDance or Tencent should review their engagements closely for potential exposure under the new rules.  In particular, companies that use WeChat services for commercial purposes, including its IT and payment services, will need to evaluate whether they can continue that activity in the United States and abroad.

Please contact our Export Control and Sanctions team with any questions related to these developments.

Continue Reading Data Protection and National Security Concerns Meet in TikTok, WeChat Executive Orders