Advertising Law

In This Issue

Editors: Linda A. Goldstein | Jeffrey S. Edelstein | Marc Roth

Facebook Updates Promotion Rule, Expands Options for Marketers

Facebook recently updated its Promotion Guidelines, creating more opportunities for marketers by broadening the scope of products and possible entrants.

Changes include the allowance of a purchase for consumers to enter a promotion as well as opening up offers to minors under the age of 18. In addition, products like alcohol, dairy, firearms, gambling, gasoline, prescription drugs and tobacco are all newly eligible for promotions.

“We have simplified [the Guidelines] to make them easier to understand and consistent with the format of other Facebook terms and policies,” the company said in a post on its site.

The Promotion Guidelines function in conjunction with Facebook’s other policies – including its Ad Guidelines – and govern all contests, competitions, sweepstakes, or other similar offerings.

Previously, the Promotion Guidelines prohibited advertising or marketing of a promotion to those under age 18 or to an individual residing in a country embargoed by the United States. The Guidelines also barred the promotion of sweepstakes that were open to residents of countries like Belgium, India, Norway, and Sweden. Under the prior Guidelines, sweepstakes conditioned upon the purchase of a product were also banned, as were prizes or promotions that involved alcohol, gambling, tobacco, firearms, prescription drugs, dairy, firearms, or gasoline.

Going forward, promotions must be administered using Facebook applications, with either a separate tab on the company’s brand page or on an app canvas page.

Facebook also set clear boundaries on the use of its name and trademarks, which cannot be used “in connection with a promotion or to mention Facebook in the rules or materials relating to a promotion, except as needed to fulfill your obligations” under a section of the rules. In addition, advertisers must release Facebook from liability and state that Facebook does not sponsor the promotion.

Promotions cannot rely upon Facebook features or functionality for entry, competition, or notification. For example, a contest cannot be entered by “liking” a brand’s page, checking in to a specific place, uploading a photo, or commenting on a wall. The “like” button also cannot be used as a voting mechanism according to the Guidelines, and winners cannot be notified via Facebook by message, profile post or page post, or by chat.

To read the Facebook Promotion Guidelines, click here.

Why it matters: Although the expanded Promotion Guidelines will create more opportunities for advertisers, the updated rules emphasize that companies must ensure their promotions adhere to relevant federal, state, and local laws or regulations. As the Guidelines suggest, promotions “are subject to many regulations and if you are not certain that your promotion complies with applicable law, please consult with an expert.”

back to top

Sweepstakes Entry Form Does Not Establish a Business Relationship for Telemarketing

The Federal Trade Commission settled with Electric Mobility Company and its owner for $100,000 over charges that the company made millions of calls to consumers on the Do Not Call Registry after collecting the numbers in a sweepstakes entry form.

The New Jersey-based company, manufacturer of the Rascal Scooter which is used by disabled and senior citizens with limited mobility, ran a “Win a Free Rascal” promotion. The sweepstakes entry form encouraged entrants to provide their phone numbers so the company could contact them if they were “the next lucky winner.”

But the FTC alleged that the company used those numbers – including those also registered on the federal Do Not Call list – to make more than 3 million illegal calls since 2003, in violation of the Telemarketing Sales Rule and the FTC Act. Almost two million of those calls were made to consumers who entered the sweepstakes and were registered on the Do Not Call list; the remainder were to consumers the company had an established business relationship with that had expired, according to the complaint.

Under the Telemarketing Sales Rule, a company with an “established business relationship” may call a consumer on the Do Not Call Registry for up to 18 months if he or she has not asked the company to stop calling.

But EMC and Michael Flowers, its owner, violated the Rule by relying on the sweepstakes form to establish a business relationship with consumers, the FTC argued. “The completed sweepstakes entry forms . . . . are not express written agreements that clearly evidence consumer authorization to receive calls from EMC. The forms did not advise consumers clearly and conspicuously that supplying a telephone number on the entry form would authorize EMC to use that telephone number for telemarketing purposes,” according to the complaint.

Under the stipulated judgment, Flowers will pay $100,000; the company’s $2 million penalty is suspended because of an inability to pay. In addition, the defendants are banned from using sweepstakes entry forms as the basis for an established business relationship with consumers, and will be subject to monitoring and reporting requirements for five years.

To read the consent decree, click here.

Why it matters: The “FTC consistently has said that simply obtaining a consumer’s phone number – as EMC did with its sweepstakes – does not establish a relationship that would exempt it from the Do Not Call rules,” the agency noted in its press release about the settlement. Companies should remember that they must have an established business relationship with consumers in order to make sales calls.

back to top

Father Sues Facebook for Using Son’s Image

The father of a minor son filed a federal lawsuit against Facebook, alleging the company violates New York law by misappropriating minors’ images when they “like” things on the site without first receiving parental permission.

The plaintiff, who is seeking class-action status, argues that Facebook is using his son’s image for commercial purposes.

When a Facebook user – anyone 12 years of age or older – “likes” a company’s page, his or her name and profile picture are displayed on the page for others to see, as well as on a news feed for all of the user’s friends (and friends’ friends, or everyone, depending on the privacy settings selected). Facebook’s terms and conditions state that users who register on the site agree that they are at least 12 years old.

So if a minor likes a certain product, for example, his or her picture appears with the page that they have “liked,” and the company can also use that image on their own page – all without a parent’s consent.

“Users can prevent their endorsements from being shared with their friends by limiting who can see their posts through their privacy settings,” according to the complaint. “There is, however, no mechanism in place by which a user can prevent their name and likeness from appearing on a Facebook page if they have ‘liked’ it.”

