Facebook vs. the FTC: It’s Not Over Till It’s Over

Federal Trade Commission Doorway SignYogi Berra did indeed once famously say, “It’s not over till it’s over.” (Actually, he said, “It ain’t,” but that would not have survived the proofreader’s scrutiny). Facebook must be thinking that too when it comes to its settlement with the FTC. Just to recap briefly:

On July 24, 2019, the Department of Justice (DOJ), on behalf of the FTC, filed a proposed settlement of the Commission’s long-running investigation into whether Facebook violated the terms of a previous consent order. The proposed settlement imposed several new restrictions on Facebook’s operations with respect to consumer privacy, including creating an independent board-level privacy committee and independent privacy compliance officers. In addition, the settlement proposed an eye-popping $5 billion civil penalty. However, the Commission vote to approve the filing of the proposed settlement was 3-2, with Commissioners Chopra and Slaughter both dissenting because they felt the proposed settlement was not tough enough.

The two democratic commissioners argued that while $5 billion is certainly a lot of money to me and you, it is a mere pittance to the likes of Facebook. In addition, they believed that the new compliance requirements were not sweeping enough and that the Commission should have given serious consideration to holding Facebook’s officers personally liable for the company’s alleged violation of its prior consent order. Continue Reading

FTC Takes a Peek at Loot Box Regulation

How many times have you felt the thrill of buying a lottery ticket? What about the excitement before opening a sealed pack of baseball cards or the curiosity before diving for a mystery prize in a cereal box? Now imagine digitalized versions of all these items – in your favorite video game – and they’re up for grabs, at least, for a price. Whether it is real money, game time, or in-game currency, you’re asked to pay for these digital mystery boxes, otherwise known as “loot boxes.” For most of these loot boxes, what you get is a surprise. For others, you can guess what you might get. But is this gambling?

Recently, the Federal Trade Commission (FTC), a regulator with the power to investigate and enforce against unfair and deceptive business practices, held a live workshop on loot boxes, their implications, and possible legal issues and regulatory solutions. The workshop featured panels of industry leaders, academics, researchers, and members of consumer groups.

Among the concerns about loot boxes are that they constitute or incite gambling or video game addiction; deceive consumers, as the odds or rarity of obtaining specific items may not be properly disclosed; warp children’s perceptions of the value of digital items; and serve as a vehicle to exploit the personal information of gamers. Continue Reading

CCPA Regs: “This is the meat on the bones….”

For our readers who are following and interested in CCPA developments (and what advertiser is not!?), please see today’s post in the Data Privacy Monitor summarizing the hot off the presses proposed implementation regulations.  The draft regs, announced via press conference today,  provide more detail on key topics of concern including what notices are required to be given to consumers and how notice is delivered; how to handle consumer rights requests; and requirements for verification of consumers making requests.  If you are one of the blissful minority not mired in CCPA compliance, the blog is still worth a look for its Star Trek trivia alone.

Read the full blog post >>

FTC on Influencers and Consumer Reviews from the NAD Conference

Earlier this week at the National Advertising Division (NAD) annual advertising law conference, Mamie Kresses, a senior attorney in the Bureau of Consumer Protection, Advertising Practices division at the Federal Trade Commission (FTC), offered her views on influencers and consumer reviews, two topics near and dear to our hearts. We wanted to share some key takeaways:

Use of Virtual and Nonhuman Influencers

Have you heard of Lil Miquela? She’s an Instagram model who has amassed a following to the tune of 1.6 million people and has collaborated with brands such as Burberry and Gucci. She’s even released her own music and music videos. But here’s the catch – Lil Miquela is a digital avatar, a CGI influencer that started out as a digital art project. Because she looks incredibly realistic, she presents unique issues with respect to advertising law.

What standards should apply to posts by virtual influencers like Lil Miquela (as well as nonhuman, but living, influencers, such as some of Instagram’s most popular cats and dogs)? Ms. Kresses suggested the standards really don’t change in this context, emphasizing that it is paramount to make it clear that what followers are seeing is an advertisement by using adequate disclosures. The group also recognized the inherent tension between virtual influencers making an endorsement and the standard underpinning endorsements – that they reflect the endorser’s truthful experience with the product. In other words, how can a virtual influencer actually endorse anything without being able to use the product? Ms. Kresses stressed that in this scenario, it is important to make clear not only that the post is an ad, but also that the influencer is virtual. This, she said, helps followers understand that the “authentic” post is not quite so. When asked if virtual influencer posts are inherently deceptive, Ms. Kresses stated that the FTC hasn’t taken a position yet, but the underlying principles of advertising law certainly still apply. Continue Reading

