To kick off the last full month of the current presidential administration, the Federal Trade Commission’s activity included numerous consumer protection updates. Privacy and cybersecurity and online retailers (especially home security systems) were a focus, including announced court orders and consumer payments for shipping practices, improper use of artificial intelligence, collecting and selling consumer location data, and obtaining financing for unqualified customers. On the competition side, the FTC issued its 2024 Report on Ethanol Market Concentration and proposed a consent order for a no-hire agreement. All this and more after the jump.

Monday, December 2, 2024

Bureau of Competition: Ethanol; Energy

  • The Federal Trade Commission issued its 2024 Report on Ethanol Market Concentration. Under the Energy Policy Act of 2005, the Commission must perform an annual review of market concentration in the ethanol production industry “to determine whether there is sufficient competition among industry participants to avoid price-setting and other anticompetitive behavior.” The 2024 report concluded that “[t]he level of concentration and number of market participants in the U.S. ethanol production industry continue to suggest that the exercise of market power to set prices, or coordinate on price or output levels, is unlikely on a nationwide basis,” as it had in prior years. The Commission voted 5-0 to approve the report.

Bureau of Consumer Protection: Advertising and Marketing; Mail Order Rule

  • The FTC announced a court order requiring GOAT, an online retailer of sneakers and other apparel, to pay more than $2 million for violating its own policies and the Mail Order Rule requiring companies to have reasonable shipping practices. According to the FTC’s complaint, GOAT offered priority processing for its “Instant” orders and made promises of same-day shipping, including that “Standard” orders would typically arrive within three to six business days, and that “Next Day” orders usually arrive within one to two days after an order is placed. Despite these claims, the FTC alleges that GOAT shipped 37% of all “Instant” orders later than it promised and shipped more than 16% of all “Next Day” orders on the second day or later after the order, despite the buyers paying $14.50 to $25 in shipping upgrade charges. The FTC’s complaint also alleged that although GOAT offered a “Buyer Protection Policy,” it did not establish a customer service program that effectively identified requests for the return of products. Therefore, consumers had to (repeatedly) complain to get relief and often only received store credit that did not include shipping costs. In addition to the payment of consumer refunds, GOAT will be prohibited from: the illegal practices detailed in the complaint, denying refund requests or credit for specially protected products, and misrepresenting material aspects of its return policies and practices. The Commission vote authorizing the stipulated final order was 5-0, with Commissioner Melissa Holyoak and Commissioner Andrew Ferguson issuing separate concurring statements.

Tuesday, December 3, 2024

Bureau of Consumer Protection: Technology; Advertising and Marketing; Privacy and Security; Artificial Intelligence

  • Under a proposed consent order settling the FTC’s allegations, IntelliVision, a seller of facial recognition software used in home security systems and smart home touch panels, will be prohibited from making misrepresentations about the accuracy of its AI-powered technology or its ability to perform free from racial or gender bias. In the FTC’s complaint,the agency alleges that IntelliVision did not have evidence to support its claims that its software has one of the highest accuracy rates on the market and performs with zero gender or racial bias. The complaint further alleges that IntelliVision did not train its facial recognition software on millions of faces, as it claimed, and instead trained its technology on images of approximately 100,000 unique individuals, and then used technology to create variants of those same images. The Commission voted 5-0 to accept the consent agreement with the company; Commissioner Andrew Ferguson issued a concurring statement.

Bureau of Consumer Protection: Technology; Privacy and Security; Data Security

  • Under the FTC’s proposed settlement order, Mobilewalla, a data broker, will be prohibited from selling sensitive location data, including data that reveals the identity of an individual’s private home, as well as collecting consumer data from online advertising auctions for purposes other than participating in those auctions. The FTC’s complaint alleged that Mobilewalla collected sensitive location data from real-time bidding exchanges and third-party aggregators without consumers’ knowledge, and then sold that data without taking reasonable steps to verify consumers’ consent. FTC Chair Lina Khan noted that “The FTC is cracking down on firms that unlawfully exploit people’s sensitive location data and ensuring that we protect Americans from unchecked surveillance.” According to Samuel Levine, Director of the FTC’s Bureau of Consumer Protection, “Mobilewalla collected massive amounts of sensitive consumer data – including visits to health clinics and places of worship – and sold this data in a way that exposed consumers to harm.” The proposed settlement order prohibits the retention of data from auctions, and requires Mobilewalla to create a sensitive location data program, implement a method for data deletion after a consumer request, establish a comprehensive privacy program, set up a supplier assessment program, and provide a method for consumers to withdraw consent for the use of their data. The Commission voted 4-1 to accept the proposed consent agreement, with Commissioner Melissa Holyoak issuing a dissenting statement and Commissioner Andrew Ferguson issuing a concurring and dissenting statement.

