• SPECIAL FOCUS: FTC Releases Updated Guidance for Digital Marketers

    Thirteen years after the Federal Trade Commission first offered guidance to online marketers, the agency has updated its "Dot Com Disclosures" for the age of digital advertising to address the advertising claims made on smartphones and on social media sites.

    The new FTC staff guidance, .com Disclosures: How to Make Effective Disclosures in Digital Advertising, sets forth some “clear and conspicuous” disclosures advertisers should make to avoid consumer confusion and deception in the marketplace. The agency has been working to update the guidance since May 2011. Before releasing the long-awaited changes, the FTC conducted three public comment periods and hosted a day-long public workshop.

    Most importantly, the updated guidance emphasizes that existing consumer protection laws apply with equal force to the Internet and other electronic media. In practical terms, that means that if a disclosure is necessary and doesn’t fit on an iPhone screen or within the 140-character limit of Twitter, then an ad claim should be modified or not disseminated. “Moreover, if a particular platform does not provide an opportunity to make clear and conspicuous disclosures, it should not be used to disseminate advertisements that require such disclosures.”

    The new guidance updates the 2000 edition with 22 advertising examples and addresses new issues for marketers. Some of its key topics include:

    Proximity.  In the prior version of the guidance, marketers were advised to place disclosures “near, and when possible, on the same screen.” Now, under the updated guidance, disclosures should be “as close as possible” to the relevant claim. “The closer the disclosure is to the claim to which it relates, the better,” the FTC said. Consideration should also be given to issues like the prominence of the disclosure; whether it is unavoidable; whether other parts of the ad distract attention from the disclosure; whether the disclosure needs to be repeated at different places on a Web site; whether disclosures in audio messages are presented at an adequate volume and cadence; whether visual disclosures appear for a sufficient duration; and whether the language of the disclosure is understandable to the intended audience.

    Hyperlinks.  Advertisers should avoid the use of hyperlinks to make disclosures about a product’s cost or certain health and safety issues. If hyperlinks are used, advertisers should consider their functionality on a variety of platforms and devices to ensure that consumers can access the disclosure. They should also use consistent styles to increase the likelihood that consumers will understand that a link is available. Hyperlinks should also be labeled as specifically as possible (buried or generically labeled links are not recommended) and placed as close to the relevant information as possible. “The link should give consumers a reason to click on it,” the FTC explained, and should take consumers directly to the disclosure on the click-through page. The agency also advised advertisers to assess the effectiveness of hyperlinks by monitoring click-through rates and make changes as necessary. 

    Pop-ups.  The agency frowned on pop-ups as a method of disclosure, as they are often blocked and prevent consumers from seeing the necessary disclosure. Even unblockable pop-ups may fail to be effective because consumers do not associate information in a pop-up window with a claim or product. Advertisers who use pop-ups can reduce problems by requiring that consumers take an affirmative action to proceed past the pop-up before moving on (like clicking on a “yes” or “no” button without the use of a preselected button).

    Scrolling.  Advertisements should be designed for the relevant medium so that “scrolling” down a screen is not necessary to find disclosures. In situations where scrolling is necessary, the FTC suggested that advertisers use text or visual cues to encourage consumers to read the disclosure (however, scroll bars are “not a sufficiently effective visual cue”). “Advertisers should keep in mind that having to scroll increases the risk that consumers will miss a disclosure,” the agency cautioned.

    Display.  “[I]t is important for advertisers to draw attention to the disclosure,” the guidance noted. “Consumers may not be looking for – or expecting to find – disclosures.” Disclosures should be made before the consumer purchases an item and should be prominently displayed so that they are noticeable to consumers. The size, color, and graphic treatment of a disclosure in relation to other parts of a Web site, e-mail, text message, or application should be considered. And disclosures should not be relegated to “terms of use.” “Simply making the disclosure available somewhere in the ad, where some consumers might find it, does not meet the clear and conspicuous standard,” the FTC said.

    Size and space.  The FTC notes that mobile screens and social media platforms offer advertisers limited space within which to promote their goods and services and display needed disclosures. However, when dealing with space constraints, some short-form disclosures may suffice. For example, the word “Sponsored” or “Ad” at the beginning of a Tweet or other short message should convey to consumers that they are viewing an advertisement. Disclosures should also appear in each and every ad that would require a disclosure if that ad were viewed in isolation, the FTC said. “Do not assume that consumers will see and associate multiple space-constrained advertisements,” it says in the guidance. A series of Tweets, for example, should all include “Ad” or a similar disclosure.

