The replay for our July 30, 2020 California Consumer Privacy Act (CCPA) for Procrastinators: What You Need To Do Now If You Haven’t Done Anything Yet webinar is available here.

The coronavirus pandemic has put many things on hold, but CCPA enforcement is not one of them. The California Attorney General’s enforcement authority kicked in on July 1, 2020, and companies reportedly have begun to receive notices of alleged violation. In addition, several class actions have brought CCPA claims. Although final regulations to implement the CCPA have yet to be approved, compliance cannot wait.

If you’re not yet on the road to CCPA compliance (or would like a refresher), this webinar is for you. We covered:

  • Latest CCPA developments
  • Compliance strategies
  • Potential changes to the CCPA if the California Privacy Rights Act (CPRA) ballot initiative passes

Anyone who has not begun their CCPA compliance efforts or thinks they need a refresher should watch this webinar.

To view the presentation slides, click here.

To view the webinar recording, click here.

Subscribe to our Ad Law News and Views newsletter to receive information on our next round of webinars and to stay current on advertising and privacy matters.

Visit the Advertising and Privacy Law Resource Center for additional information for additional information, past webinars, and educational materials.

Ad Law Access Podcast

As we previously reported, “Phase I” of class action filings relating to the COVID-19 pandemic has become a significant contagion of its own with more than 500 cases being filed since March challenging refund policies, school closures, event cancellations, and marketing and pricing practices.  As the economy gradually reopens, “Phase II”—how companies respond to these cases—is just beginning.  Not surprisingly, defendants are fighting hard and early to defeat these claims, with many opting to file motions to dismiss rather than answering the complaint and entering into lengthy and expensive discovery.

Early Action in Cases Against Public-Facing Businesses

Public-facing businesses—such those in the retail, travel and hospitality industries—have been the first to re-open and are currently navigating a patchwork of state guidelines on how to do so safely.  Compounding this burden, these same companies are facing a wave of lawsuits by customers and employees alleging negligence, breach of contract, and unfair business practices during the pandemic.

These industries are not new to class action litigation and many companies have included arbitration clauses and class arbitration waivers in their consumer contracts.  These defendants have, not surprisingly, moved to compel arbitration, and plaintiffs have responded with unique (but likely ineffective) allegations of unconscionability, fraud and duress to try to stay in court.  For example, in a case against Amazon, the plaintiffs alleged that the arbitration agreement was unconscionable because they were under duress during the pandemic and were forced to purchase products from Amazon.  Amazon’s response was based on the black-letter principle that unconscionability is measured at the time of contracting, and not at the time of the challenged conduct.

Other companies have focused on substance, arguing that they complied with their contractual obligations and that their customers have not suffered damages.  For example, in the case of recurring monthly payments for fitness club memberships, defendants have argued that their membership agreements do not mandate refunds for temporary closures, and therefore plaintiffs who filed suit within days or weeks of the initial closure did so too quickly. Continue Reading What will “Phase II” of COVID-19 Class Actions Look Like?

Kelley Drye Advertising Law Summer Webinar Series This Wednesday, July 22
Selling Online: How to Avoid Flattening the Curve of an Uptick in Website Traffic
Register Here

COVID-19 has increased the already dizzying amount of online sales, making the applicable marketing requirements increasingly important. These rules affect not just how companies advertise and promote products and services online, but also how they bill and otherwise interact with consumers before, during, and after a transaction.

This webinar will include practical tips to help companies minimize risk of enforcement and litigation and provide practical guidance. Topics include:

  • Endorsers and Influencers
  • Promotions and Pricing
  • Subscription Plans and “Free” Trials
  • Shipping and Delivery
  • Consumer Reviews and the Consumer Review Fairness Act
  • Customer Service Considerations – how timely refunds and responsiveness can help reduce legal risks

Register Here

Kelley Drye Advertising Law Summer Webinar SeriesJuly 29
Cleaning Up From 2020: Guidance for Disinfectant, Germ and Virus Killing Claims
Register Here

COVID-19 has brought a proliferation of products claiming to kill or otherwise inhibit viruses, bacteria and other germs. These products, before they can be legally sold, are heavily regulated by the U.S. Environmental Protection Agency (EPA), Food and Drug Administration (FDA), and sometimes both. Major enforcement actions are pending against companies making illegal claims or selling unregistered products. Meanwhile, the FTC regulates advertising of many sanitizing products and the agency has pursued enforcement on companies that overstate their products’ germ-killing performance.

