Ad Law Access

Jessica Rich Named Director of the FTC's Bureau of Consumer Protection

Dana B. Rosenfeld — Mon, 17 Jun 2013 12:55:23 -0500

Today, Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez announced that Jessica Rich has been named Director of the FTC’s Bureau of Consumer Protection (the “Bureau”). Rich, who has more than 22 years of experience at the Commission, currently serves as Associate Director in the Bureau’s Division of Financial Practices. She will take over the Bureau Director role from Acting Bureau Director Charles Harwood, who will return to his previous position as Deputy Bureau Director.

As Bureau Director, it is expected that Rich will continue to focus the Commission’s efforts on addressing a number of key emerging technology issues, including consumers’ increased use of the mobile Internet, expanding consumer data collection by businesses, and privacy issues relating to the growing interconnection between everyday consumer devices.

For additional background about Rich, please see the Kelley Drye client advisory.

On June 27, Kelley Drye & Warren will convene top government policy-makers from the FTC and CPSC, industry thought-leaders, and marketing law specialists at the Advertising and Privacy Law Summit in Washington, D.C. This full-day seminar will look ahead to priorities for the new Director of the FTC’s Bureau of Consumer Protection. To inquire about attendance at this invitation-only event, please email dcevents@kelleydrye.com.

New York Times Article Discusses Potential Liability for Celebrity Endorsements

Gonzalo E. Mon — Thu, 13 Jun 2013 07:29:24 -0500

A recent New York Times article discussed the FTC’s scrutiny of companies who engage celebrities to endorse their products in social media. The article serves as a timely reminder that this form of advertising, unless conducted carefully, can result in liability and monetary penalties for the celebrity and the advertiser.

The FTC is concerned that consumers will believe these celebrity endorsements aren’t ads and that the celebrities haven’t been compensated in exchange. “In a traditional ad with a celebrity, everyone assumes that they are being paid,” according to Mary K. Engle, associate director of the advertising practices division at the FTC. “When it’s not obvious that it is an ad, people should disclose that they are being paid.”

As we noted in March, the FTC’s updated “.com Disclosures” guides provide some “does and don’ts” for this form of advertising. Notwithstanding the typically short length of these postings, the guides provide that celebrity endorsements in social media must contain clear and conspicuous language indicating that the endorsements are sponsored. While the .com Disclosures are not law, they do highlight the FTC’s thinking on what federal law requires with this form of advertising.

Celebrities and companies who engage in this form of advertising would be wise to understand the .com Disclosures and related laws — or to consult with legal counsel who does — so that they can avoid legal liability and reap the benefits that can come with this form of advertising.

Special Counsel Joe Wilson contributed to this post.

Supreme Court To Clarify Standing For False Advertising

Paul R. Garcia — Wed, 12 Jun 2013 13:00:47 -0500

On June 3, 2013, the U.S. Supreme Court agreed to hear Lexmark International’s petition from a lower court ruling that a party with merely a “reasonable interest” to protect had standing to sue for false advertising under Section 43(a) of the Lanham Act, 15 U.S.C. § 1125(a)(1). The counterclaiming party, Static Controls, alleged that Lexmark engaged in false advertising by informing customers that Static infringed various patents and copyrights. Lexmark and Static are not actual competitors.

The Supreme Court will decide the appropriate test for standing in these circumstances, which has divided the lower courts. In some Circuits only actual competitors have standing to sue for false advertising under the Lanham Act, whereas other Circuits apply a multi-factor test typically used for antitrust claims. Here, the Sixth Circuit applied a more lenient “reasonable interest” test.

The Supreme Court’s forthcoming decision (not likely before late 2013 or early 2014) creates potential opportunities for false advertising plaintiffs if the Court adopts a more lenient standard, and potentially greater protection against false advertising claims nationwide if the Court adopts a more stringent standing requirement applicable to all Circuits. In all events, Static’s counterclaims are a reminder that what is said about a lawsuit by a party outside of court—to customers and others—may give rise to potential liability, or at least the headache of defending against accusations of wrongdoing.