    In addition to providing guidance for advertisers, the FTC also places certain affirmative obligations on sellers to ensure their disclosures are accessible to consumers. For example, the guidance suggests that online sellers optimize their Web sites for mobile devices so that important information is displayed to and not missed by consumers. Further, if a Web site operator relies on “mouse-over” technology to display certain disclosures on a Web page, this technology may not be accessible or effective on a mobile device where there is no cursor to hover over a link. Last, the guidance suggests that advertisers assess the effectiveness of hyperlinked disclosures by using tools to monitor click through rates from ads to the disclosures. “If the hyperlinks are not followed,” the guidance states, “another method of conveying the required information may be necessary.”

    To read the FTC’s guidance, .com Disclosures: How to Make Effective Disclosures in Digital Advertising, click here.

    Why it matters: Advertisers should familiarize themselves with the updates and evaluate their claims under the guidelines, particularly with regard to ads on mobile sites and social media sites. As the agency emphasized in the guidance, “deception is unlawful no matter what the medium.” The FTC also noted that the guidance is not intended to provide a safe harbor from potential liability. “Whether a particular ad is deceptive, unfair, or otherwise violative of a Commission rule will depend on the specific facts at hand,” the agency said. “The ultimate test is not the size of the font or the location of the disclosure, although they are important considerations; the ultimate test is whether the information intended to be disclosed is actually conveyed to consumers.”

    back to top

    Less Dry or Moisturized? NAD Decides

    Claims like "Helps replenish skin's moisture" and "Helps lock in moisture" for Gillette's Venus & Olay razor should be modified or discontinued, the National Advertising Division recommended.

    In a challenge brought by Energizer Personal Care, the maker of competitive Schick razors argued that an unsupported moisturizing message – that the Gillette razor offered lubrication beyond shaving – was conveyed both by the text and imagery on the Gillette packaging and in television, print, and online advertising.

    Gillette countered that the core message of the advertising was not one of moisturization but that the Venus & Olay razor offered “less dryness” as compared to a prior iteration of the Venus razor. The ads made no express or implied moisturization claims, the company said, and the “less dryness over time vs. Venus Breeze” disclaimer reiterated its core message to consumers.

    But because the term “moisture” and “moisturization” can take on multiple meanings in the context of shaving, the NAD said the disclaimer was insufficient. Phrases like “Helps lock in moisture” connote a moisturization message to consumers. Combined with a disclaimer that was “starkly” separated on packaging and “nearly impossible to read” on television screens, “the placement of this disclaiming message was not readily noticeable to the audience and did not effectively qualify the main claim,” the NAD determined. “These advertising claims send the unsubstantiated message that the product provides a moisturizing benefit.”

    Ad imagery like a double helix of creamy ribbons served “to enhance the moisturization message,” the NAD added.

    The self-regulatory body recommended that the claims be discontinued or modified to present the disclaiming language as “part and parcel” of the main advertising message. If Gillette clearly and expressly limited its advertising with “less dryness over time vs. Venus Breeze,” it would convey a different, substantiated message.

    To read the NAD’s press release about the decision, click here.

    Why it matters: The self-regulatory body used the decision to elucidate how to properly employ a disclaimer in ad claims. Gillette’s disclaimer appeared in “tiny print” on the back of the package, separate from the main message on the front. In the television advertising, “the disclaiming super utilizes tiny grey font against a non-contrasting background. Even when pausing the commercial while the super is on the screen, it is nearly impossible to read,” the NAD said. Alternatively, advertisers should ensure that disclaimers are “noticeable, readable and understandable to the audience” to avoid conveying an unsubstantiated message.

    back to top

    FTC Targets Lack of Security on Mobile Device's Software

    In its first action against a mobile device manufacturer, the Federal Trade Commission issued a proposed consent order with HTC America, Inc. for failing “to take reasonable steps to secure the software it developed for its smartphones and tablet computers, introducing security flaws that placed sensitive information about millions of consumers at risk.”

    To differentiate its products, HTC develops and manufactures mobile devices and creates customized software for the Android, Windows Mobile, and Windows Phone operating systems. But according to the FTC, the company also created real security hazards for consumers.

    Specifically, the agency charged that HTC failed to review or test its software on the mobile devices to detect potential security vulnerabilities, failed to provide its engineering staff with adequate training on security issues, failed to follow well-known and commonly accepted secure coding practices, and failed to formulate a process for handling security problems when the company received reports about vulnerabilities.

    In one example, the FTC complaint detailed how HTC modified the Android operating system with “permission re-delegation” vulnerabilities that permitted one application to access sensitive information provided to another application that had not been given the same level of permission by the user.

    Millions of devices were vulnerable to malware, malicious applications, and compromised device functionality that could transmit or store sensitive and private information like the content of user text messages or financial account numbers, the FTC alleged. In addition, some of HTC’s user manuals contained deceptive representations, according to the agency’s complaint.

