Last week, NAD announced a decision involving a series of AT&T Fiber ads that holds important lessons for companies that make comparative performance claims.

Each of the ads depicts a funny scene in which a cable user is unable to perform a basic task. For example, in one ad, a mother sits in front of her laptop with a birthday cake, waiting for her son to join a video conference. When the son can’t connect, the mother blows out the candle, and leaves disappointed. In another ad, an executive impatiently awaits a file for a presentation, while the person sending it panics as the file won’t upload. The ads state that if you can’t perform the tasks depicted because you have cable, “you need better internet,” and that AT&T offers “20x faster upload speeds than cable.”

In support of its claims, AT&T pointed to the undisputed fact that its Internet 1000 tier offers upload speeds that are over 20 times faster than Comcast’s Gigabit Xfinity tier and submitted various articles discussing the advantages of fiber over cable. So does that mean AT&T could substantiate the claims? NAD didn’t think so. When an advertiser highlights a problem with a competing product that its own product can solve, it must ensure that “the extent of the problem is not exaggerated, and the advertiser’s product or service solves the problem.” NAD held that AT&T fell short on both counts.

First, NAD determined that the ads did more than just convey a message that AT&T’s service was faster than cable. NAD held that “consumers will reasonably take away the message that cable Internet is so unreliable that videoconferencing and uploading large files will fail entirely.” There was no evidence to support that interpretation.

Second, it wasn’t clear that faster speeds would necessarily solve the problems depicted in the ads. For example, NAD was persuaded by the challenger’s evidence that videoconferencing would not use anywhere close to the maximum 35 Mbps offered by Comcast. Above a certain level, more speed may not make a meaningful difference.

There’s a lot going on in this case – and we may not have the final word on it because AT&T announced its intention to appeal – but it’s still worth highlighting because it illustrates a common issue that advertisers face. You may have solid and objective evidence to demonstrate an advantage over a competitor, but you still need to be careful that you don’t overstate the significance of that advantage. Claims must be tailored to your substantiation.

Commissioners Cut Procedures, Rescind Policy, Empower Staff, Target Tech

With an unprecedented attack on policies the Federal Trade Commission had long embraced, the new majority of Democratic Commissioners revealed a bold enforcement agenda that would circumvent Supreme Court decisions and avoid Congressional limits.

It was a meeting like none the Federal Trade Commission has ever held. On one week’s notice, the Commission adopted new rules to impose civil penalties on substandard Made-in-USA claims, removed judges and safeguards from rulemaking proceedings, rescinded its 2015 enforcement policy statement on unfair methods of competition, and granted staff more authority to issue subpoenas and civil investigative demands. The vote on every issue followed party lines. Republican Commissioners, Noah Phillips and Christine Wilson, voted against all, and the Democratic Commissioners, Chopra, Khan, and Slaughter, rejected all amendments. Chair Khan announced that public meetings will become regular events at the FTC. Continue Reading Chopra, Khan, Slaughter Take Control of the Federal Trade Commission

Not All the Spaghetti Sticks: Post-AMG Court Rejects FTC 13(b) Statute SwitchThe week started badly for the FTC when the U.S. District Court for the District of Columbia dismissed its antitrust complaint against Facebook (as well as a similar case brought by the attorneys general of 46 states).  And things got a little worse yesterday for the FTC in FTC v. Cardiff – even if news of the decision was well below the fold — given a federal court ruling  that the FTC’s late-breaking theory of monetary damages under the Restore Online Shoppers’ Confidence Act (“ROSCA”) was ill-timed.

As readers of this blog know, we closely followed the aftermath of the Supreme Court’s AMG ruling, especially as it pertains to ongoing FTC actions.  And we have seen the FTC make good on its promise to pursue a variety of theories in an attempt to recover monetary penalties intended to  redress consumer injury.

In doing so, the FTC has taken varying positions as to whether and how it still seeks monetary remedies: in some cases, the FTC, acknowledging that 13(b) money remedies are no longer available post-AMG, has withdrawn its claim for monetary relief; in others, the FTC requests that the court delay decision on monetary relief in the light of the possibility of future congressional action providing 13(b) monetary powers; and in others still, the FTC has withdrawn its request for 13(b) monetary relief, but  attempted to obtain money judgments through another statutory provision.