FTC Updates COPPA FAQs in Advance of July 1 Rule Changes

Matthew Sullivan — Thu, 06 Jun 2013 10:31:28 -0500

This week, the Federal Trade Commission announced the latest update to its frequently asked questions (“FAQs”) document to assist online operators as they prepare for changes to the Children’s Online Privacy Protection (“COPPA”) Rule, which go into effect on July 1, 2013. The updated FAQs address the parental notice and consent obligations for operators that feature a Facebook “Like” button on their site. The new question and answer (see FAQ I.10) read as follows:

10. I have a child-directed website. Can I put the Facebook Like button on my site without providing notice and obtaining verifiable parental consent?

Section 312.5(c)(8) of the Rule has an exception to its notice and consent requirements where:
• a third-party operator only collects a persistent identifier and no other personal information;
• the user affirmatively interacts with that third-party operator to trigger the collection; and
• the third-party operator has previously conducted an age-screen of the user, indicating the user is not a child.

If the third-party operator meets all of those requirements, and if your site doesn't collect personal information (except for that covered by an exception), you don't need to provide notice or obtain consent. This exception doesn't apply where the third party collects more information than a persistent identifier — for example, where the third party also collects user comments or other user-generated content. In addition, a child-directed website can't rely on this exception to treat particular visitors as adults and track their activities. If your inclusion of the Facebook Like button satisfies all these criteria, you may rely on this exception under the Rule.

The new Q&A is the latest effort by FTC Staff (also see here, here, and here) to educate operators of websites and online services directed to children about their obligations under the amended Rule.

Ohio Lawsuit Alleges Deceptive Advertising by Jos. A. Bank

Matthew Sullivan — Wed, 05 Jun 2013 09:53:48 -0500

On May 24, 2013, Ohio consumers filed a class action lawsuit in U.S. District Court (N.D. Ohio) alleging that advertising by clothing retailer Jos. A. Bank violates the Ohio Consumer Sales Practices Act (“CSPA”) and state sale price statutes. See Schneider v. Jos. A. Bank Clothiers, Inc., No. 1:13-cv-01175-SL (N.D. Ohio Filed on May 24, 2013). According to the Complaint, Jos. A. Bank’s television, radio, print, and online advertising falsely promotes substantial savings (including “free” offers) on men’s suits, sportcoats, and dress pants by basing the advertised “discount” prices on grossly inflated and illusory “regular prices” that do not represent the prices at which any of the clothing items are sold.

As one purported example of Jos. A. Bank’s alleged illegal conduct, the Complaint describes an instance where an Ohio consumer purchased a suit for “70% Off” of the advertised regular price of $895. The Plaintiffs allege that the $895 “regular price” does not reflect the actual price regularly paid by consumers for the applicable suit, and that the suit is substantially inferior in value to the advertised regular price. Ohio law defines a “regular price” as “the price at which the goods or services are openly and actively sold by a supplier to the public on a continuing basis for a substantial period of time.” In addition, the Complaint asserts that Jos. A Bank’s claims that its sales are for a “limited time,” “today only,” or similar terms, are false and deceptive because the company maintains its sales offers on a nearly continuous basis.

The lawsuit claims that Jos. A Bank’s conduct violates Ohio Administrative Code section 109:4-3-04, which imposes certain requirements when making “free” promotional offers, and section 109:4-3-12, which prohibits an advertiser from using certain terms (e.g., “regularly. . .”, “now. . .;” “reduced from. . . to . . .,”) unless the comparison is to the advertiser’s legitimate regular price.

The plaintiffs are seeking compensatory damages that are based on the difference between the allegedly inflated “regular price” that each class member paid for a clothing item, and the “true” lower regular price for each such item.

Eleventh Circuit Rules Best Buy's ID Swipe Policy Does Not Violate Federal Privacy Law

Kristi Wolff — Fri, 31 May 2013 16:08:54 -0500

On Tuesday, the Eleventh Circuit ruled that Best Buy’s policy of swiping drivers’ licenses when customers return purchases does not violate the federal Drivers’ Privacy Protection Act of 1994 (“DPPA”). In a per curiam opinion, the court affirmed the U.S. District Court for the Southern District of Florida’s dismissal of the putative nationwide class action and determination that the DPPA does not apply to information supplied by the customer.