Are Made in USA Chickens Worthless? These and Other Deep Questions from the FTC’s Made in USA Workshop

Today the Federal Trade Commission (FTC) hosted a half-day workshop looking at Made in USA claims and the FTC’s guidance and enforcement. For those who want to watch “all or substantially all” of the event, the videos and materials can be accessed here. Some highlights and suggested next steps are below. By way of general background, the FTC has a Made in USA Enforcement Policy and related Business Guidance regarding its belief as to what claims run afoul of Section 5. The standard in a nutshell is that products advertised as Made in USA (or what the FTC has said are the equivalent claims Manufactured in USA, Produced in the USA, Built in the USA, and/or waving flags and eagles) is that the product must be “all or virtually all” of domestic origin, meaning that looking at the cost of goods sold, all but de minimis costs can be from foreign sources, including manufacturing costs and component parts. Many companies with U.S. manufacturing facilities make Made in USA claims, not appreciating that the FTC expects them to analyze their input costs as well and not focus only on where the product is “made” or “substantially transformed.” Because of this, the FTC has undertaken a fairly novel approach to enforcement. It engages in business and consumer education and brings several enforcement actions a year in egregious cases; but it also engages in significant less formal enforcement efforts, sending companies warning letters and giving them an opportunity to come into compliance short of a formal investigation and consent order process. The FTC documents these efforts on its Closing Letters page.

Andrew Smith kicked off the event. Jim Kohm, director of the Enforcement Division, introduced Hampton Newsome, Julia Ensor and Laura Koss (his staff moderating the panel) with self-deprecating humor, noting that when you hire people smarter than you are, your job gets to be highlighting where the bathrooms are – and proceeding to give such directions. Newsome, Ensor and Koss are longtime enforcement staff attorneys, with Ensor currently having day-to-day responsibility for managing the Made in USA enforcement program. The panelists consisted of manufacturing companies, retailers, trade associations and consumer advocates. Continue Reading

Lead Generation Leads to FTC Settlement

There is nothing particularly new about the idea of lead generation in marketing. Companies have from the very beginning paid their own employees or paid others to help find prospects for their goods and services. However, in today’s digital world and with the myriad different ways in which consumer information is gathered, the use of third parties for lead generation has proliferated. Not surprisingly, so has the abuse of lead generation efforts.

The Federal Trade Commission (FTC) has brought several complaints against lead generators that have used, shall we say, less than forthright promises and claims in an effort to bolster the number of leads they generate. In turn, the FTC has cautioned companies that the use of lead generators is no different than the use of other third parties such as ad agencies or influencers to assist with marketing, and that advertisers bear some responsibility for the oversight of such entities as well as discipline if and when those entities engage in unlawful practices.

This week the FTC made that point more clearly as it brought what we believe is the first case against a company that allegedly failed to exercise adequate oversight of the third-party lead generators it contracted with. The FTC entered into a consent order, including payment of $30 million in consumer redress, with Career Education Corp., an operator of postsecondary and vocational schools. The FTC alleged that several of the lead generators used by the company misled consumers into thinking (1) that the schools were affiliated with or recommended by the military or (2) that consumers were providing their contact information for jobs or benefits assistance, as well as misleading consumers about the extent to which their personal information would be shared and calling individuals on the Do Not Call Registry. Further, at least three of the lead generators accused of engaging in such practices had previously been the subject of FTC enforcement actions, never a good sign when considering a vendor.

Perhaps of greatest interest, the FTC’s consent order provides a bit of a road map in terms of oversight of third party lead generators. The order requires the company to (1) review all materials used to generate leads, including any hyperlinks contained in such materials; (2) refuse payment to any lead generator for any leads resulting from misleading information; and (3) promptly investigate any complaints or other information suggesting that a lead generator is engaging in misrepresentations and refuse payment if the investigation finds that misrepresentations have occurred. So once again the FTC has reaffirmed its position that turning a blind eye to what third parties may be doing on your behalf is typically not the best compliance strategy.

California’s Law Regulating Online Bots, Effective July 1, 2019

California’s new “bot” law, Cal. Bus. & Prof. Code § 17940, et seq. (SB 1001) takes effect on July 1, 2019.  This means that any company or individual that uses bots online for solicitations of commercial transactions or to influence a vote in an election should ensure appropriate “clear, conspicuous, and reasonably designated” disclosures are made to inform persons with whom a bot communicates or interacts with that it is a bot and not a human. SB 1001 is not a ban of all bots, rather, it simply aims to foster transparency for California online users.

For more details see our blog post from October here.

