Last month, as part of BakerHostetler’s “Look Back, Look Ahead: Advertising and Marketing Law in 2021 & 2022” webinar series, partners Craig A. Hoffman and Victoria Weatherford presented on recent trends and predictions on state attorney general enforcement. The following summarizes our 10 key takeaways from 2021.

Takeaway No. 1: Biden Transition Shifts Attorneys General Priorities

Since the beginning of the Biden administration, state attorneys general have made notable shifts in how they are executing their priorities. Unsurprisingly, these shifts largely follow political lines — Democrat-led state attorney general (AG) offices are no longer expending countless resources challenging Trump, while Republican-led AG offices have picked up the mantle of opposing the federal government.

For instance, during the Trump presidency, then-California Attorney General Xavier Becerra sued the federal government more than 110 times, spending tens of millions of dollars on litigation on a wide variety of issues spanning immigration, voting rights and climate change, among others. On the other hand, since President Biden assumed office, Texas has begun to direct more resources to sue the federal government. Recent litigation initiated by Texas and other Republican-led AG offices includes challenges to vaccine mandates and litigation over the failure to build a wall along the U.S.-Mexico border.

We expect this trend to continue throughout the Biden presidency.

Takeaway No. 2: States Fill the Enforcement Gap Created by the Supreme Court’s AMG Decision

In a unanimous decision last year, the United States Supreme Court held that Section 13(b) of the Federal Trade Commission (FTC) Act does not authorize the FTC to obtain equitable monetary relief such as restitution or disgorgement. AMG Capital Management v. Federal Trade Commission, 593 U.S. ___ (2021). While the FTC is currently attempting to work around its reduced civil penalty authority, the fact remains that the AMG decision has the effect of stripping the FTC of one of its most significant enforcement “sticks.”

The immediate result of the AMG decision is that state attorney general offices are filling the consumer enforcement void through civil litigation under individual state “mini FTC” and deceptive trade practices laws. While penalties vary by state, some states’ laws authorize civil penalties of up to $10,000 per violation.

So, while companies should not focus on the FTC to the exclusion of state attorney general offices, they also should not underestimate the FTC’s ability going forward to continue to influence consumer enforcement through its relationships with state attorney general offices.

Takeaway No. 3: COVID-19-Related Enforcement Continues

As we approach the two-year anniversary of the beginning of the pandemic, COVID-19-related investigations and enforcement actions continue to be a key priority in numerous state AG offices. This remains true in the wake of variants such as delta and omicron, which caused successive waves of canceled and rescheduled events and thwarted and postponed travel plans. As a result of investigations into the advertising and marketing of products and services, including tickets, flights and hotels, many companies have been forced to change their refund or credit policies and practices.

Similarly, the past year saw a continued stream of investigations related to allegedly misleading claims about products that purportedly prevent and test for COVID-19. Many state AG offices have gone beyond targeting the supposed scammers themselves. Instead, they have launched investigations into third-party sales and payment platforms for allegedly failing to prevent the sales of fake vaccination cards or halt other pandemic-related scams facilitated on their platforms.

Finally, state AG offices have acted to tackle the “supply chain crisis” — or, at least, are attempting to insulate consumers from its effects. As one example, in late 2021, several California district attorneys’ offices — each of which possesses statewide civil consumer enforcement authority concurrent with the California attorney general — sued a millennial clothing brand for delays in consumer product shipments that allegedly violated California’s mail order statute. Under California’s analog to the FTC Mail Order Rule, companies that cannot ship products ordered online within 30 days must, with certain exceptions, provide notice of the delay, provide a refund or provide a replacement product. Ultimately, the California enforcers reached a financial settlement with the clothing brand that includes injunctive terms governing future conduct.

Takeaway No. 4: Early Opioid Medication Litigation Rulings Favor Advertisers

Opioid medication-related litigation continues to demand a significant number of resources in state AG and local government offices around the country. Until these cases, of which there are thousands, are resolved, smaller government offices in particular will continue to devote a considerable number of internal resources to opioid medication litigation, at the expense of other priorities.

Many of the opioid medication-related cases include allegations that the defendants contributed to the opioid abuse epidemic through the false and misleading advertising of opioid medications, including on product boxes, labels and inserts as well as in marketing materials provided to physicians. Notably, these products and related printed materials are highly regulated and subject to federal agency review and approval. In 2021, a judge rejected several California counties’ challenges to opioid medication marketing materials. The judge held that the materials, when viewed in their entirety, did not misrepresent the risks or benefits of opioid medications. Other materials, such as internal documents used to train sales representatives, were held not to violate false advertising laws at all as there was no evidence those materials were ever shown to any physician or consumer.