FTC v. Cardiff fits this third category.  Pending in the Central District of California, the FTC attempted to pursue monetary relief post-AMG by way of a different statute:  ROSCA. While the court agreed with the FTC that it could have pursued monetary relief under ROSCA, the court found the FTC had waived the right to request such relief in this case.

The court noted that, in the FTC’s Rule 26 disclosures, the Agency had only calculated damages under 13(b), not under ROSCA, and had only disclosed its ROSCA expert after discovery closed (and, conveniently, after AMG was decided). The court concluded that the FTC had forfeited its right to seek monetary relief under the alternate statutory provision, and granted Cardiff’s motion for summary judgment, confirming that the FTC was entitled to no monetary relief.

The court’s Cardiff decision is a significant blow to the FTC.  Stephen Cochell, one of the party’s lawyers (who, by the way, has racked up an impressive 13(b) won-lost record), provided the following comment:

The Court’s exclusion of evidence for violating Rule 26 sends a signal that the FTC is subject to the same rules as any other litigant in federal court litigation.  Overcharging, under-disclosing or late-disclosing information in Rule 26 Disclosures will not be tolerated.  The FTC will need to give more thought as to how they are going to establish damages and timely comply with Rule 26.

So while it is not Facebook, the Cardiff case is important for defendants that are already deeply enmeshed in litigation with the FTC.   It strongly suggests that courts may not allow the FTC to change its legal theory for damages on such short notice, especially where such a modification could prejudice the defendant.

Coming Up:  FTC Commissioners expected to testify before the Energy & Commerce Consumer Protection and Commerce Subcommittee on July 28th.

*                      *                      *

Second Circuit Reverses the Commission and Orders Dismissal on 1-800-Contacts

Subscribe here to Kelley Drye’s Ad Law Access blog and here for our Ad Law News and Views newsletter. Visit the Advertising and Privacy Law Resource Center for update information on key legal topics relevant to advertising and marketing, privacy, data security, and consumer product safety and labeling.

Kelley Drye attorneys and industry experts provide timely insights on legal and regulatory issues that impact your business.  Our thought leaders keep you updated through advisories and articlesblogsnewsletterspodcasts and resource centers.  Sign up here to receive our email communications tailored to your interests.

Follow us on LinkedIn and Twitter for the latest updates.

 

TINA.org continues to aggressively beat the enforcement drum.  Today, its leaders sent a letter to Acting Director of the Bureau of Consumer Protection Samuel Levine encouraging the FTC “to implement a penalty offense program targeting the direct selling industry and its market-wide practice of utilizing deceptive earnings representations and false health claims.”

As we discussed in detail here, FTC Commissioner Rohit Chopra and his then attorney advisor Levine last year released a paper advocating for the Commission to resurrect the Penalty Offense Authority, which authorizes civil penalties where the following three conditions are met:

  • a final cease and desist order has been entered against a party in an administrative proceeding under Section 5(b) of the FTC Act;
  • there is a Commission determination that a specific practice is unfair or deceptive, as part of that order; and
  • a party with actual knowledge that the practice is unfair or deceptive has engaged in that practice after the order became final.

The letter argues that the Commission has issued “numerous final cease and desist orders following fully adjudicated administrative proceedings” that could be used as a predicate for an action under the Penalty Offense Authority.  Despite that assertion, the letter attaches only two orders: (1) the 1975 Koscot decision that established the standard for an illegal pyramid scheme under the FTC Act; and (2) a 2013 order against POM Wonderful LLC, which is not a direct selling company, but that involved allegations of misleading health claims for a food product.  While the FTC has indeed brought many enforcement actions and settlements against direct selling companies, the challenge that TINA and the FTC face in seeking to revitalize the Penalty Offense Authority is that its use requires a final order after an administrative proceeding.  Because the FTC for years relied almost exclusively on settlements and/or 13(b) litigated matters for enforcement, there are not many final orders after an administrative proceeding to rely on.

Undeterred by this limitation, the TINA.org letter also provides a list of 660 direct selling companies with contact information “to assist the FTC in providing notice.”  The organization’s efforts are the latest in a series of efforts that explore how the FTC can obtain money through enforcement in novel ways in the wake of the Supreme Court’s unanimous AMG Capital Management decision.  For example, two weeks ago, the FTC filed an amended complaint against RCG Advances seeking civil penalties under the Gramm-Leach-Bliley Act under a new legal theory.  Before that, the FTC brought an action against MoviePass seeking civil penalties under the Restore Online Shoppers’ Confidence Act (ROSCA), again under a novel theory of statutory interpretation.