The lawsuit arose in October 2011 when the plaintiff attempted to return a computer mouse at a Best Buy store in Florida. During that transaction, the store cashier requested the plaintiff’s driver’s license to complete the return and, when the plaintiff supplied it, scanned the license’s magnetic strip. The plaintiff demanded that Best Buy delete the magnetic strip information, but Best Buy stated it could not. The plaintiff then filed a complaint against the company, alleging that Best Buy’s policy violated the DPPA, which prohibits knowingly obtaining, disclosing, or using personal information, from a motor vehicle record, for an unpermitted purpose.

The Eleventh Circuit agreed with the District Court that the DPPA was intended to prohibit the disclosure of personal information originating from the state department of motor vehicle records only and not from the driver’s license holder. Thus, the court concluded, the plaintiff had failed to state a claim for which relief could be granted. The court explained that the DPPA was enacted to prevent state employee access to and disclosure of personal records and regulates disclosure of information by the state and supplied by the state only.

The court also acknowledged in a footnote that the return policy on the back of the Best Buy receipt that the plaintiff received with his purchase notified him of the company’s policy of swiping drivers’ licenses for returns. It stated:

Best Buy tracks exchanges and returns on an individual level. When you exchange or return an item, we require a valid form of ID…. Some of the information from your ID may be stored in a secure, encrypted database of customer activity that Best Buy and its affiliates use to track exchanges and returns. Valid forms of ID accepted are: U.S., Canadian, or Mexican Driver’s License, U.S. State ID, Canadian Province ID, U.S. Military ID or Passport.

Accordingly, the consumer was advised of Best Buy’s policy to required IDs for returns and opted to proceed anyway.

Associate Katherine E. Riley contributed to this post. Ms. Riley is admitted only in Massachusetts. She is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

White House Nominates New CPSC Commissioner and CPSC Adds Director of Compliance and Field Operations

Christie Grymes Thompson — Thu, 30 May 2013 10:40:12 -0500

With a looming departure date for Consumer Product Safety Commission ("CPSC" or "Commission") Commissioner Nancy Nord that would leave the CPSC without a quorum, the Obama Administration announced last week the nomination of former Rep. Ann Marie Buerkle to serve as a Republican Commissioner. During her single term, Congresswoman Buerkle criticized what she described as an unchecked growth of government that stifled the free enterprise of small businesses. Her nomination will likely be paired with Marietta Robinson's nomination, President Barack Obama's pick in 2012 to fill the seat left vacant by Democratic Commissioner Thomas Moore.

In the wake of the White House's nomination, Ray Aragon quietly became the Commission's Director of Compliance and Field Operation. Although the CPSC has not issued a press release announcing the new Director or modified its online organization chart, Mr. Aragon is listed in the CPSC's phone directory and presumably has begun handling matters. Mr. Aragon was most recently a partner at McKenna Long & Aldridge LLP, with a commercial litigation practice that included product liability claims.

This Kelley Drye advisory provides background regarding these two individuals and what the new leadership means for the CPSC.

FTC Seeks Public Comment on Proposed Amendments to the Telemarketing Sales Rule

Daniel S. Blynn — Tue, 28 May 2013 10:06:16 -0500

On May 21, the Federal Trade Commission (“FTC”) issued a Notice of Proposed Rulemaking (“NPRM”) regarding proposed amendments to the Telemarketing Sales Rule (“TSR”). Notably, the proposed changes would: (1) expressly state that the seller or telemarketer bears the burden of demonstrating an existing business relationship with a customer whose number is listed on the Do Not Call Registry, or that it has obtained an express written agreement from such customer; and (2) clarify that the exemption for calls to businesses extends only to calls inducing sale or contribution from the business, and not to calls inducing sales or contributions from individuals employed by the business. The Commission believes that these proposed revisions are consistent with current enforcement policy.