Please join us for a webinar covering the basics of germ killing and related product claims.

Discussion topics include:

  • The regulatory landscape: Who regulates what – EPA, FDA and FTC jurisdiction and requirements
  • What can you say and when can you say it
  • Potential liability and enforcement considerations
  • What to do if you receive a warning letter or other enforcement action

Anyone who is currently making or planning to make pesticide products, microbiology laboratory personnel with efficacy testing responsibilities, manufacturers of sanitizing products including lights, retailers of sanitizing products, anyone new to claims or in need of a refresher should join us for this webinar.

Register Here

July 30
California Consumer Privacy Act (CCPA) for Procrastinators: What You Need To Do Now If You Haven’t Done Anything Yet
Register Here

The coronavirus pandemic has put many things on hold, but CCPA enforcement is not one of them. The California Attorney General’s enforcement authority kicked in on July 1, 2020, and companies reportedly have begun to receive notices of alleged violation. In addition, several class actions have brought CCPA claims. Although final regulations to implement the CCPA have yet to be approved, compliance cannot wait.

If you’re not yet on the road to CCPA compliance (or would like a refresher), this webinar is for you.

We will cover:

  • Latest CCPA developments
  • Compliance strategies
  • Potential changes to the CCPA if the California Privacy Rights Act (CPRA) ballot initiative passes

Anyone who has not begun their CCPA compliance efforts or thinks they need a refresher should join us for this webinar.

Register Here

Also join our counterparts for:

COVID-19 Response Labor and Employment Labor and Employment Counseling and Compliance Labor and Employment LitigationTuesday, July 21
Not Normal: the Challenges of a Changed Workplace
Register Here

Four months ago, the Dow was close to 30,000, employment rates were at historic highs, the coronavirus was still “novel,” and millions had not yet taken to the streets in global protests against police brutality and racial inequality. The workplace we now return to exists in this supercharged social and political climate, with new rules, laws, risks and social issues creating new and uncharted waters for employers to navigate.  Join Kelley Drye’s Labor and Employment partners Barbara HoeyMark Konkel, and Kimberly Carter as they identify risks and share pragmatic solutions to these new challenges.  Topics will include:

  • Politics, speech and activism in the workplace
  • The changing role of HR
  • What “diversity” means now
  • New employment laws

Register Here

Advertising and Privacy Law Resource CenterFind replays of our webinars and other key resources relevant to advertising and marketing, privacy, data security, and consumer product safety and labeling on the Advertising and Privacy Law Resource Center.

January 1, 2020 was the effective date for the California Consumer Privacy Act (CCPA).  As we reported and summarized in our Q1 2020 CCPA Litigation Round-Up, private litigants wasted no time in filing consumer-related causes of action under the new law.

Here, we provide an update on material developments in that first wave of claims and report on additional private lawsuits commenced in the first half of the year.  We have further categorized the recently-filed cases based on those stemming from a data breach versus not.  In the latter category, the cases are further split based on the underlying alleged violations – last quarter, non-breach based claims related to the disclosures and opt-out mechanisms required by the CCPA as well as the scope of “personal information” covered by the CCPA.

1. Update on Cases Reported in Q1 2020

Continue Reading CCPA Litigation Round-Up: Q2 2020

Coronavirus testing and screening procedures are central to many companies’ return-to-work plans.  Because testing and screening data is often sensitive and may help to determine whether individuals are allowed to work, companies need to be aware of the privacy and security risks of collecting this data and protect it appropriately.  Failing to do so may lead to a backlash in the workplace, cause reputational damage, and invite scrutiny from regulators and plaintiffs’ attorneys.

We have created checklist of general tips to help companies navigate return-to-work privacy and data security issues.  In addition to designing COVID-19 testing and screening data collection programs that fit local and state reopening conditions, companies may also wish to consult key sources of federal guidance, including the following:

For more information on returning to work, COVID-19, and other topics, please visit:

Advertising and Privacy Law Resource Center

A recent Marketplace Tech podcast episode on the spike in demand for mental health apps caught our attention.  As shocking headlines and stay-at-home orders rolled across the country, demand for mental health apps increased almost 30% since the pandemic began, according to CNBC.  And there is a wide variety of options to choose from, with roughly 20,000 mental health apps available across app stores.  This got the editors of Marketplace Tech asking two questions:  Do mental health apps work?  And what are the regulatory and privacy implications?  It’s worth a listen when you have time and we figured that we could weigh in as well.