The Commission has also signaled that it may seek to amend the Business Opportunity Role to cover direct sellers and others in the “gig economy.”  The takeaway here is clear: even as the battle in Congress to pass legislation continues, the FTC and others are continuing to consider other methods to obtain money through enforcement.

The Decision

1-800-Contacts is one of the largest sellers of contacts online.  One of the principal ways consumers shop for contacts is through key word searches.  In the past, certain 1-800-Contacts competitors purchased the keyword “1-800-Contacts.”  That would place their advertisements at the top of the list of results.  1-800-Contacts sued these companies for trademark violation and settled with a good number of them.  According to the Second Circuit, the settlements “include[] language that prohibits the parties from using each other’s trademarks, URLs, and variations of trademarks as search advertising keywords. The agreements also require the parties to employ negative keywords so that a search including one party’s trademarks will not trigger a display of the other party’s ads. The agreements do not prohibit parties from bidding on generic keywords such as ‘contacts’ or ‘contact lenses.’”

The Federal Trade Commission found these agreements inherently suspect and sued 1-800-Contacts for violating Section 5 of the FTC Act.  An administrative law judge agreed, 1-800-Contacts appealed and the Commission denied the appeal.  1-800-Contacts then appealed to the Second Circuit.  The Second Circuit disagreed that the behavior was “inherently suspect” and that the agreements on bidding were not bid rigging.  And, after itself engaging in a rule of reason analysis, found no anticompetitive effect, that the Commission did not in fact rebut 1-800-Contact’s evidence of trademark protection, and that the Commission had not shown that a viable, less restrictive alternative existed.

The Second Circuit vacated the Commission’s decision and ordered the Commission to dismiss the administrative complaint.

Analysis

By buying 1-800-Contacts’ trademarks as keywords, its competitors are engaged in classical free riding.  The only reason a consumer would type in “1-800-Contacts” in a search is because 1-800-Contacts has invested a great deal of time and money to develop its brand and build goodwill.  When a consumer sees a competitor’s name and goes to that website, the competitor benefits from 1-800-Contacts investment without incurring any of the costs.  This practice is the “real world” equivalent of putting up a sign in front of their store that says they are “Marshall Field’s” when in fact they are nothing of the sort.  Customers go into the store thinking it’s Marshall Field’s.  It’s no defense that those customers can leave and go to a different store.  The settlements are also narrowly tailored to limit this free riding.  It doesn’t, for example forbid them from buying “contacts” or their own trademarks and thus making their own investment in their brand.

Further, there is also no evidence that suggests being the first advertisement in a list of search results where the word searched is the name of the business confers market power.  Indeed, one would think that if there was a competitive advantage to being first in a list of results where the word searched is the name of the business, it’s because of the good will the business has created in its name.  To call this arrangement “inherently suspect” is really just the Commission taking it upon themselves to declare these agreements per se illegal.

And it’s not bid rigging.  As the Second Circuit observes, 1-800-Contacts’ competitors can buy their own trademarks as well as the generic terms.  And the agreements allow the trademark holders to narrowly protect their protectable interest in forbidding free riding off their investment in their marks and goodwill.  The Commission effectively backs into this conclusion by virtue of their initial assessment that the agreements are inherently suspect.  They declare the practice without value, then conclude the practice is without value.

One could argue that the Court overreached by ordering the complaint dismissed.  If the Commission failed to introduce evidence, because, for example, it used the wrong standard, it should have the opportunity to develop and introduce that evidence.  By forbidding the Commission from doing so, the Second Circuit has assumed the role of fact finder.

*                      *                      *

Second Circuit Reverses the Commission and Orders Dismissal on 1-800-Contacts

Subscribe here to Kelley Drye’s Ad Law Access blog and here for our Ad Law News and Views newsletter. Visit the Advertising and Privacy Law Resource Center for update information on key legal topics relevant to advertising and marketing, privacy, data security, and consumer product safety and labeling.

Kelley Drye attorneys and industry experts provide timely insights on legal and regulatory issues that impact your business.  Our thought leaders keep you updated through advisories and articlesblogsnewsletterspodcasts and resource centers.  Sign up here to receive our email communications tailored to your interests.

Follow us on LinkedIn and Twitter for the latest updates.

Earlier this month, the nonprofit Earth Island Institute filed a lawsuit against Coca-Cola, alleging that the company falsely and deceptively represents itself as “a sustainable and environmentally friendly company, despite being one of the largest contributors of plastic pollution in the world.”