In addition, the FTC proposes to amend the Rule to explicitly state the following requirements, which it also believes are consistent with current enforcement policy. These proposed amendments would:

Modify the prohibition against sellers sharing the cost of Do Not Call Registry fees to emphasize that the prohibition is absolute;
Illustrate the types of impermissible burdens on consumers that deny or interfere with their right to be placed on a seller’s or telemarketer’s entity-specific do-not-call list (such as requiring the person to listen to a sales pitch before accepting the Do Not Call request or assessing a charge or fee for honoring the request); and
Clarify that the recording memorializing the express verifiable authorization required before a seller or telemarketer bills a customer or donor (unless payment is made by debit or credit card) must include an accurate description, clearly and conspicuously stated, of the goods or services or charitable contribution for which the payment authorization is sought.

The FTC has also proposed to prohibit sellers or telemarketers from requesting or receiving payment for recovery services for losses incurred in any prior transaction, regardless of whether that loss occurred via telemarketing, the Internet, or another means or medium, until seven business days after the consumer received the recovered money or merchandise. The prohibition currently is limited to services for the recovery of money lost through telemarketing fraud only. However, the Commission notes that consumer complaints and the FTC’s regulatory efforts reveal that consumers are susceptible to the same type of fraud over the Internet, and are therefore equally susceptible to pitches for telemarketing services promising to recover, in exchange for an advance fee, the money or merchandise lost as a result of such Internet fraud.

Finally, the FTC has also proposed to bar sellers and telemarketers from accepting remotely created checks, remotely created payment orders, cash-to-cash money transfers, and cash reload mechanisms (collectively defined as “novel payment methods”) as payment during inbound or outbound telemarketing transactions. The Commission’s rationale for the proposed changes is, in part, that the consumer protections typically associated with traditional payment methods, such as credit cards, debit cards, and electronic fund transfers are not present with novel payment methods. Further, the Commission expresses concern that the “express verifiable authorization” provision currently in the TSR, which requires telemarketers to obtain a consumer’s express verifiable authorization for all telemarketing transactions where payment is made by a method other than a credit or debit card, does not adequately protect consumers against fraud, as evidenced by the law enforcement actions discussed in the NPRM.

The comment period will remain open until July 29, 2013.

FTC Issues Latest Update to COPPA FAQs

Matthew Sullivan — Fri, 24 May 2013 10:23:06 -0500

Earlier this week, the Federal Trade Commission announced an update to its frequently asked questions (“FAQs”) document to assist online operators as they prepare for changes to the Children’s Online Privacy Protection (“COPPA”) Rule, which go into effect on July 1, 2013. The updated FAQs clarify parental notice and consent obligations for child-directed apps that collect information from a child in order to send push notifications to users. The new question (No. 80) and answer read as follows:

80. I have a child-directed app and want to send push notifications. Do I need to get parental consent?

The information you collect from the child’s device used to send push notifications is online contact information – it permits you to contact the user outside the confines of your app – and is therefore personal information under the Rule. To the extent the child has specifically requested push notifications, however, you may be able to rely on the “multiple-contact” exception to verifiable parental consent, for which you must also collect a parent’s online contact information and provide parents with direct notice of your information practices and an opportunity to opt-out. See FAQ 58. Importantly, in order to fit within this exception, your push notifications must be reasonably related to the content of your app. If you want to combine this online contact information with other personal information collected from the child, you cannot rely on this exception and must provide parents with direct notice and obtain verifiable parental consent prior to sending push notifications to the child.

The FTC’s latest update to the COPPA FAQs follows other recent efforts to educate operators of websites and online services directed to children about their obligations under the amended Rule. As we described last week, the FTC recently sent letters to more than 90 U.S. and foreign-based companies to highlight the significant Rule changes relating to the definition of “personal information.”

NAI Releases Updated Code of Conduct for Online Behavioral Advertising

Christopher M. Loeffler — Wed, 22 May 2013 16:07:36 -0500

The Network Advertising Initiative (“NAI”) recently announced final updates to its 2013 Code of Conduct (“NAI Code”). The NAI Code is one of the leading industry self-regulatory codes of conduct governing online behavioral advertising (“OBA”) for third party digital advertising companies. While prior versions of the NAI Code were focused on advertising networks, the 2013 NAI Code keeps pace with developments in the online advertising ecosystem and also governs the actions of participating demand side platforms (“DSPs”), supply side platforms (“SSPs”), and ad exchanges, among others.

