Federal Trade Commission (FTC)

Join Us For A Complimentary Webinar – Thursday, October 25, 2018 – 12:00 – 1:00 PM ET

Two years into the Trump Administration and:

  • The Consumer Product Safety Commission finally has a Republican majority,
  • the Department of Transportation has released its 3.0 guidance on autonomous vehicles,
  • NIST has published a 375 page recommendation on medical device security,
  • the FTC is holding a series of hearings on the transformative nature of the digital transformation on markets.
@GettyImages

What does all this activity in the United States mean for companies following the rapidly evolving regulations globally related to the safety and security of products?

This PLAC webinar will describe the current landscape at the federal agencies setting policy for product safety and security. With all the recent talk of regulatory humility in the face of great technological change, we’ll discuss whether regulators practice what they preach and if recent actions encourage or stifle innovation. Our session will compare and contrast activities across the federal government relevant to consumer products broadly defined with a particular focus on product safety and security.

Presenters:

Cheryl Falvey, Partner, Crowell & Moring, Washington, DC
John Fuson, Partner, Crowell & Moring, Washington, DC
Peter Miller, Senior CounselCrowell & Moring, Washington, DC

Please click here to register for this webinar.

© iStock

The FTC’s Consumer Protection Division has long targeted advertisements for “work-at-home,” business and investment opportunities that exaggerate the earning potential and downplay risks. Recently, the FTC announced that it filed a complaint against four individuals doing business as “Bitcoin Funding Team” in the U.S. District Court for the Southern District of Florida for deceptively advertising a cryptocurrency scheme that promised consumers that they could turn a cryptocurrency payment of approximately $100 into $80,000 in monthly income. Specifically, the complaint alleges two counts: 1) that Defendants’ representations that the programs are structured to operate as bona fide money-making opportunities are false or misleading and violate Section 5(a) of the FTC Act, and 2) that Defendants’ representations that consumers who participate in the programs are likely to earn substantial income are also false or misleading, violating Section 5(a). On March 16th, the Commission secured a temporary restraining order against, and froze the assets of pending trial, the defendants it alleges who were operating and promoting cryptocurrency pyramid schemes.

Continue Reading FTC Targets Cryptocurrency Pyramid Schemes

© Getty Images

The National Advertising Division, referred Pharmavite, LLC to the Federal Trade Commission after the company refused to comply with NAD’s recommendations that it discontinue its claim that its NatureMade Omega 3 Xtra Blend dietary supplement has “Nearly 4X Better Absorption* *than standard fish oil concentrate.”

To substantiate its “Nearly 4X Better Absorption” claim, Pharmavite relied on a study that compared the absorption of 630 mg and 1680 mg doses of EPA/DHA omega 3 fatty acids manufactured with and without a self-microemulsifying drug delivery system (SMEDS). The study determined that the absorption of EPA/DHA manufactured with SMEDS was better than the absorption rate of standard fish oil (manufactured without SMEDS) for the two doses of EPA/DHA. The study concluded that there was a 6.2 differential for a 630 mg dose and a 9.6 differential for a 1680 mg dose.

Continue Reading Pharmavite, Maker of NatureMade Omega-3 Xtra Blend Dietary Supplement, Referred to FTC After Declining to Comply with NAD Recommendation to Discontinue Absorption Claim

© Getty Images

On January 8, 2018, the FTC announced settlement of its first connected toy case with VTech Electronics Ltd (“VTech”) for violating the Children’s Online Privacy Protection Act (COPPA) Rules by failing to properly collect and protect personal information about and from children and violating the FTC Act by misrepresenting its security practices. In addition to paying a $650,000 civil penalty, VTech agreed to comply with COPPA, implement and maintain a comprehensive information security program with regular third-party security audits for the next twenty years, and not misrepresent its privacy and data security practices.

The settlement comes more than two years after VTech learned that a hacker had gained remote access to databases for its interactive electronic learning products (ELPs), including for its Kid Connect chat application, in what was described at the time as the largest known hack targeting children. According to the FTC’s Complaint, the hacker accessed VTech’s databases “by exploiting commonly known and reasonably foreseeable vulnerabilities,” and VTech was unaware of the intrusion until it was informed by a reporter.

Continue Reading FTC Settles First Connected Toy Case With VTech After Massive Data Breach

Online dating company eHarmony will pay more than $2 million to settle a consumer protection lawsuit brought by four California counties and the city of Santa Monica. In total, the company will pay up to $1 million to California customers who enrolled in eHarmony’s automatic subscription program between March 10, 2012 and December 13, 2016 and an additional $1.28 million civil penalty to the California communities that brought the lawsuit.