These types of lawsuits aren’t new. As more companies have started to develop Environmental, Social, and Governance (“ESG”) goals and to make claims about their progress towards achieving those goals, we’ve seen more suits challenging the accuracy of those claims. But this lawsuit is a little different.

While most lawsuits target claims about past or present results (which, in many cases, can be proven or disproven), the current lawsuits targets many aspirational and forward-looking statements (which are inherently harder to prove or disprove).

Here are a few examples of the claims Earth Island Institute cites in their complaint:

  • “Our planet matters. We act in ways to create a more sustainable and better shared future. To make a difference in people’s lives, communities and our planet by doing business the right way.”
  • Coca-Cola plans to “make 100% of our packaging recyclable globally by 2025.”
  • “Scaling sustainability solutions and partnering with others is a focus of ours.”
  • “Part of our sustainability plan is to help collect and recycle a bottle or can for every one we sell globally by 2030.”
  • “We’re using our leadership to achieve positive change in the world and build a more sustainable future for our communities and our planet.”

Earth Island Institute alleges that Coca-Cola’s campaign is misleading because “the company is far from what consumers would understand to be a sustainable business.” As evidence, the complaint cites the company’s current plastic production and casts doubts about how much of an impact the company’s sustainability plans will have in the future.

It’s too early to tell how this case will turn out, but companies that make claims based on future ESG goals will want to pay attention. If the court allows the case to go forward, it could suggest that companies will have to take greater care when talking about future goals.

Last year’s voter guide to California Proposition 24, the California Privacy Rights Act (CPRA), included a stark argument against enacting the privacy ballot initiative because it did not go far enough to protect employee privacy.  “Currently, employers can obtain all kinds of personal information about their workers and even job applicants,” the argument against Proposition 24 written by Californians for Privacy Now stated.  “Proposition 24 allows employers to continue secretly gathering this information for more years to come…”

The message did not stick.  Voters overwhelmingly enacted the CPRA, apparently judging that its provisions – including those that apply to employers – were worth an additional two-year waiting period.  The effective date of the new law is January 1, 2023.

As companies build their roadmap to CPRA compliance, that assessment should also take into account planning for employee and job applicant privacy changes.  The new law imposes first in the nation obligations that grant employees and job applicants new rights to access, correct, delete, and opt out of the sale or sharing of their personal information.  The law also prohibits discriminating against employees or job applicants who lodge privacy rights requests.

In this post, we provide an overview of topics that employers should know as the sunset of the employer exception to CCPA approaches.

Why Would CCPA Apply to Employers?

The California Consumer Privacy Act of 2018 (CCPA), which became effective on January 1, 2020, originally applied to employers.  The law defines a “consumer” as a natural person who is a California resident.  This includes employees, job applicants, contractors, or other staff of a business.

In 2019, the California legislature amended the CCPA with a stopgap measure – for one year, the CCPA would not apply to employers.  The measure, AB 25, said that personal information collected by a business in the course of the person acting as an employee, job applicant, or contractor in connection with the consumer’s employee, job applicant, or contractor role is exempt from the CCPA.  Also exempt is emergency contact information or information necessary to administer benefits.

Last year, California voters extended the employer exemption for another two years to January 1, 2023 in the CPRA ballot initiative.

What Employers are Covered by California Privacy Law?

If a business is covered by the CCPA for consumer data, it is covered for employee data.  Starting in January 2023, the CPRA thresholds for coverage are as follows:

  • Annual gross revenues in excess of $25 million in the preceding calendar year,
  • Buys, sells, or share personal information of 100,000 or more California consumers or households, or
  • Derives 50 percent or more of its annual revenues from selling or sharing California consumers’ personal information.

Some employers may be eligible for certain exemptions that are applicable to already-regulated information that they hold about their employees.  For example, credit information that employers routinely collect to assess employment eligibility may be subject to an exception, because the information is already covered under federal fair credit reporting laws.

Also, employers that have existing obligations as business associates under the Health Insurance Portability and Accountability Act (HIPAA) may also be exempt with respect to any medical, protected health information (PHI), or covered benefits information that they maintain, use, or disclose.

In general, employers are also not required to comply with CPRA obligations that conflict with other federal, state, or local laws or legal obligations, or restrict an employer’s ability to exercise or defend legal claims.  For example, affirmative legal obligations to gather and maintain certain information, such as EEO-1 reports or compensation-related information may directly conflict with CPRA.