The 2013 NAI Code reinforces the requirements for participants to provide education, notice, and choice regarding OBA, stating that industry’s approach must not remain stagnant, but rather adapt to ensure that the self-regulatory framework remains relevant and effective. It was also updated to reflect regulatory guidance including the FTC Final Privacy Report and White House Privacy Report. Additionally, the 2013 NAI Code harmonizes requirements with the Digital Advertising Alliance (“DAA”) Self-Regulatory Principles for Online Behavioral Advertising. [The NAI is one of the members of the DAA.]

The 2013 NAI Code introduces a new framework of data “identifiability” that splits the difference between the FTC and industry’s definitions of what is PII:

PII = Used or intended to be used to identify an individual
Non-PII = Linked or reasonably linkable to a specific computer or device
De-Identified Data = Not linked or reasonably linkable to either an individual or a specific computer or device

The online advertising industry continues to face scrutiny from regulators and Congress regarding its approach to OBA, with a specific focus on a Do Not Track standard. Companies engaged in any OBA, interest-based advertising, or online remarketing / retargeting activities should stay tuned as the self-regulatory and regulatory framework continues to evolve.

Kansas AG Action Offers Reminder That States Monitor Do-Not-Call Compliance

Daniel S. Blynn — Sat, 18 May 2013 07:40:14 -0500

A few days ago, a Kansas state court entered a default judgment against Bullseye Target Marketing, a Missouri telemarketing company that solicited roofing business in Kansas, in an action brought by the Kansas Attorney General alleging violations of the Kansas No-Call Act (the state analogue to the federal Telemarketing Sales Rule). The court ordered the company to pay $600,000 in penalties. The action was filed after the Attorney General received complaints from Kansas consumers that they received unsolicited calls offering to schedule roof inspections in areas that had experienced storm damage, despite their numbers being registered on the state do-not-call list. The Kansas No-Call Act generally prohibits businesses from placing telemarketing calls to consumers registered on the state do-not-call list.

This Attorney General action should serve as a reminder that do-not-call compliance is not only being monitored and enforced by the Federal Trade Commission, but states, too, are active in the area.

Vermont Changes Law on Skill Contests

Gonzalo E. Mon — Fri, 17 May 2013 07:45:19 -0500

All states prohibit companies from requiring people to pay money or make a purchase to enter a sweepstakes. Although most states allow companies more flexibility to require a payment or purchase in a skill contest, some states prohibit those requirements, too. Up until now, Vermont was in the latter category.

Effective April 26, 2013, nothing in the Vermont statute “shall be construed to prohibit a person from requiring or paying any kind of entry fee, service charge, purchase, or similar consideration in order to enter, or continue to remain eligible for, a game of skill or other promotion that is not based on chance.”

The line between chance and skill isn’t always clear, but if companies can get on the right side of that line, they’ll soon have more options for running promotions in Vermont.

FTC Reaches Out to Businesses on COPPA

Matthew Sullivan — Thu, 16 May 2013 09:33:30 -0500

On May 15, 2013, the Federal Trade Commission sent letters to more than 90 U.S. and foreign-based companies that may be affected by amendments to the Children’s Online Privacy Protection Rule (“COPPA” or the “Rule”), which go into effect on July 1, 2013. The letters, which do not reflect an official evaluation of the recipients’ privacy practices, were targeted to online services and mobile applications that collect “personal information” from children under age 13, as defined by the Rule.

The primary purpose of the letters was to highlight the significant changes to the COPPA Rule definition of personal information, which, under the current Rule, includes user names, a home or physical address, contact information (e-mail address or telephone number), and social security numbers. As described in the letters, the amended Rule expands the definition of personal information to include persistent identifiers, such as cookies, IP addresses, and mobile device IDs, that can recognize users over time and across different websites or online services. Online operators that collect such information must provide notice and obtain parental consent, unless they use the identifiers to support internal operations, such as for user authentication or network analysis. Under the revised Rule, personal information also includes photographs or video with a child’s image, or an audio file with a child’s voice.