    To settle the charges, HTC agreed to a first-of-its-kind remedy: to develop and release software patches to fix the vulnerabilities found in millions of devices. HTC “shall release the applicable security patch(es) either directly to affected covered devices or to the applicable network operator for deployment of the security patch(es) to the affected covered devices,” according to the proposed consent order. HTC must also “provide users of the affected covered devices with clear and prominent notice regarding the availability of the applicable security patch(es) and instructions for installing the applicable security patch(es).”

    In addition, the company will develop a comprehensive security program focusing on the elimination of similar security risks during the development phase of HTC products. Finally, HTC is prohibited from making any false or misleading statements about the security and privacy of data on its devices and will be monitored by the FTC for the next 20 years.

    The proposed agreement was published in the Federal Register and is open for public comment until March 22.

    To read the complaint in In the Matter of HTC America, Inc., click here.

    To read the proposed consent order, click here.

    Why it matters: “The settlement with HTC America is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they ship to consumers,” the agency said in a press release about the proposed consent order. The deal also serves as a reminder to businesses about the agency’s recent efforts to regulate privacy and data security in the mobile ecosystem – such as the FTC’s release of a report recommending best practices for app developers and other industry stakeholders and an enforcement action against a mobile app provider that allegedly deceived users by collecting their personal information without notice. Continuing the agency’s focus on mobile security, the FTC has planned a public forum scheduled for June 4 to examine “the security of existing and developing mobile technologies and the roles that various members of the mobile ecosystem can play in protecting consumers.”

    back to top

    Apple, Parents Reach Deal on In-App Purchases

    Apple has reached a deal with parents who accused the company of allowing their children to spend real money for currency in games like Zombie Toxin and City Cash.

    Garen Meguerian filed his class action in 2011 after discovering that his then nine-year-old daughter charged $200 to a credit card via his iTunes account on in-app purchases for “free” iPhone games. After an initial log-in to download a game, players were given a 15-minute window to make purchases without re-entering a password, enabling children to purchase game currency without parental permission or knowledge, the suit alleged. Other parents filed similar suits, which were consolidated in the Northern District of California federal court.

    After presiding U.S. District Court Judge Edward J. Davila denied Apple’s motion to dismiss the suits last year, the parties began settlement negotiations in earnest.

    On March 1 they presented their deal to the court. Apple agreed to provide, at a minimum, a $5 iTunes gift card to class members. Those members who no longer maintain an iTunes account may receive a cash refund. In the alternative, parents may receive an iTunes gift card for the aggregate total of all in-app charges within a single 45-day period by submitting information about the app in question, the date of purchase, and the price for each charge. If the total is greater than $30, the class member may request a cash refund.

    Addressing the proposed notice to potential class members, the parties suggested a three-fold approach of Web site, e-mail, and postcard announcements. Importantly, the notice will also instruct parents how to use Apple’s parental controls and how to disable in-app purchases or set the requirements for entering a password for each purchase transaction. “This information will assist members of the settlement class in preventing minors from purchasing game currency without their knowledge and permission in the future,” the parties explained in the motion in support of the settlement.

    Although the precise class size is unknown, notice would be distributed to more than 23  million iTunes account holders who made game currency purchases in the qualifying apps. Between the additional passwords and parental controls implemented by Apple and the potential for full recovery of past game currency charges (with a “significant majority” of purchases made for less than $5), most members of the class would receive complete relief, the parties told the court.

    Apple also agreed not to oppose a class counsel award totaling $1.3 million.

    To read the settlement motion in In Re Apple In-App Purchase Litigation, click here.

    Why it matters: The proposed deal could cost Apple millions of dollars, depending on the size of the class, but it ends the litigation in the consolidated suits. For the plaintiffs, the settlement eliminates the risk of no recovery – Judge Davila denied Apple’s motion to dismiss but wrote that he was “skeptical” of the class’ ability to recover. Combined with the additional passwords and parental controls implemented by the company, the refunds could provide complete relief to many class members.

    back to top

    C is Not for Cookie Anymore: Mozilla's Default Settings to Block Cookies

    Much to the dismay of the advertising industry, Firefox announced this week that the next iteration of its Mozilla browser will block third-party cookies by default, effectively cutting off their ability to track users.

    Mozilla, which accounts for roughly 20 percent of the desktop market, said the change will be made with the release of Firefox 22 in April. While the browser will allow cookies from first-party sites that are visited by users, third-party cookies will be blocked by default unless there is an existing relationship with the user.

    Mozilla’s privacy officer Alex Fowler wrote in a blog post that the change is the result of several factors. “Many years of observing Safari’s approach to third party cookies, a rapidly expanding number of third-party companies using cookies to track users, and strong user support for more control is driving our decision to move forward with this patch,” he wrote. The company will test the function for several months, he added.