Pursuant to the Settlement Order, eHarmony is required to make several improvements to its business practices, including:

  • Disclosing the terms of the automatic renewal offer in a clear and conspicuous manner before the subscription is fulfilled.
  • Only charging a consumer for an automatic renewal service once obtaining affirmative consent to the automatic renewal term offers. Specifically, consent must be “obtained by an express act by the consumer through a separate check-box, signature, or other substantially similar mechanism.” The automatic renewal terms must be conveyed in a clear and conspicuous disclosure immediately above the check box and the disclosure cannot include any other information.
  • Sending an acknowledgement with a clear and conspicuous disclosure of the automatic renewal terms. The subject line must identify the message as confirmation of the transaction.
  • Providing a toll free number or e-mail address or other easy cancelation mechanism. Additionally, eHarmony must provide written notice of cancellation by email. All cancelations must be effective within one business day.

The eHarmony settlement follows on the heels of several settlements with companies promoting subscription serves, including the FTC’s settlement with AdoreMe last month as well as recent updates to the California Automatic Renewal Law and ongoing enforcement in that state. Advertisers offering subscriptions that automatically renew should review their advertising and cancelation procedures. Not only should offer terms be clearly and conspicuously communicated to consumers before they are charged, the terms of recent settlements suggest that advertisers should require consumers click a separate check box to obtain express consent and offer an easy, online cancelation mechanism.

For additional recommendations, please see our prior blog post on auto-renewals.

UPDATE

Crowell & Moring received a statement on the settlement from eHarmony:

“Since eharmony’s inception, we have endeavored to give appropriate contract notices and disclosures to our subscribers. We remain as committed today as we were 17 years ago to providing a high-quality user experience. Without any admission, we have cooperated with the government, which has previously launched similar investigations against a long list of eCommerce companies, and have chosen to settle to avoid the distraction and expense of protracted litigation. In collaboration with the government, eHarmony has implemented a new industry standard when disclosing terms in order to make the user experience even better. With the settlement now behind us, we look forward to continuing the important work of helping singles find enduring love.” – Ronald N. Sarian, Vice President & General Counsel, eharmony

 

© Thinkstock

Subscription services for everything from food delivery to beauty products to exercise gear have grown exponentially in the past five years. Such services require consumers to enroll in a program to purchase goods on a consistent basis. They typically automatically renew, often on a monthly basis, and require customers wishing to cancel to take affirmative steps to avoid being charged. Marketers know that consumers often fail to take steps to cancel timely, which only benefits the marketers’ bottom lines.

With the explosion of subscription business models, consumer complaints have skyrocketed as well, with consumers complaining that the terms of the negative option offer – an offer that interprets a consumer’s failure to take an affirmative action as an agreement to be charged – were not clearly explained. For example, consumers have complained that were not told they would be charged each month, were not adequately reminded of how to “skip” being charged each month, that prepaid credits expire without notice, and that it can be difficult to cancel. Thus, subscription businesses have faced increasing regulatory scrutiny and all advertisers that offer products or services that automatically renew should pay close attention.

AdoreMe Settlement

AdoreMe, a subscription lingerie service launched as a rival to Victoria’s Secret, recently agreed to pay $1.38 million to settle the Federal Trade Commission’s charges that the company did not clearly communicate to consumers the terms of its “VIP Membership” program which automatically billed consumers if they failed to “skip” a month within a 5-day window, falsely claimed that store credits could be used “any time,” and made it difficult for subscribers to cancel their memberships in violation of Section 5(a) of the FTC Act as well as the Restore Online Shoppers’ Confidence Act.

Continue Reading ROSCA Enforcement Ahead: FTC Settles with AdoreMe for $1.38 Million

© iStock

Earlier this month, the Northern District of California dismissed FTC’s unfairness claims against D-Link, a manufacturer of routers and IP cameras, while allowing most of FTC’s claims rooted in deception to survive, suggesting that traditional false advertising actions may be FTC’s most effective means of addressing suspect data security practices. Further, the Northern District of California’s decision to dismiss the unfairness claims shows this court’s unwillingness to entertain data security actions rooted in the FTC’s unfairness prong, without concrete harm.

Deception

FTC filed suit against D-Link in January of this year, alleging that the company engaged in both deceptive and unfair practices based on D-Link’s claimed flimsy data security practices. Specifically, the FTC alleged that D-Link engaged in deceptive practices by marketing sophisticated and state-of-the-art security provided with its products, while simultaneously failing to protect users from “widely known and reasonably foreseeable risks of unauthorized access.” For example, D-Link touted that its products featured “the latest wireless security features to help prevent unauthorized access” and offered the “best possible encryption.” But in practice, according to FTC’s pleadings, D-Link failed to take “easily preventable measures” against “hard-coded user credentials and other backdoors.” And, the Northern District held, these accusations were sufficient to plead a deception claim under the FTC Act. However, where the company did not specifically market its data security practices, its advertising was not deceptive – such as in a brochure where D-Link described the camera as a “surveillance camera” for the “home or small office.” Indeed, where D-Link did not refer to its digital security, the court would not imply messages about the state of that security.