In addition to describing changes to the definition of personal information, the letters also highlighted the following “musts” for developers of child-directed online or mobile apps:

• Notice and parental consent for personal information collected on applications from third parties, such as ad networks;
• Reasonable steps to release children’s personal information only to companies that will keep it secure and confidential;
• New data retention and deletion requirements.

The letters are the latest step by the Commission to generate awareness about how the COPPA Rule changes may affect online operators’ current business practices. As we described last month, FTC Staff also issued an updated Frequently Asked Questions (“FAQ”) document, Complying with COPPA: Frequently Asked Questions, that includes a number of questions (and answers) that directly address how the amended COPPA Rule differs from the current Rule.

FCC Opens the Door to Vicarious Liability for Third-Party Telemarketing Under Certain Conditions

Alysa Zeltzer Hutnik — Wed, 15 May 2013 16:28:24 -0500

On May 9, 2013, the Federal Communications Commission ruled that sellers may be held vicariously liable under the Telephone Consumer Protection Act (“TCPA”) for unlawful telemarketing by third parties under certain circumstances. The FCC’s Declaratory Ruling addresses third-party liability for violations of the Do Not Call and prerecorded message restrictions of the Communications Act. The Commission ruled that, under both provisions, a seller may be held vicariously liable for violative calls placed by third-party marketing agents under principles of the federal common law of agency.

The Declaratory Ruling thus resolves a central question that is raised in a number of TCPA lawsuits: sellers may only be held liable for actions of those third party telemarketers that are determined to be agents, applying the federal common law of agency. Moreover, a manufacturer that simply puts a product in the chain of commerce that is later resold by a seller is not likely to be affected by this Ruling, provided that it does not otherwise trigger the TCPA’s seller definition.

With respect to how and under what circumstances the federal common law of agency will be applied to find a seller vicariously liable for the acts of third parties, the future is unclear – particularly with respect to claims based on alleged apparent authority and whether the FCC’s “illustrative examples” of such apparent authority set forth in the Ruling will influence courts in interpreting how the federal common law of agency should apply to the specific facts of a particular case.

For more on this decision, please reference the Kelley Drye client advisory.

House Lawmakers Introduce New Bill to Address Mobile App Privacy

Matthew Sullivan — Mon, 13 May 2013 10:08:37 -0500

On Thursday, May 9, Rep. Hank Johnson (D-GA), and co-sponsor Rep. Steve Chabot (R-OH) introduced the “Application Privacy, Protection, and Security (APPS) Act of 2013,” (H.R. 1913). The bill, which is aimed at increasing consumer privacy within applications (“apps”) available through smartphones and other mobile devices, retains the provisions included in the discussion draft of the legislation circulated by Rep. Johnson in January 2013.

Among its key provisions, the APPS Act would require app developers to make a privacy statement available to consumers before they purchase an app, obtain consent from consumers before collecting data, and securely maintain the data that they collect. A developer’s privacy statement would have to disclose the categories of personal information collected by the app, and how such information is used, including whether it is shared with any third parties. App developers also would be required to include within their privacy statement a data retention policy that describes how long information is retained, and how consumers can access and seek the removal of such information. Under the bill, the Federal Trade Commission would be tasked with drafting regulations to implement the law, including defining the term “personal data,” as well as enforcing such regulations.

The APPS Act is the product of Rep. Johnson’s AppRights initiative, which is a web-based legislative project launched in July 2012 to address the privacy and security of mobile device users, and follows other recent federal and state efforts to enhance privacy protections for mobile app users. For example, we posted last week about the latest developments regarding the California Attorney General’s efforts to require all app developers to include a privacy policy in their mobile app.

