The Ad Industry Wants a Delay to CCPA Enforcement As It Considers CCPA Cookie Compliance Frameworks and Ongoing Rulemaking

A letter penned by the top ad industry trade associations (the American Association of Advertising Agencies, the Interactive Advertising Bureau (IAB), the Association of National Advertisers, the American Advertising Federation and the Network Advertising Initiative) was sent on Jan. 29 to California Attorney General (AG) Xavier Becerra requesting a delay in enforcement of the California Consumer Privacy Act (CCPA) until at least six months from the final promulgation of the regulations called for by that new law, which became effective on Jan. 1. A first draft of the regulations was published on Oct. 10, 2019, the period for public comments on that first set of proposed regulations closed on Dec. 6 and the AG has yet to respond with revised rules. The legislature amended the CCPA back in 2018 to delay the AG’s enforcement until the earlier of six months from the finalization of the regulations or July 1, 2020. Given the state of the rulemaking, it is clear that July 1 will be the commencement of enforcement under the terms of the current statute, unless that date is pushed back. However, the problem, the letter points out, is that with no second set of regulations available, and accounting for the further comment, review and revision process that will follow them, it now appears likely “that the draft rules will not be finalized before, or only a short period prior, to the law’s July 1, 2020, enforcement date.”

The associations requested the further delay to allow companies more time to figure out how to implement the CCPA requirements given the “extraordinary complexity” of the law and the “wide range of open issues” in need of clarification. The letter goes on to explain that at least six months from the date final rules are available would be practically necessary to implement those rules. While the request is reasonable and would be sound policy for these reasons, it is unclear whether the enforcement date can be changed without legislative action, which is highly unlikely to occur. The CCPA gives the AG authority to “adopt regulations as necessary to further the purposes of this title,” and allowing sufficient time for businesses to design and implement compliance solutions that reflect the final regulations would seem to be in the spirt of that. In addition, the AG could exercise prosecutorial discretion to simply fail to take action on certain aspects of the law and regulations for a given period after the enforcement commencement date, to enable businesses reasonable time to implement the final regulations and any guidance that may accompany them. The AG’s office has stated that it received the trade associations’ letter, but that it will not be responding to anything outside the formal rulemaking process, so we will have to wait for the next version of the regulations to see if the AG adopts the associations’ reasoning. In any event, the AG has already stated that he does not believe the delay in enforcement is a safe harbor for noncompliance. Accordingly, businesses should be working expeditiously to implement their CCPA obligations based on the statute and the proposed regulations to the greatest extent practical. Continue Reading

Facebook vs. the FTC: It’s Not Over Till It’s Over

Federal Trade Commission Doorway SignYogi Berra did indeed once famously say, “It’s not over till it’s over.” (Actually, he said, “It ain’t,” but that would not have survived the proofreader’s scrutiny). Facebook must be thinking that too when it comes to its settlement with the FTC. Just to recap briefly:

On July 24, 2019, the Department of Justice (DOJ), on behalf of the FTC, filed a proposed settlement of the Commission’s long-running investigation into whether Facebook violated the terms of a previous consent order. The proposed settlement imposed several new restrictions on Facebook’s operations with respect to consumer privacy, including creating an independent board-level privacy committee and independent privacy compliance officers. In addition, the settlement proposed an eye-popping $5 billion civil penalty. However, the Commission vote to approve the filing of the proposed settlement was 3-2, with Commissioners Chopra and Slaughter both dissenting because they felt the proposed settlement was not tough enough.

The two democratic commissioners argued that while $5 billion is certainly a lot of money to me and you, it is a mere pittance to the likes of Facebook. In addition, they believed that the new compliance requirements were not sweeping enough and that the Commission should have given serious consideration to holding Facebook’s officers personally liable for the company’s alleged violation of its prior consent order. Continue Reading

FTC Takes a Peek at Loot Box Regulation

How many times have you felt the thrill of buying a lottery ticket? What about the excitement before opening a sealed pack of baseball cards or the curiosity before diving for a mystery prize in a cereal box? Now imagine digitalized versions of all these items – in your favorite video game – and they’re up for grabs, at least, for a price. Whether it is real money, game time, or in-game currency, you’re asked to pay for these digital mystery boxes, otherwise known as “loot boxes.” For most of these loot boxes, what you get is a surprise. For others, you can guess what you might get. But is this gambling?

Recently, the Federal Trade Commission (FTC), a regulator with the power to investigate and enforce against unfair and deceptive business practices, held a live workshop on loot boxes, their implications, and possible legal issues and regulatory solutions. The workshop featured panels of industry leaders, academics, researchers, and members of consumer groups.