Do they work?

One psychiatrist interviewed for the Marketplace Tech story questioned whether the apps should be required to demonstrate effectiveness to the FDA prior to being marketed.  In fact, some of them are, but many are not.

The starting point for this analysis is whether the app or the software is regulated as a medical device.  The Food Drug and Cosmetic Act defines a device as “…an instrument, apparatus, implement, machine, contrivance, implant, in vitro reagent, or other similar or related article, including any component, part, or accessory”, that is “… intended for use in the diagnosis of disease or other conditions, or in the cure, mitigation, treatment, or prevention of disease, in man …” or “… intended to affect the structure or any function of the body of man or other animals…”  Apps that meet this definition are regulated as medical devices and are subject to FDA’s pre-market review requirements, unless they are low risk and subject to FDA’s enforcement discretion policy.

Given the need for patients and consumers to access mental health therapy remotely and in increased numbers over recent weeks, FDA relaxed its requirements for apps intended to help treat depression, anxiety, obsessive compulsive disorder and insomnia.  FDA’s Enforcement Policy for Digital Health Devices For Treating Psychiatric Disorders During the Coronavirus Disease 2019 (COVID-19) Public Health Emergency suspends the 510(k) premarket notifications, corrections and removal notifications, registration and listing requirements, and unique device identification (UDI) requirements for computerized behavioral health devices and other digital health therapeutic devices for psychiatric disorders where those devices do not create an undue risk during the COVID-19 emergency.

There are thousands of apps that relate to mental health and overall wellbeing in some way, however, many of which are not within the definition of “medical device” and do not require premarket review.  FDA’s General Wellness:  Policy for Low Risk Devices explains the agency’s enforcement discretion approach more generally.

In addition, thinking about the “do they work” question, companies marketing these products should also be mindful of the FTC’s claim substantiation requirements.  Health claims are subject to a particularly high bar for claim substantiation – competent and reliable scientific evidence.  In simple terms, this means evidence that is sufficient in quantity and quality such that experts in the field would agree that it supports the claim.  The FTC has pursued app developers (see here and here) whose claims exceeded their substantiation and has issued dozens of warning letters to marketers making aggressive claims that their products can prevent or treat COVID-19.  Companies marketing apps that claim to help address mental and physical health conditions should be mindful of the substantiation requirements and of closely tailoring their claims to their evidence.

What about privacy?

Many apps used by physicians are subject to HIPAA, but the vast majority of health-related apps are not covered by HIPAA.  As health-related apps have proliferated, companies are collecting and storing massive amounts of consumer data.  Many apps do not feature a clear explanation about privacy practices and how data is being stored or used.  As we’ve chronicled here, non-HIPAA health privacy and the need for developers to be transparent with consumers about their privacy practices has been an FTC concern for several years.  Our Advertising and Privacy Law Resource Center provides a wealth of free content to help app developers understand the applicable legal framework.

More specifically related to privacy and data tracking in the era of COVID-19, our “Data Privacy Considerations for Coronavirus Data Tools” provides key considerations for companies seeking to build contact tracing and related health apps.  These include issues such as the following: whether personal information is involved, what level(s) of transparency are appropriate relative to data practices, how to address government requests for information, and considerations related to licensing COVID-19-related personal information.

What’s the takeaway?

As daily life has increasingly shifted online, it’s more important than ever for app developers to understand how their products are regulated and to build those features in to the product and how it is marketed.  In addition, FDA’s temporary relaxation of pre-marketing review standards for certain mental health apps does not mean that the FTC’s claim substantiation and privacy compliance requirements are relaxed for health-related apps more generally.  If anything, we should anticipate an increased regulatory focus on these issues.

* * * *

Ad Law Access Podcast

On the latest episode of the Ad Law Access Podcast, Advertising and Marketing partner Kristi Wolff discusses three keys to making compliant health claims:  determining the product regulatory classification, claim substantiation standards, and the importance of context.  This episode is a prequel to her earlier Health Claims in the Context of COVID-19 episode which focused on recent FTC and FDA enforcement relating to false COVID-19 health claims and the importance of considering the current pandemic context in health-related marketing.