Unfairness

Notably though, the Northern District dismissed FTC’s claims that, because D-Link failed to provide adequate data security, it engaged in unfair practices. Specifically, the court found that, because the FTC could not plead actual harm, it had not sufficiently pled a violation of the FTC Act. FTC was unable, the court noted, to show any “monetary loss or an actual incident where sensitive personal data was accessed or exposed.” It was not enough to plead that D-Link put customers at risk.

The Northern District did not, however, completely close the door on potential unfairness claims against D-Link. Choosing to dismiss the claims without prejudice, the Northern District noted that “[i]f the FTC had tied the unfairness claim to representations underlying the deception claims, it might have had a more colorable injury element.” Accordingly, where a company does not make affirmative representations about its data security practices, a court will likely be reluctant to find a violation of the FTC Act without concrete injury.

© Getty Images

The FTC is closely watching influencers to remind them to clearly disclose material connections to brands. In June 2017, the Commission settled with a trampoline manufacturer for relying on misleading endorsements and, in March, the Commission sent more than 90 letters to influencers and brands to remind them to clearly disclose relationships. The FTC has now made clear that it will target influencers who fail to comply with its Endorsement Guides. While the FTC had previously settled claims against various advertising networks, advertising agencies, and brands for failing to comply with the Endorsement Guides, the FTC has announced that it has settled its first ever enforcement action against social media influencers. In the same press release, the FTC simultaneously stated that it sent follow-up warning letters to 21 influencers that first received letters in March.

The message is clear: influencers that fail to disclose a material connection to brands do so at their own peril—and brands are responsible for implementing clear measures to make sure that the influencers they work with comply with disclosure requirements. Furthermore, the FTC has also made clear that many commonly used disclosure methods and practices are inadequate in its newly revised Endorsement Guides FAQs. Brands and the influencers they work with should take note of these recommendations and ensure that their disclosure practices comply.

Continue Reading FTC Announces First Enforcement Action Against Social Media Influencers and Updates FAQs Rejecting Common Disclosure Practices

© Getty Images

Fuzzy talking toys are no longer the annoying, yet benign Christmas gifts they used to be. Many of today’s toys, like refrigerators, cars, and televisions, are “smart,” and may come gift-wrapped with all of the emerging cybersecurity risks the internet has to offer. And as various government agencies grapple with the regulation and enforcement of smart products, the Federal Trade Commission (“FTC”) may be narrowing in on smart toy manufacturers as a potential target. The FBI and FTC issued separate alerts last week highlighting potential threats posed by cuddly friends that collect children’s voices and other identifying information and putting manufacturers on notice of potential enforcement actions for failure to comply with the Children’s Online Privacy Protection Act (“COPPA”), respectively.

Continue Reading FTC Focusing on Privacy Risks of Interconnected Toys

©iStock

Last December, authorities arrested Edgar Welch, a 28-year old man from Salisbury, North Carolina, who had entered Comet Ping Pong, a Washington, D.C. pizza parlor, armed with a shot gun. Mr. Welch reportedly came to Comet Ping Pong on a self-described mission to free child sex slaves that he believed might be imprisoned there at the bidding of Hillary Clinton and her campaign Chief of Staff, John Podesta. After Welch shot his gun into the ceiling, terrified employees fled the building. Then, after encountering swarms of local police, and having found no evidence of the vast conspiracy he had been led by social media to believe existed, he gave himself up peacefully to authorities.

As outlandish as the story may seem, Mr. Welch was not the only one duped by the story. For weeks, dozens of anonymous posters had fanned the flames and pursued the imaginary conspiracy theory on Reddit.com, a hugely popular social news aggregation site.

This fake conspiracy was likely fueled in part by armies of “bots,” which are fake social media accounts often purchased and organized centrally, and mobilized to push a particular opinion or agenda and sway public opinion. It is surprisingly easily to purchase bots online. For example, Russian websites, such as BuyAces, sell empty social media accounts to anyone willing to pay with digital currency. Once purchased, programmers can enable these accounts to disseminate information or respond to news stories en masse. It is widely reported that Special Prosecutor, Robert Mueller, is investigating whether the Russian government used such tactics to influence the last election.

What does this have to do with advertising, you might ask? Everything.

Continue Reading This Week in Digital Advertising: Fake News, Bots, and Implications for Digital Trust