Among the concerns about loot boxes are that they constitute or incite gambling or video game addiction; deceive consumers, as the odds or rarity of obtaining specific items may not be properly disclosed; warp children’s perceptions of the value of digital items; and serve as a vehicle to exploit the personal information of gamers. Continue Reading

CCPA Regs: “This is the meat on the bones….”

For our readers who are following and interested in CCPA developments (and what advertiser is not!?), please see today’s post in the Data Privacy Monitor summarizing the hot off the presses proposed implementation regulations.  The draft regs, announced via press conference today,  provide more detail on key topics of concern including what notices are required to be given to consumers and how notice is delivered; how to handle consumer rights requests; and requirements for verification of consumers making requests.  If you are one of the blissful minority not mired in CCPA compliance, the blog is still worth a look for its Star Trek trivia alone.

Read the full blog post >>

FTC on Influencers and Consumer Reviews from the NAD Conference

Earlier this week at the National Advertising Division (NAD) annual advertising law conference, Mamie Kresses, a senior attorney in the Bureau of Consumer Protection, Advertising Practices division at the Federal Trade Commission (FTC), offered her views on influencers and consumer reviews, two topics near and dear to our hearts. We wanted to share some key takeaways:

Use of Virtual and Nonhuman Influencers

Have you heard of Lil Miquela? She’s an Instagram model who has amassed a following to the tune of 1.6 million people and has collaborated with brands such as Burberry and Gucci. She’s even released her own music and music videos. But here’s the catch – Lil Miquela is a digital avatar, a CGI influencer that started out as a digital art project. Because she looks incredibly realistic, she presents unique issues with respect to advertising law.

What standards should apply to posts by virtual influencers like Lil Miquela (as well as nonhuman, but living, influencers, such as some of Instagram’s most popular cats and dogs)? Ms. Kresses suggested the standards really don’t change in this context, emphasizing that it is paramount to make it clear that what followers are seeing is an advertisement by using adequate disclosures. The group also recognized the inherent tension between virtual influencers making an endorsement and the standard underpinning endorsements – that they reflect the endorser’s truthful experience with the product. In other words, how can a virtual influencer actually endorse anything without being able to use the product? Ms. Kresses stressed that in this scenario, it is important to make clear not only that the post is an ad, but also that the influencer is virtual. This, she said, helps followers understand that the “authentic” post is not quite so. When asked if virtual influencer posts are inherently deceptive, Ms. Kresses stated that the FTC hasn’t taken a position yet, but the underlying principles of advertising law certainly still apply. Continue Reading

Are Made in USA Chickens Worthless? These and Other Deep Questions from the FTC’s Made in USA Workshop

Today the Federal Trade Commission (FTC) hosted a half-day workshop looking at Made in USA claims and the FTC’s guidance and enforcement. For those who want to watch “all or substantially all” of the event, the videos and materials can be accessed here. Some highlights and suggested next steps are below. By way of general background, the FTC has a Made in USA Enforcement Policy and related Business Guidance regarding its belief as to what claims run afoul of Section 5. The standard in a nutshell is that products advertised as Made in USA (or what the FTC has said are the equivalent claims Manufactured in USA, Produced in the USA, Built in the USA, and/or waving flags and eagles) is that the product must be “all or virtually all” of domestic origin, meaning that looking at the cost of goods sold, all but de minimis costs can be from foreign sources, including manufacturing costs and component parts. Many companies with U.S. manufacturing facilities make Made in USA claims, not appreciating that the FTC expects them to analyze their input costs as well and not focus only on where the product is “made” or “substantially transformed.” Because of this, the FTC has undertaken a fairly novel approach to enforcement. It engages in business and consumer education and brings several enforcement actions a year in egregious cases; but it also engages in significant less formal enforcement efforts, sending companies warning letters and giving them an opportunity to come into compliance short of a formal investigation and consent order process. The FTC documents these efforts on its Closing Letters page.

Andrew Smith kicked off the event. Jim Kohm, director of the Enforcement Division, introduced Hampton Newsome, Julia Ensor and Laura Koss (his staff moderating the panel) with self-deprecating humor, noting that when you hire people smarter than you are, your job gets to be highlighting where the bathrooms are – and proceeding to give such directions. Newsome, Ensor and Koss are longtime enforcement staff attorneys, with Ensor currently having day-to-day responsibility for managing the Made in USA enforcement program. The panelists consisted of manufacturing companies, retailers, trade associations and consumer advocates. Continue Reading

Lead Generation Leads to FTC Settlement

There is nothing particularly new about the idea of lead generation in marketing. Companies have from the very beginning paid their own employees or paid others to help find prospects for their goods and services. However, in today’s digital world and with the myriad different ways in which consumer information is gathered, the use of third parties for lead generation has proliferated. Not surprisingly, so has the abuse of lead generation efforts.