What Constitutes Employee Personal Information?

The definition of employee “personal information” includes information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular employee.

This may include name, contact information, identifiers, protected classifications (like gender, race, or sexual orientation), financial or medical information, account log in, religious or philosophical beliefs, union membership, commercial information, biometric information, internet or electronic network activity information, geolocation data, audio, electronic, visual, thermal, olfactory, or similar information, professional or employment-related information, education information, and inferences drawn from any of this information about the employee.

The contents of an employee’s mail, email, and text messages constitutes sensitive personal information, a sub-category of personal information, unless the employer is the intended recipient of the communication.

What Obligations Apply Starting in January 2023?

All CPRA obligations apply.  These include:

  • Notice:  Employees will be required to provide a comprehensive notice of their collection of personal information from employees, job applicants, and contractors, including description of the categories of personal information collected, the purposes of collection, details on disclosure of personal information, and information about retention of personal information.
  • Right to access:  Provide employees with a right to access categories of personal information and specific pieces of personal information.  This includes any inferences drawn from personal information to create a profile reflecting the employee’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
  • Right to correct:  Provide employees with the right to correct their personal information using commercially reasonable efforts.
  • Right to delete:  Provide employees the right to delete their personal information.  However, numerous statutory exemptions may apply, including allowing an employer to retain personal information reasonably anticipated by the employee within the context of an ongoing relationship with the employer, to perform a contract between the employee and employer, or to comply with a legal obligation.
  • Right to restrict uses of sensitive personal information:  Sensitive personal information includes a social security number, account log in, financial information, geolocation, racial or ethnic origin, religious beliefs, sexual orientation, health information, biometrics, and the contents of employee communications unless the employer is the intended recipient of the communication.  Starting in January 2023, an employee may be able to direct an employer to limit certain uses of sensitive personal information for specific business purposes, as well as to direct an employer to limit disclosure of sensitive personal information, absent a qualifying exemption.
  • Right to opt out:  Provide employees the right to opt out of the sale of personal information to third parties. The term “sale” is a broad term, and includes disclosing employee information to business partners, vendors, and contractors absent a written agreement containing specific terms restricting the third party’s use of that data, or a qualifying exemption.

Certain obligations are subject to change depending on action expected in the coming year from the newly constituted California Privacy Protection Agency.

What Steps Should Employers Take to Prepare?

Given the complexity of HR data and systems, as well as the sensitivity of employee data generally, it is not too early for employers to prepare for CPRA.  Such efforts might include, for example:

  • Privacy Stakeholders:  Determine the legal, HR, and technology support (internal resources or external technology solutions) responsible for the efforts necessary to build a privacy compliance program and respond to privacy rights requests.
  • Data Mapping:  Understand the information that the business collects, the categorization of data (whether personal information or sensitive personal information), the location of the data, and the steps to access, correct, or delete the data.  A major part of this effort should also include determining which data practices identified are subject to applicable exemptions from CPRA.
  • Contract Review:  Review partner contracts to correctly classify service providers and contractors from third parties, and that the contracts include the necessary restrictions depending on the classification. This effort might prioritize those partners that present more risk to the company, whether due to the nature of the processing, type, or volume of data in scope. Updating these contracts, however, might wait until there is more insight on the forthcoming CPRA regulations by the California Privacy Protection Agency (CalPPA) as to necessary terms, although the CCPA regulations are instructive.
  • Response Procedures:  Develop procedures for responding to employee requests, including managing sensitive requests while maintaining personal information as confidential and accessible to internal personnel only on a need-to-know basis.
  • Retention Policy:  Develop and document a retention policy that complies with applicable employer data retention obligations.
  • Notice:  Draft an employee privacy policy that complies with new statutory obligations under CPRA, as well as forthcoming regulations by the CalPPA.

Do Any of These Obligations Apply Now? 

Employers may have an obligation to provide a notice at or before collection of personal information that details the categories of personal information that they collect and the purposes for which personal information will be used.

However, due to an apparent drafting error in the CPRA ballot initiative, this privacy notice obligation is muddled by a textbook case of unclear statutory construction.

Here’s what happened.  Originally, AB 25 required employers to provide a privacy notice to employees.  However, the CPRA ballot initiative from last year changed a critical code section reference in an apparent drafting error.  In so doing, the CPRA ballot initiative left unclear whether the employer privacy notice is required.