Delta Cleared for Takeoff: Wins Dismissal of California AG Mobile App Privacy Action

Christopher M. Loeffler — Fri, 10 May 2013 11:24:52 -0500

In December 2012, the California Attorney General filed a lawsuit against Delta Airlines, Inc. (“Delta”) alleging that Delta violated California’s Online Privacy Protection Act by failing to post a privacy policy within its Fly Delta mobile app. It was the first mobile app enforcement action brought by the California Attorney General and closely followed the Attorney General’s warning campaign in which it sent out letters to approximately 100 app developers and companies notifying them that they were not in compliance with California’s law. Our previous coverage of the complaint is here.

Yesterday, the California Superior Court dismissed the claim, holding that the state action is pre-empted by the federal Airline Deregulation Act, which prohibits states from applying regulations on airlines related to price, routes, or services. Judge Miller stated: “In this instances it’s services. . . . I think that this case is, in effect, an attempt to apply a state law designed to prevent unfair competition, which regulates an airline’s communications with consumers, and I think it’s pre-empted.” Press coverage is available here.

This is an interesting result for the first Attorney General app enforcement action and it’s too soon to tell whether the Attorney General will appeal the decision. Unfortunately, the ruling doesn’t provide any substantive guidance, or give much comfort, to companies that can’t make similar federal pre-emption arguments. Companies with mobile apps will want to keep their seatbacks and tray tables in their upright and locked positions as we watch for the Attorney General’s next activities in the mobile privacy space.

Common Sense Rules in LA Lakers Text Message Suit

Gonzalo E. Mon — Fri, 10 May 2013 09:50:05 -0500

Most marketers know they are legally required to get permission before sending text messages to consumers. Despite this, the number of lawsuits involving (allegedly) unsolicited text messages keeps growing, as does the cost of settling these suits. Although the first cases in this area involved practices that were clearly unlawful — such as sending text messages to people who hadn’t signed up — now, companies are getting sued over much less. Fortunately, many courts have taken a common sense approach to these cases.

During a Lakers game last year, the team invited fans to text a message for a chance to have it appear on the scoreboard. A fan texted a message, and received the following confirmation from the Lakers in return: “Thnx! Txt as many times as u like. Not all msgs go on screen. Txt ALERTS for Lakers News alerts Msg&Data Rates May Apply. Txt STOP to quit. Txt INFO for info.” Shortly thereafter, the plaintiff filed a lawsuit against the Lakers arguing that the team had sent that message without consent, in violation of the Telephone Consumer Protection Act.

Applying a “common sense” reading of the TCPA, a California court determined that, by sending his original message, the plaintiff “expressly consented” to receiving a confirmatory text message from the Lakers. Indeed, the court noted that when the plaintiff sought to display his message on the scoreboard, “it is difficult to imagine how he could have been certain that the Lakers received his message without a confirmative response.” Accordingly, the court granted the Laker’s motion to dismiss the case.

There are still a number of legal risks associated with text message campaigns, but this decision — as well as other recent developments — suggests that companies now have a better shot at prevailing in these types of nuisance suits.

Mandated Compliance Programs as the New Normal? Williams-Sonoma Agrees to $987,000 CPSC Civil Penalty & Comprehensive Compliance Program

Christie Grymes Thompson — Wed, 08 May 2013 09:44:22 -0500

The tide continues to rise for Consumer Product Safety Commission (“CPSC”) civil penalties as the Commission announces a $987,000 penalty against Williams-Sonoma, Inc. and the company’s agreement to implement an extensive compliance program. On Monday, the CPSC announced that Williams-Sonoma has agreed to pay the civil penalty to resolve allegations that the company knowingly failed to report a defect in its Pottery Barn wooden hammocks. Williams-Sonoma also agreed to implement a comprehensive compliance program that arguably encompasses far more than the company’s alleged failure to report in a timely manner.

According to the settlement agreement, the wood in the hammock stands allegedly deteriorated over time, and Williams-Sonoma had received notice of a consumer injury resulting from the failure of the hammock as early as November 2004 and had received its eighth incident report by the end of October 2006. The company, however, did not report to the Commission until September 2008, when it knew of 45 incidents. In October 2008, Williams-Sonoma and the CPSC announced the recall of 30,000 hammock stands. Because the alleged failure to report occurred prior to September 2008, it was subject to the CPSC’s previous civil penalty cap of $1.825 million instead of the current cap of $15 million.