FTC Nursery Guides Go Bye-Bye but Not Without a Fight

We have practiced in the consumer protection space collectively for more than 50 years and have not once had occasion to consult the Federal Trade Commission’s (FTC or Commission) Nursery Guides. Perhaps then it is no surprise that the FTC has decided that after 40 years it was time to say goodbye to the guides. Lest there be any confusion, “nursery” in this case refers to plants, not babies. The guides prohibited various misrepresentations about plants, including their age, hardiness, years to maturity, etc. In addition, the guides prohibited the use of names that misrepresent a plant’s true identity; the substitution of plants without notice; misrepresentations relating to size and grade or blooming or fruiting ability; failure to disclose whether plants were collected from the wild or misrepresenting the origin of a plant or bulb. (Now, you’re probably starting to realize why we’ve not counseled on this.) Unlike many of the more recent Commission guides, such as the Green Guides, the Nursery Guides typically do not provide examples of what a term or claim (e.g., “eco-friendly”) might imply. Continue Reading

Takeaways from FDA Hearing on CBD

On May 31, the Food and Drug Administration (FDA) held a hearing at its headquarters in Silver Spring, Maryland, to hear from the public about cannabidiol (CBD). The popularity of CBD was reflected in participation at the meeting, which took place in a jam-packed conference room and involved 120 speakers, selected from more than 400 applicants. CBD is a cannabinoid found in the cannabis plant and now also found in coffee shops, pharmacies and, of course, online. It’s sold in oils, pills, gummies, lollipops, coffee, shampoo, pain cream and dog treats, to name just a few items. Companies claim that these products treat a wide range of ailments, including stress, sleeplessness and pain. But despite its seeming ubiquity, CBD’s legal status is a work in progress. By way of background, CBD was prohibited by federal law until the 2018 Farm Bill removed hemp from the definition of marijuana. That action created a veritable gold rush as companies raced into the sector. But some states still prohibit the substance, and the FDA prohibits unsubstantiated claims related to CBD, as it does for anything else within its regulatory ambit. Additionally, because CBD was approved for use in a drug before being used in conventional foods or supplements, the FDA prohibits its use in those products without additional rulemaking. The hearing was an opportunity for the FDA to hear about these issues and more.  Continue Reading

Ad and Publishing Industries Confront CCPA Challenges While Congress Considers Privacy

The junior Senator from Missouri, Joshua Hawley (R), has introduced s 1578, which would require the Federal Trade Commission (FTC) to create and make available a “do not track” (DNT) signal that consumers can associate with their devices and require that online services look for the signal and, when indicated, not collect, use or share data beyond what is necessary to operate the service, and specifically not for Interest-based Advertising (IBA), and, further, require  third-party operators, including advertisers and adtech companies, not collect any data other than for the purpose of analyzing how or whether the user engaged with the operator’s program, and then only in a de-identified manner and without creating or contributing to a user profile.  The proposed law would prohibit publishers from denying service to users that enable a DNT signal or provide them with a different level of service.  That would ban charging a subscription fee for IBA-free access to make up for lost ad revenue (IBA commands higher prices than contextual or run of site ads), something that the California Consumer Privacy Protection Act (CCPA) does not prohibit.  The FTC, and state AGs, would be able to enforce the law and it gives the FTC authority to seek civil penalties of $50 per affected user for negligent violations and $1000 per user, and a minimum fine of $100,000, for reckless or willful violations.  There is no private right of action proposed and the bill does not preempt CCPA or other state law.  This may be an attempt to influence the federal privacy legislation being drafted by Congressional leadership in both chambers.  A coalition of advertising industry associations (https://www.privacyforamerica.com/about/) is working with the applicable committees in the House and Senate  to develop a paradigm that is based on preventing harm and prohibiting certain data practices that are overly intrusive or have a potential to cause harm to consumers, and would specifically not limit transfers of data for advertising purposes, including tracking and targeting, so long as sensitive data is not used and the use does not include making determinations on eligibility (e.g., credit, housing, employment). Regardless of what may come out of the nation’s capital, the more immediate issue for advertisers and publishers is preparing to implement to do not sell right under the CCPA, effective January 1, 2020, and being able to provide the required notices and honor the access, copy and deletion of information rights.  We have previously published more detailed information on what is required under that law available on our U.S. Consumer Privacy Resource Center.  And, as we have reported, other states are considering CCPA-like legislation.  NV, IL and NJ seem the most likely to pass CCPA-inspired legislation this year.  The proposals in WA and TX died.  Still under consideration are bills in AZ, HI, MD, MA (has a private right of action), MS, NM, NY, ND, OR, RI, and VA.  We will continue to update you on legislative challenges to digital advertising.

Read more on BakerHostetler’s Data Privacy Monitor >>