Since 2007, the company’s business model depends on advertising, the suit argues, and “the apparent endorsement of a good or service in an advertisement by one user who is recognizable to other users will generate more clicks for an advertiser, and thereby generate more revenue for Facebook. . . . . [U]sing the name and likenesses of its members, including children, for marketing and revenue generating purposes is integral to its operating system and will continue and likely increase in the future.”

However, at “no time does Facebook seek or obtain the consent of any parent or guardian of its minor users to use or sell the name and likeness of the child for commercial use by Facebook or third-party advertisers,” according to the complaint.

The suit, which estimates a class of plaintiffs in the hundreds of thousands, seeks an injunction as well as damages, including punitive damages for Facebook’s “knowing” violation of law.

To read the complaint in J.N. v. Facebook, click here.

Why it matters: The complaint is the second filed against Facebook over similar allegations, after the parents of a minor child in California filed suit last year. In a statement to Reuters, the company said it believes the “suit is completely without merit and we will fight it vigorously.”

back to top

FTC Settles Over Failure to Secure Client’s Info

Ceridian Corp. and Lookout Services settled with the Federal Trade Commission over charges that sensitive information – including Social Security numbers – of almost 65,000 consumers was compromised despite promises by the companies to take reasonable measures to secure the data.

Both companies’ security practices were unfair and deceptive, the agency alleged, because despite their claims, they failed to employ “reasonable and appropriate security measures” to protect data about the employees of their business customers.

Specifically, Ceridian claimed it had “Worry-free Safety and Reliability” and that “When managing employee health and payroll data, security is paramount with Ceridian. Our comprehensive security program is designed in accordance with ISO 27000 series standards, industry best practices and federal, state and local regulatory requirements.” The company is a service provider that offers payroll processing, benefits administration, and other human resources services to small businesses.

But in reality, the company engaged in security lapses like storing personal information in clear, readable text on its own network for an indefinite period and failed to protect its network from what the agency said were reasonably foreseeable attacks with readily available, free, or low-cost defenses to attack, according to the complaint. A security breach in December 2009 resulted in the compromise of personal information of more than 27,000 employees of Ceridian’s customers.

Lookout Services, which offers a product that helps businesses to comply with federal immigration laws, stores the names, addresses, birthdates, and Social Security numbers of clients. Despite claims of data security such as “Our servers are continuously monitoring attempted network attacks on a 24 x 7 basis, using sophisticated software tools,” employee information could be accessed without a username or password by typing in a “relatively simple” URL, the FTC said. The company also failed to adequately train its employees and to mandate practices that would have strengthened its security, like periodic changes of passwords. A subsequent breach – where an employee of a Lookout customer accessed the sensitive information in its database – compromised roughly 37,000 consumers’ Social Security numbers.

Under the terms of the settlements, the companies will be required to “establish and implement, and thereafter maintain, a comprehensive information security program that is reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers. According to the consent order, such a program, the content and implementation of which must be fully documented in writing, shall contain administrative, technical, and physical safeguards appropriate to respondent’s size and complexity, the nature and scope of respondent’s activities, and the sensitivity of the personal information collected from or about consumers.”

Both defendants will also be subject to monitoring and audit requirements for the next 20 years.

The settlements are open to comment for 30 days before being finalized.

To read the complaint against Ceridian, click here.

To read the proposed consent order, click here.

To read the complaint against Lookout, click here.

To read the proposed consent order, click here.

Why it matters: The settlements reinforce the importance of data security as a priority for the FTC. Days later, David Vladeck, Director of the FTC’s Bureau of Consumer Protection, testified before the House Subcommittee on Commerce, Manufacturing and Trade and referenced the settlements as part of the agency’s recommendation that Congress pass data-breach notification legislation. “The FTC is committed to a comprehensive, three-pronged effort to promote data security that includes law enforcement, consumer education, and data collection and analysis,” he testified, noting that the agency has brought 34 cases against businesses that allegedly failed to protect consumers’ personal information, including those against Ceridian and Lookout.

back to top

CARU: Product First, Premium Secondary

The Children’s Advertising Review Unit recently recommended that Burger King modify broadcast advertising that focused less on food and more on the toys offered with its children’s meal.

The ad at issue for the BK Kids Meal featured two boys pretending to be SpongeBob Squarepants characters, using fake voices and their hands. The meal itself – a burger, apple fries, and a juice box – appeared only in the opening and closing shots.

Burger King argued that the advertisement had been approved by CARU in its prescreening process, and that the commercial fully met the requirements of CARU’s guidelines.

But CARU determined that the premium message was primary and the product secondary in the commercial.

“[A]lthough the first and last shots depicted a BK Kids Meal, the rest of the commercial largely focused on the SpongeBob toys and how they worked. For example, the commercial featured two boys using fake voices and their hands to pretend that they were SpongeBob Squarepants characters. Indeed, the characters were ‘showing’ each other what they could do, from squirting water at each other, to changing colors. There was no food depicted again until the very last shot, which again showed the stage and the burger, apple fries, and juice box,” CARU said.

Because CARU’s guidelines express concern that “the use of premiums . . . has the potential to enhance the appeal of . . . products to children,” it reminded advertisers that they “should take special care in using . . . promotions to guard against exploiting children’s immaturity.”

CARU also noted that while it had approved the storyboards for the commercial, the version it approved contained five frames of food, not two “brief shots” in the final ad.

Why it matters: “Advertising that contains a premium message should focus the child’s attention primarily on the product and make the premium message clearly secondary,” CARU emphasized.

back to top



pursuant to New York DR 2-101(f)

© 2024 Manatt, Phelps & Phillips, LLP.

All rights reserved