Bureau of Consumer Protection: Technology; Privacy and Security; Data Security

  • Under a proposed order settling the FTC’s allegations, Gravy Analytics and its subsidiary Venntel, a location intelligence company, will be prohibited from selling, disclosing, or using sensitive location data in any product or service, and must establish a sensitive data location program. The FTC’s complaintalleges that Gravy Analytics and Venntel violated the FTC Act by unfairly selling sensitive consumer location data and by collecting and using consumers’ location data without verifying user consent for commercial and government uses. According to the complaint, Gravy Analytics continued to use consumers’ location data after learning that consumers did not provide informed consent. The complaint also alleged that Gravy Analytics unfairly sold sensitive data, including health and medical decisions, political activities, and religious viewpoints, derived from consumers’ location data. The FTC further alleged that Gravy Analytics and Venntel obtained consumer location information from other data suppliers and claimed to collect, process, and curate more than 17 billion signals from around a billion mobile devices daily, which was not anonymized. The proposed settlement requirements include prohibiting the companies from selling, licensing, transferring, sharing, disclosing, or using sensitive location data except in limited circumstances involving national security or law enforcement; requiring the companies to maintain a sensitive location data program; requiring the companies to delete all historic location data; requiring that the companies inform customers that their data should be deleted, de-identified, or rendered non-sensitive; and requiring the companies to maintain a supplier assessment program. The Commission voted5-0 to issue the administrative complaint and to accept the consent agreement with the companies.

Wednesday, December 4, 2024

Bureau of Consumer Protection: Online Advertising and Marketing; Retail; COVID-19

  • In 2020, the FTC filed a complaint against SuperGoodDeals.com and its owner, Kevin Lipsitz, alleging that the company violated the Mail Order Rule and defrauded consumers by falsely promising “next day” shipping on facemasks and other personal protective equipment (PPE) to consumers at the height of the COVID-19 pandemic. SuperGoodDeals’ website claimed PPE was “in stock,” and touted “Pay Today, Ships Tomorrow,” but in numerous instances Lipsitz and SuperGoodDeals did not have masks in stock and took weeks to ship the PPE merchandise customers ordered. As a result of the stipulated order, the FTC is now sending more than $114,000 to 4,583 consumers who were deceived by “next day shipping” claims on PPE during the pandemic.

Bureau of Competition: No-Hire Agreement

  • The FTC ordered Guardian Service Industries, Inc., a building services contractor, to stop enforcing a no-hire agreement that prohibits building owners and managers from hiring Guardian’s employees. The complaint alleged that Guardian included no-hire agreements in its customer service agreements with residential building owners, which prohibited building owners and competing building service contractors from hiring Guardian’s employees even after the termination of a building’s contract with Guardian. The FTC further alleged that in some circumstances, employees were forced to leave their jobs if the building where they worked changed management. Under the FTC’s proposed consent order, Guardian must cease and desist from, directly or indirectly, enforcing a no-hire agreement or communicating to any prospective or current customer that a Guardian employee is subject to a no-hire agreement. The consent order also requires that Guardian: provide notice to customers and Guardian employees that the no-hire agreement is no longer in effect (including providing each a copy of the FTC’s order and posting notice in any shared space), take all steps necessary to void and nullify all existing no-hire agreements, and not require any party to an existing agreement to pay a fee or penalty. The Commission vote to issue the complaint and accept the proposed consent agreement for public comment was 3-2, with Commissioners Holyoak and Ferguson each issuing dissenting statements. 

Thursday, December 5, 2024

Bureau of Consumer Protection: Technology; Privacy and Security; Data Security

  • In 2021, the FTC announced a complaint that home security company Vivint Smart Homes, Inc. obtained financing for unqualified customers by using the credit history of an unrelated third party with the same or similar name, or adding cosigners without their permission. If customers who qualified later defaulted on their loans, Vivint referred the unrelated third party or the cosigner to debt collectors, potentially harming that consumer’s credit. Under the terms of the settlement, Vivint was required to pay a $15 million civil penalty as well as compensation to injured consumers. Now, the FTC is sending payments totaling nearly $500,000 to 470 consumers who were harmed and filed a valid claim, and will distribute additional funds at a later date.