AB 25 said that employers would be required to provide a privacy notice based on Cal. Civ. Code 1798.100(b).  The CPRA ballot initiative changed the reference to Cal. Civ. Code 1798.100(a).  It is possible that the drafters intended to point to subsection (a) because in the CPRA ballot initiative this code section also requires a privacy notice.  But the CPRA ballot initiative version of the code section is not actually the law until January 1, 2023.

That’s a problem because under current law (effective until December 31, 2022), Cal. Civ. Code 1798.100(a) talks about a different topic entirely – giving consumers the right to request that a business disclose the categories and specific pieces of personal information the business has collected about a consumer.

What is a reasonable interpretation in light of this problem?  When it comes to statutory interpretation of ballot initiatives, courts generally say that the drafter’s intent does not matter.  In California, usually a court first looks at the language of the statute.  If the language is not ambiguous, the court presumes the voters intended the meaning apparent from the language.  If the language is ambiguous, then courts usually look at the ballot initiative voter materials for clues on how voters made their decision.

It is easy to see why a court might agree that the language is ambiguous.  The employer exception clearly does not provide a right of employees to access their personal information until January 1, 2023.  Giving full effect to 1798.100(a) would be hampered by the fact that the CCPA’s core instructions on how to provide access to personal information and what to provide are subject to the employer exemption.

This brings us back to the ballot initiative materials provided to voters.  The arguments against proposition 24 from Californians for Privacy Now warn that employers will be able to secretly gather personal information “for more years to come.”  Clearly, there is no recognition in the ballot initiative materials of any interim employee rights.

Bottom line?  The law right now is unclear, and so, as a practical matter, it’s a best practice (and required in a few other states) to publish a privacy notice for employees and job applicants.

Final Question:  Do Employers Have Privacy Obligations in Other States?

There are no other states that have enacted CPRA-style comprehensive privacy laws that apply to employees; for example, Virginia and Colorado explicitly exempted the employment context without a sunset.  But there are some states, such as Connecticut, that do require some form of privacy notice to employees. There are also two-party consent requirements in a number of states that are applicable to recording calls, as well laws that require disclosure about electronic monitoring.

Conclusion

The best way to address navigating these developments is to plan ahead with a compliance roadmap leading to 2023.  Figure out what resources you’ll need, including what types of internal and external support will be critical for success. Given the complexities involved, thoughtful (and realistic) preparation is a must.

*                      *                      *

CPRA Update: How to Prepare for Privacy Compliance as an Employer

Subscribe here to Kelley Drye’s Ad Law Access blog and here for our Ad Law News and Views newsletter. Visit the Advertising and Privacy Law Resource Center for update information on key legal topics relevant to advertising and marketing, privacy, data security, and consumer product safety and labeling.

Kelley Drye attorneys and industry experts provide timely insights on legal and regulatory issues that impact your business.  Our thought leaders keep you updated through advisories and articlesblogsnewsletterspodcasts and resource centers.  Sign up here to receive our email communications tailored to your interests.

Follow us on LinkedIn and Twitter for the latest updates.

Section 13(b)logThe ripple effects continue from the Supreme Court’s holding in AMG Capital Management, LLC v. FTC, explaining that Section 13(b) of the FTC Act does not allow (and never did allow) monetary remedies.

In some cases, the FTC has stricken equitable monetary remedies entirely by removing those requests for relief in amended complaints. In others, the FTC is attempting to retain its request for monetary relief by newly tying it to another statutory provision. In still others, the Agency has requested that courts ignore AMG, because Congress may, at some unspecified future date, amend the statute.

Latest update follows.

Continue Reading Post-AMG Scorecard (Updated): Different Roads Forward for the FTC in Pending Cases

The FTC yesterday took two actions that on their face seemed part of the regular course, but that could signal notable changes for financial institutions and multi-level marketing companies.  First, the FTC filed an amended complaint against RCG Advances, a merchant cash advance provider, alleging that the company violated the Gramm-Leach-Bliley Act and seeking civil penalties under a novel theory of its statutory authority.  Second, the FTC announced that it plans to review the Business Opportunity Rule this year and Commissioner Chopra issued a statement signaling that he will push to expand coverage of the Rule to include MLMs and other direct sellers not currently covered.