Listen on Apple,  SpotifyGoogle Podcasts,  Soundcloud or wherever you get your podcasts.

For more information, visit:

FDA and FTC Joint Warning Letters Target Amazon Affiliates Making False COVID-19 ClaimsEarlier this week, federal regulators continued their efforts to combat the spread of products featuring allegedly false and misleading claims that products can diagnose, treat, cure, or prevent COVID-19.  In warning letters issued to CBD Gaze, Alternavita, Musthavemom.com, and Careful Cents LLC, the agencies identify the respective recipients as participants in the Amazon Affiliate program.  Amazon Affiliates are marketers who earn commissions by promoting products sold on Amazon.  The letters state that the products at issue, which include essential oils, grapefruit seed extracts, cod liver oil, and others, feature false treatment and prevention claims such as the following:

  • CBD Gaze:  “Find the best CBD Oil to help fight Coronavirus.”
  • Alternavita:  “4 Proven Ways To Protect Yourself Against Coronavirus,” you represent that “Everyone is concerned about Coronavirus and looking for ways to protect themselves,” and then state the following:

“Grapefruit Seed Extract If you want a little extra daily protection GSE is a safe antibiotic . . . [Amazon associate link].”

  • Musthavemom.com:  “NATURAL REMEDIES FOR CORONAVIRUS. . .There are plenty of things you can do to boost your immune system and fight off any virus including coronavirus. Here are a few!”  … “2. Vitamin D . . . This important vitamin plays a crucial role in immune health. Being deficient in Vitamin D can increase your risk of infection. I recommend this brand of Vitamin D [Amazon associates link] and starting at a minimum dose of 5,000 IU.” [from your website https://musthavemom.com/coronavirus-prevention-treatment-plan/]
  • Careful Cents LLC:  “How to Boost Your Immune System Naturally With Essential Oils to Fight Coronavirus” you state: “Can you use essential oils to boost your immune system and fight coronavirus? Yes! Essential oils are one of the best tools to strengthen your immune system naturally . . .”

The letters state that the products are unapproved new drugs and misbranded pursuant to the Food Drug and Cosmetic Act.  Causing the introduction or delivery for introduction of these products into interstate commerce is prohibited under sections 301(a) and (d) of the FD&C Act, 21 U.S.C. § 331(a) and (d).  The letters also state that “it is unlawful under the FTC Act, 15 U.S.C. 41 et seq., to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made.  For COVID-19, no such study is currently known to exist for the product identified above.  Thus, any coronavirus-related prevention or treatment claims regarding such product are not supported by competent and reliable scientific evidence.”

What’s the lesson?  The difference between these letters and the warning letters that FDA and the FTC issued earlier this year is that these are targeted not to the company making the product or even the retail platform on which they are sold.  They were sent to the middleman marketer, who likely does not produce or possess the product, but who is promoting and profiting from its sale.  This is consistent with the FTC’s letters to product influencers in other marketing contexts but is a departure from FDA’s typical enforcement approach.  Although we have seen FDA pursue retailers (particularly online ones), FDA has not made pursuit of marketing affiliates a priority.  Clearly, regulators want affiliate marketers (Amazon or otherwise) to understand that they are not immune from enforcement if they are making aggressive or unsubstantiated health claims.

Ad Law Access Podcast

 

Last week, the FTC sent warning letters to ten multi-level marketing companies alleging that the companies failed to stop their participants from making deceptive product and earnings claims related to COVID-19.  The letters request that the companies report within 48 hours what actions they have taken to stop their distributors from claiming their products can treat or prevent COVID-19, that MLM business opportunity participants are likely to earn substantial income, or both.

Six of the letters address both health and earnings claims, three address just earnings claims, and one addresses just health claims.  Examples of allegedly deceptive health claims cited in the letters include:

  • “Got the coronavirus heebeegeebees? Boost your immunity with this amazing deal!!!!”
  • “… If interested to learn more or obtain oils or rollers Let me know A little extra protection can help #doterra #NursesCOVID19 #Dialysis #ImmunityBoosters #ImproveRespiratoryFunction”

The cited examples show that the FTC is not looking just at express COVID-19 health claims but also claims that may be implied by any reference to the virus or pandemic, including through hashtags.