The Federal Trade Commission (FTC) has brought several complaints against lead generators that have used, shall we say, less than forthright promises and claims in an effort to bolster the number of leads they generate. In turn, the FTC has cautioned companies that the use of lead generators is no different than the use of other third parties such as ad agencies or influencers to assist with marketing, and that advertisers bear some responsibility for the oversight of such entities as well as discipline if and when those entities engage in unlawful practices.

This week the FTC made that point more clearly as it brought what we believe is the first case against a company that allegedly failed to exercise adequate oversight of the third-party lead generators it contracted with. The FTC entered into a consent order, including payment of $30 million in consumer redress, with Career Education Corp., an operator of postsecondary and vocational schools. The FTC alleged that several of the lead generators used by the company misled consumers into thinking (1) that the schools were affiliated with or recommended by the military or (2) that consumers were providing their contact information for jobs or benefits assistance, as well as misleading consumers about the extent to which their personal information would be shared and calling individuals on the Do Not Call Registry. Further, at least three of the lead generators accused of engaging in such practices had previously been the subject of FTC enforcement actions, never a good sign when considering a vendor.

Perhaps of greatest interest, the FTC’s consent order provides a bit of a road map in terms of oversight of third party lead generators. The order requires the company to (1) review all materials used to generate leads, including any hyperlinks contained in such materials; (2) refuse payment to any lead generator for any leads resulting from misleading information; and (3) promptly investigate any complaints or other information suggesting that a lead generator is engaging in misrepresentations and refuse payment if the investigation finds that misrepresentations have occurred. So once again the FTC has reaffirmed its position that turning a blind eye to what third parties may be doing on your behalf is typically not the best compliance strategy.

California’s Law Regulating Online Bots, Effective July 1, 2019

California’s new “bot” law, Cal. Bus. & Prof. Code § 17940, et seq. (SB 1001) takes effect on July 1, 2019.  This means that any company or individual that uses bots online for solicitations of commercial transactions or to influence a vote in an election should ensure appropriate “clear, conspicuous, and reasonably designated” disclosures are made to inform persons with whom a bot communicates or interacts with that it is a bot and not a human. SB 1001 is not a ban of all bots, rather, it simply aims to foster transparency for California online users.

For more details see our blog post from October here.

FTC Nursery Guides Go Bye-Bye but Not Without a Fight

We have practiced in the consumer protection space collectively for more than 50 years and have not once had occasion to consult the Federal Trade Commission’s (FTC or Commission) Nursery Guides. Perhaps then it is no surprise that the FTC has decided that after 40 years it was time to say goodbye to the guides. Lest there be any confusion, “nursery” in this case refers to plants, not babies. The guides prohibited various misrepresentations about plants, including their age, hardiness, years to maturity, etc. In addition, the guides prohibited the use of names that misrepresent a plant’s true identity; the substitution of plants without notice; misrepresentations relating to size and grade or blooming or fruiting ability; failure to disclose whether plants were collected from the wild or misrepresenting the origin of a plant or bulb. (Now, you’re probably starting to realize why we’ve not counseled on this.) Unlike many of the more recent Commission guides, such as the Green Guides, the Nursery Guides typically do not provide examples of what a term or claim (e.g., “eco-friendly”) might imply. Continue Reading

Takeaways from FDA Hearing on CBD

On May 31, the Food and Drug Administration (FDA) held a hearing at its headquarters in Silver Spring, Maryland, to hear from the public about cannabidiol (CBD). The popularity of CBD was reflected in participation at the meeting, which took place in a jam-packed conference room and involved 120 speakers, selected from more than 400 applicants. CBD is a cannabinoid found in the cannabis plant and now also found in coffee shops, pharmacies and, of course, online. It’s sold in oils, pills, gummies, lollipops, coffee, shampoo, pain cream and dog treats, to name just a few items. Companies claim that these products treat a wide range of ailments, including stress, sleeplessness and pain. But despite its seeming ubiquity, CBD’s legal status is a work in progress. By way of background, CBD was prohibited by federal law until the 2018 Farm Bill removed hemp from the definition of marijuana. That action created a veritable gold rush as companies raced into the sector. But some states still prohibit the substance, and the FDA prohibits unsubstantiated claims related to CBD, as it does for anything else within its regulatory ambit. Additionally, because CBD was approved for use in a drug before being used in conventional foods or supplements, the FDA prohibits its use in those products without additional rulemaking. The hearing was an opportunity for the FDA to hear about these issues and more.  Continue Reading