Civil Penalties for GLBA Violations

The FTC first sued RCG Advances in June 2020, alleging that the company deceived small businesses by misrepresenting terms of cash advances and then using unfair collection practices to compel them to pay.  The initial complaint also alleged that the companies made unauthorized withdrawals from consumers’ accounts and sought a permanent injunction and consumer redress under Section 13(b) of the FTC Act.  As we’ve covered extensively in our 13(b) blog, the Supreme Court’s unanimous decision in AMG Capital Management foreclosed the capacity to seek consumer redress, and thus the amended complaint removes that reference while otherwise mirroring the substantive allegations of the initial complaint.

The new complaint also adds a count alleging violations of GLBA for use of fraudulent statements to customers in an attempt to obtain consumer information.  GLBA is generally intended to protect consumer financial privacy by limiting when financial institutions can disclose consumers’ nonpublic personal information.  In the amended complaint, the FTC cites a seldom cited provision of GLBA that prohibits any person from “obtain[ing] or attempt[ing] to obtain . . . customer information of a financial institution relating to another person . . . by making a false, fictitious, or fraudulent statement or representation to a customer of a financial institution.”

The FTC then advances a novel theory to assert that it has the authority to obtain civil penalties under GLBA because it empowers the FTC to enforce it “in the same manner and with the same power and authority as the [FTC] has under the Fair Debt Collection Practices Act [FDCPA].”   The Dodd-Frank Act amended the FDCPA in 2010 to provide that violations may be enforced “in the same manner as if the violation had been a violation of a Federal Trade Commission trade regulation rule.”  Notably, the GAO as recently as February 2019 issued a report noting that the “FTC does not have civil penalty authority for violations of requirements under the Gramm-Leach-Bliley Act (GLBA).”

The limits of this theory are likely to be tested in litigation, but it’s clear that the FTC continues to make good on its promise to push for creative monetary solutions in the wake of the AMG decision.  Yesterday’s action follows last week’s new use of the Restore Online Shoppers’ Confidence Act (ROSCA) to obtain civil penalties for alleged misrepresentations unrelated to negative option offers themselves, as we covered here.

Expanding Coverage of the Business Opportunity Rule

Within an hour of announcing the amended complaint against RCG seeking civil penalties, the FTC also signaled that it would seek to expand another civil penalty authority by altering the coverage of the Business Opportunity Rule.  Published in 2011, the Business Opportunity Rule requires sellers of “business opportunities” to provide certain earnings disclosure documents in writing and prohibits specified misrepresentations related to earnings potential.

In the rulemaking record, the FTC considered and deliberately excluded MLMs from coverage on the grounds that “the varied and complex structure of MLMs makes it exceedingly difficult to make an accurate earnings disclosure and likely would require different disclosures for different levels of participation in the company.”   In yesterday’s announcement, Commissioner Chopra issued a statement signaling that he supports reversing that decision and revising the Rule to cover MLMs and potentially others in what he refers to as the “gig economy,” which would in turn open up the FTC’s civil penalty authority for income misrepresentations by those entities.

With Chopra likely to depart the Commission soon to head the CFPB, the question is whether other commissioners, including now confirmed Commissioner Lina Khan, will take up the cause.

The Senate recently passed the Country of Origin Labeling Online Act (COOL Online Act) with overwhelming bipartisan support. Currently, U.S. law requires that external packaging for many products state the product’s country of origin. The uptick in online shopping and the sale of imported products, however, has increased interest in requiring country of origin disclosures for online offers. The proposed legislation would require online sellers to disclose country of origin in online product descriptions and online advertisements. The designation would be in a manner consistent with the Customs and Border Protection origin marking regulations and section 304 of the Tariff Act of 1930. The legislation would also require conspicuous disclosure of the seller’s location and, if applicable, the country in which any parent corporation of such seller is located.

Critics of the legislation have concerns about potential inconsistency with other regulatory requirements and the burden associated with identifying and tracking the origin of a specific product, particularly for products that may be sourced from different countries or that may be purchased through an intermediary.

The FTC, not Customs, would enforce the act and certainly has experience with other statutes that require country of origin disclosures in advertising. We will continue to track the legislation.

*                           *                           *

Colorado Passes Privacy Bill: How Does it Stack Up Against California and Virginia?

Subscribe here to our Ad Law News and Views newsletter and visit the Advertising and Privacy Law Resource Center for update information on key legal topics relevant to advertising and marketing, privacy, data security, and consumer product safety and labeling.