In addition to the civil penalty, Williams-Sonoma agreed: (1) to implement and maintain a comprehensive compliance program designed to ensure compliance with all safety statutes and regulations enforced by the Commission (not just the Consumer Product Safety Act, which was the subject of the penalty); and (2) to maintain and enforce a system of internal controls and procedures designed to ensure timely and accurate reporting to the CPSC. The comprehensive compliance program is the same as that imposed in the settlement agreement entered with Kolcraft Enterprises, Inc. earlier this year. In a statement issued in connection with the Williams-Sonoma settlement, Commissioner Nord expressed concern that, for a second time, the CPSC had insisted on a comprehensive compliance program absent evidence of widespread noncompliance and that “the compliance program language in [the] settlement is another step toward just such a de facto rule.” She also noted that using recalls to justify imposing mandates unrelated to the problem (in this case, timely reporting) discourages participation in the voluntary recall process.

Companies with products subject to the CPSC’s jurisdiction should note that mandated compliance programs appear to be the new normal for civil penalty agreements, regardless of a company's history with the Commission as civil penalty demands continue to increase.

Associate Katherine E. Riley contributed to this post. Ms. Riley is admitted only in Massachusetts. She is practicing under the supervision of principals of the firm who are members of the D.C. Bar.

FTC Continues FCRA Enforcement Activities: Warning Letters to 10 Data Brokers

Christopher M. Loeffler — Tue, 07 May 2013 14:43:38 -0500

Today, the Federal Trade Commission (“FTC”) announced that it sent letters to 10 data brokers warning them that their practices may be subject to the Fair Credit Reporting Act (“FCRA”). A sample letter is available here. Among other things, the FCRA governs the sale and use of consumer information which may be used to make decisions about consumers’ creditworthiness, eligibility for insurance, or suitability for employment.

As part of a global privacy sweep conducted by the Global Privacy Enforcement Network (“GPEN”), the FTC conducted test-shopping with 45 data brokers. Based on the sweep, 10 data brokers indicated a willingness to sell consumer information in a manner that may violate the FCRA.

As we’ve previously noted here and here, the FTC continues to use its authority under FCRA through enforcement actions—which include civil penalties—and warning letters. Last month, the FTC warned 6 websites that their sharing of consumers’ rental history information with landlords may be subject to the FCRA.

While the warning letters are not a formal complaint alleging FCRA violations, they are an important reminder for all companies that sell consumer information to closely examine whether these practices fall under the FCRA and, if so, to ensure proper compliance.

Washington Attorney General Settles with T-Mobile Over Ad Claims

Gonzalo E. Mon — Mon, 06 May 2013 13:20:22 -0500

The Washington Attorney General recently announced a court-ordered agreement with T-Mobile over the company’s new advertising campaign. T-Mobile has been promoting a new service plan that offers “no restrictions,” “no annual contract,” and no requirement that customers “serve a two-year sentence.” The plan, however, does not include a phone. Instead, T-Mobile offers consumers an option to purchase a phone at a monthly rate over a two-year term. (They also offer other phone options.) Consumers who purchase a phone must pay the full cost of the phone if they cancel before the end of the two-year period.

The Attorney General alleged that T-Mobile misled consumers by advertising the absence of restrictions, an “annual contract,” and a “two-year sentence,” without adequately disclosing that customers who terminate their service before a device is paid off will have to pay the balance due on the phone upon cancellation. In some cases, the cost is higher than the early termination fee charged by other carriers. According to the press release: “Instead of a ‘two-year sentence’ for wireless service, consumers face a different two-year ‘sentence’ to avoid a lump-sum balloon payment for the phone.”

As part of the settlement, T-Mobile agreed to change the way it advertises the plan, to contact customers who purchased phones under the plan and advise them of their right to cancel and get a refund, and to pay attorney’s fees and costs.

This settlement serves another reminder that companies need to clearly and conspicuously disclose the material terms of their offers. You can’t just highlight the benefits of a product or service, and bury the costs and restrictions in the fine print.