    Privacy advocates commended the move, with Center for Digital Democracy executive director Jeff Chester praising Mozilla for demonstrating a “serious commitment” to online privacy.

    The ad industry reacted with horror.

    In a tweet, Interactive Advertising Bureau general counsel Mike Zaneis called the new policy “a nuclear first strike against the ad industry.” Stu Ingis, counsel to the Digital Advertising Alliance, told MediaPost the patch would “negatively impact the entire Internet ecosystem” and was “a horrible thing for consumers.” “Is everybody just going to work for free?” he asked.

    Why it matters: Mozilla’s decision follows last year’s “nuclear strike” when Microsoft introduced Do Not Track as a default setting for Internet Explorer, creating a firestorm in the ad industry and resulting in a letter of protest signed by the Association of National Advertisers and the chief marketing officers of more than 30 companies, including General Electric, Ford, and Kraft. While the Federal Trade Commission and privacy advocates praised Microsoft’s move, the Do Not Track movement stalled last year. Members of the World Wide Web Consortium’s working group failed to reach an agreement on even basic issues, like how to define DNT. But movement now seems to be swinging in the opposite direction as law professor Peter Swire, co-chair of the working group, recently stated in a blog post entitled “Full Steam On Do Not Track.” After a recent meeting, the group now has “a roadmap” for a DNT standard, he said. “We are now on a path to devising a workable, meaningful standard.”

    back to top

    Financial Institutions Get Social Media Guidance

    To address the intersection of financial institutions and social media, the Federal Financial Institutions Examination Council (FFIEC) recently released proposed guidance on the potential legal, reputational, and operational risks posed by social media sites.

    In collaboration with the Office of the Comptroller of the Currency, the FFIEC issued “Social Media: Consumer Compliance Risk Management Guidance.” Entities governed by the FFIEC’s members – including banks, savings associations, and credit unions, as well as nonbank entities supervised by the Consumer Financial Protection Bureau – will be expected to use the guidance “to ensure that their policies and procedures provide oversight and controls commensurate with the risks posed by their social media activities.” The public comment period will close on March 25, 2013.

    As defined by the guidance, social media is “a form of interactive communication in which users can generate and share content” in a variety of mediums like text, images, audio, and/or video. “Since this form of customer interaction tends to be informal and occurs in a less secure environment, it presents some unique challenges to financial institutions.”

    According to the guidance, all financial institutions should establish a risk management program, but the details will depend upon the scope of a given institution’s involvement in social media. For example, a bank that relies heavily on social media to attract and acquire new customers should have a more detailed program, while a bank that chooses not to use social media at all may rely upon a less comprehensive policy. However, at a minimum, all entities must still “be prepared to address the potential for negative comments or complaints” within social media platforms and provide guidance for employee use of social media.

    Risk management programs should address issues that include the governance structure and the strategic goals of the institution’s social media plan (like increasing brand awareness or product advertising); the policies and procedures for monitoring the company’s social media use; training of company employees in the official and non-official uses of social media; and the effectiveness of the company’s audit and compliance procedures.

    Financial institutions face a broad spectrum of risks when using social media, the FFIEC explained. They include potential defamation or libel suits and risk to their reputation and to the identity of the brands. The guidance emphasized that already heavily regulated financial institutions must continue to comply with their governing regulations in the context of social media.

    For example, the Truth in Lending Act and Regulation Z advertising provisions require that credit ads present information in “a clear and conspicuous manner.” Electronic advertisements via social media are no different, the FFIEC noted, although companies are permitted to provide required information on a table or schedule located on a different page from the main advertisement if the ad refers to the other page or location.

    Other existing regulations also apply with equal force on social media sites. They include the Fair Debt Collection Practices Act’s prohibition on inappropriately contacting consumers or their families or friends, and the requirement that “Member FDIC” be included when advertising FDIC-insured products.

    The FFIEC also cautioned financial institutions to respect privacy concerns and clearly disclose a privacy policy as required by the Gramm-Leach-Bliley Act. Financial institutions should also ensure compliance with the Children’s Online Privacy Protection Act by monitoring whether it collects information from children under age 13, and avoid running afoul of the Telephone Consumer Protection Act or CAN-SPAM by sending unsolicited communications to consumers via social media sites.

    To read the proposed guidance, click here.

    Why it matters: The FFIEC’s member agencies “recognize that financial institutions are using social media as a tool to generate new business and provide a dynamic environment to interact with consumers,” the guidance said. “As with any product channel, financial institutions must manage potential risks to the financial institution and consumers by ensuring that their risk management programs provide appropriate oversight and control to address the risk areas discussed within this guidance.”

    back to top