Initial decisions out of state appellate courts have also rejected state AGs’ aggressive attempts to dramatically expand public nuisance theories of liability, including through allegedly false or misleading advertising and marketing to the public. As one example, in 2021, a state supreme court reversed a significant opioid medication-related judgment against a pharmaceutical manufacturer on the basis that the state’s law did not support the plaintiff’s expansive public nuisance theory of marketing harm.

Takeaway No. 5: Marketing to Minors

Several significant state AG marketing and advertising cases that involve minors have been related to e-cigarettes. In 2021, several state AGs settled existing lawsuits and at least two state AGs filed new lawsuits in this area. While the allegations often are focused on the impact of marketing on youth, many of these cases take issue with several hallmarks of modern marketing campaigns intended to target adults, including appealing graphics and visuals; product giveaways; and the use of social media, influencers, endorsers and product promoters. State AGs have also alleged that minors have improper access to these products due to insufficient age verification and other “gating” protections on websites and apps that facilitate product purchases.

In addition, in 2021, several state AGs announced that they have initiated investigations into allegedly improper marketing of social media networks to minors. We expect state AGs to continue to scrutinize the effects of advertising and media, including social media, on minors.

Takeaway No. 6: Marketing to Students

In 2021, there were numerous settlements and newly filed actions against for-profit universities alleging false and misleading advertising to potential students. The challenged sales tactics include allegedly “high pressure” sales calls, the use of recruiters and sales quotas. State AGs also have challenged alleged misrepresentations of post-graduate opportunities and the costs of education.

Other state AG actions impacting students include litigation against student loan servicers. Claims include allegations of steering students toward repayment plans and forbearances that were not the most economically advantageous, as well as failing to provide information about certain available loan repayment plans. At least one significant multistate AG settlement is awaiting court approval.

Takeaway No. 7: Healthcare-Related Marketing

In 2021, state attorneys general pursued several companies that market healthcare-related products. A recurring theme across many of these cases is that a company in the healthcare industry may be subject to AG scrutiny for what it does not say in its advertisements (that is, alleged omissions) just as much as for what it does say in its ads. Several state AGs focused on companies that allegedly oversold or failed to fully disclose the effectiveness — or lack thereof — of a product, treatment or procedure. The fact that a product is highly regulated and that a government regulator has reviewed labels and box materials may not be enough to deter an enforcement action based on alleged misrepresentations of a product’s or procedure’s effectiveness.

Takeaway No. 8: California Privacy Enforcement Update

In July 2021, roughly 12 months after the effective date of the California Consumer Privacy Act (CCPA), the California attorney general provided statistics to suggest that the CCPA is achieving its goal.

According to AG Rob Bonta, after receiving a notice of alleged violation, 75 percent of businesses have come into compliance within 30 days. California has also launched an online tool for consumers to efficiently report potential violations.

Takeaway No. 9: Colorado and Virginia Follow California’s Privacy Lead

Colorado and Virginia followed California’s lead and passed their own privacy laws in 2021.

The Virginia Consumer Data Protection Act (VCDPA) and Colorado Privacy Act (CPA), which take effect on Jan. 1 and July 1, 2023, respectively, grant consumers the rights to understand and control how certain businesses collect their personal data. The acts also include security obligations. While there is no private right of action under either law, companies that violate these laws may face penalties of up to $7,500 per violation under the VCDPA and $20,000 per violation under the CPA.

We expect to see more states follow suit and pass their own privacy laws in the near future, increasing calls for a comprehensive federal law (similar to the development of state breach notification laws).

Takeaway No. 10: Security Breach Enforcement Continues

Following announcements of multiple resolution agreements of significant data breach incident investigations in each of several years, 2021 saw a change: It had no similar announcements. States did continue to use their ability to enforce the HIPAA Privacy and Security Rules.

We expect that state attorneys general and federal regulators will continue to aggressively investigate significant security incidents when they are disclosed in addition to conducting information-gathering sweeps to identify practices that may be outside the norm.

Stay tuned for our predictions about what we expect to see from state attorneys general in 2022 and beyond.