Examples of allegedly deceptive earnings claims cited in the letters include:

  • “Need to make extra money? Find it difficult to pay your bills? Were you laid off/ #fired? Be your own Boss w/doTERRA essential oils. Msg me to achieve financial independence #laidoff #unemployed #cantpaymybills #cantpaymyrent #student #sales #sidehustle #makemoney #stayathomemom.”
  • “[E]veryone’s getting stimulus checks right now… There is no better investment you could do… Take that money that you’re about to get back… figure out a way to make this happen tonight.”

The letters underscore the difficult question of how MLMs can promote legitimate business opportunities without overpromising a cure-all for economic uncertainty during a global pandemic.  Does a claim that otherwise is substantiated and non-misleading become deceptive by a mere reference to “these uncertain times” or some similar acknowledgment of the economic difficulty that many are facing?

As a matter of longtime FTC precedent, the answer should be no, and the warning letters don’t go this far.  But, the letters do underscore that the FTC is watching closely for any reference to COVID-19 or the pandemic, and MLMs and their participants should take note.

Ad Law Access PodcastAs retailers have shifted to online and ship to store/ship from store sales, we’ve been getting a variety of questions from our retailing clients.

On the latest episode of the Ad Law Access Podcast, Advertising and Marketing chair Christie Grymes Thompson and partner Kristi Wolff answer retailer questions regarding pricing, shipping, refunds, customer reviews, and telethermographic cameras (cameras that can detect human temperature).

Listen on AppleGoogle PodcastsSoundcloud, Spotify, or wherever you get your podcasts.

For more information on these and other topics, visit the COVID-19 Response Resource Center and Advertising and Privacy Law Resource Center.

______________________________________________________________

Getting Back to Work Webinar
The coronavirus threat will still be active when many employers begin to return their employees to the job. What will you do when employees refuse to return? When some have been sick but not diagnosed? When social distancing measures remain in place? When some parts of the country (or even your city) are “more open” than others? What should employers do to prepare?

In Part I of this two-part series, L&E Group co-chairs Barbara Hoey and Mark Konkel will guide employers through the snares of legal, logistical and practical considerations as the nation returns to work.

Register Here

Advertising and Privacy Law Resource Center

As business people, airport management, and event hosts everywhere try to figure out how they can return to business as usual, many are considering telethermographic device systems.  These are cameras that can detect human temperature in comparison to their surroundings to help identify fevers.  Reuters reported last week that Amazon implemented thermal cameras at its warehouses to scan for feverish employees.  This has prompted many to wonder how telethermographic devices are regulated.

FDA helped answer this question last Friday.  In its “Enforcement Policy For Telethermographic Systems During the COVID-19 Public Health Emergency,” FDA explains that use of such cameras to detect human temperature – even when used outside of a medical facility such as in an airport – may render the systems medical devices typically subject to pre-market clearance, registration, listing, and quality regulations.  However, during the current pandemic, FDA is relaxing those regulations provided that the systems meet performance and labeling criteria.

The systems must be tested and labeled consistent with the following:

1) IEC 80601-2-59:2017: Medical electrical equipment – Part 2-59: Particular requirements for the basic safety and essential performance of screening thermographs for human febrile temperature screening; OR

2) Alternative performance specifications that provide similar results to IEC 80601-2-59:2017. The guidance lists several alternative standards.

FDA recommends labeling that includes the following:

1) A prominent notice that the measurement should not be solely or primarily relied upon to diagnose or exclude a diagnosis of COVID-19, or any other disease;

2) A clear statement that:

  1. a) Elevated body temperature in the context of use should be confirmed with secondary evaluation methods (e.g., an NCIT or clinical grade contact thermometer);
  2. b) Public health officials, through their experience with the device in the particular environment of use, should determine the significance of any fever or elevated temperature based on the skin telethermographic temperature measurement;
  3. c) The technology should be used to measure only one subject’s temperature at a time; and
  4. d) Visible thermal patterns are only intended for locating the points from which to extract the thermal measurement.

FDA also recommends labeling that explains the performance specifications, proper use, installation, and related technical considerations listed in the guidance.

Companies considering using these devices will want to keep in mind that FDA is likely to reinstate the regulatory requirements post-pandemic.  When screening vendors, companies should consider whether the vendor will be able and willing to comply with the medical device standards once the economy has re-opened to a significant degree.

In addition, this technology raises employee and consumer privacy issues.  Prior to using it, companies should consider applicable laws and policies around notice to the public or employees, capturing such data, potentially storing or sharing it.