Podium P-O-V: Observations From Marc Roth on ERA’s Great Ideas Summit
I recently had the pleasure of participating on an “Advocacy Update” panel at the Electronic Retailing Association’s Great Ideas Summit in Miami Beach. The panel focused on current FTC and state Attorney General enforcement trends and hot issues at ERSP, the ERA’s self-regulatory program. We decided to forgo a traditional presentation format and instead asked an industry in-house counsel to review a mock ad and request our advice regarding various marketing issues that required our immediate approval. In a series of lightning-round responses, the panel, which included me, another outside lawyer, Katherine Kiziah from the Consumer Protection Unit of the Florida Attorney General’s Office, and Peter Marinello, the Director of ERSP, answered her questions before a live audience.
I addressed the FTC’s recent enforcement actions under the Restore Online Shoppers’ Confidence Act, or ROSCA, and the ins and outs of using customer information for remarketing. I advised that the FTC had been largely silent regarding ROSCA until late 2014 when it brought actions against companies that, in the agency’s view, failed to comply with the law’s specific requirements and prohibitions for online negative-option offers.
I and other panel members advised, among other things, that the offer terms must be clearly and conspicuously disclosed and express consumer consent must be obtained before they were enrolled in the hypothetical negative-option program. We discussed how and where the terms must be disclosed and the manner in which express consent can be obtained. With respect to the FTC’s recent settlements in this area, we noted that while they bind only named defendants, they nonetheless provide valuable guidance that marketers should heed when they develop an online negative-option program.
Once a consumer becomes a customer, the in-house attorney asked whether and how the company may conduct remarketing efforts. I noted that certain sales channels, such as direct mail and email, present few legal obstacles, as they are the least invasive. Marketers who use email need only scrub the email address against an internal do-not-email list and provide an opt-out from future commercial messages, both of which are mandated by the CAN-SPAM Act. By contrast, calling customers at home and on their mobile phones, or sending text messages, is more intrusive and presents greater legal challenges. Specifically, I explained that placing prerecorded messages to home phones, or using an autodialer to call a consumer’s cell phone or send a text message, requires a marketer to first obtain the consumer’s express written consent, and I offered examples of the various ways this could be accomplished.
Overall, the session went very well and the attendees came away with useful and practical advice.
Marc Roth is a partner in the advertising practice and Co-chair of the TCPA Compliance and Class Action Defense group, resident in Manatt’s New York office.
back to top
Internet of Things Report Issued by FTC
Emphasizing the importance of protecting consumer privacy and security, the Federal Trade Commission recently released its staff report on the Internet of Things.
“The only way for the Internet of Things to reach its full potential for innovation is with the trust of American consumers,” FTC Chairwoman Edith Ramirez said in a statement about the report. “We believe that by adopting the best practices we’ve laid out, businesses will be better able to provide consumers the protections they want and allow the benefits of the Internet of Things to be fully realized.”
For purposes of “Internet of Things: Privacy & Security in a Connected World,” the Commission defined the Internet of Things as devices or sensors sold to or used by consumers other than computers, smartphones, or tablets “that connect, store or transmit information with or between each other via the Internet.”
Based in part on the agency’s workshop held on the topic in November 2013 the report offered six recommendations for companies looking to enter the Internet of Things ecosystem, and urged businesses to incorporate privacy principles in their efforts.
Companies should consider security during every part of the design process, “rather than as an afterthought,” the agency said. Employees should be trained about the importance of security and the security measures should be overseen by an appropriate level in the organization. “[C]ompanies must ensure that their personnel practices promote good security.”
Third parties pose significant security concerns, the FTC said. When outside service providers are used, companies should retain only those capable of maintaining reasonable security and their work should be monitored.
The agency recommended that companies adopt a “defense-in-depth” strategy that would utilize multiple layers of security, particularly for systems with significant risk, and implement strong authentication measures that would keep unauthorized users from accessing data or personal information stored on a network.
Finally, the FTC said businesses should maintain a relationship with connected devices throughout their life cycle, and provide security patches when necessary.
The report also stressed data minimization and suggested that companies limit their collection of consumer data and retain the data for a set period of time (not indefinitely). Companies should notify consumers about data collection and how their information will be used, the FTC added, especially if the collection is beyond what a reasonable consumer would expect.
As for legislation, the staff report noted that the passage of a law now would be premature, given the rapidly evolving nature of the technology involved. That said, the FTC took the opportunity to again call for a general law protecting consumer privacy rights “that is both flexible and technology-neutral.”
To read the staff report, click here.
Why it matters: The Internet of Things has been a hot topic recently, and has prompted a federal hearing on the issue and remarks by FTC Chairwoman Ramirez at the Consumer Electronics Show. Not everyone is in agreement about how to deal with the burgeoning technology, however. Commissioner Maureen K. Ohlhausen concurred in the staff report but did not support two of the recommendations – the call for baseline privacy legislation as well as the report’s support for data minimization. Commissioner Joshua D. Wright filed a dissenting statement, expressing concern that the report makes broad policy recommendations in lieu of the usual workshop report, which synthesizes the record of the proceedings. The “lengthy discussion” of industry best practices and recommendations lacks “analytical support to establish the likelihood that those practices and recommendations, if adopted, would improve consumer welfare,” he wrote.
back to top
Lawmakers Begin Tackling Data Breach Bill
Legislators held a hearing on the Personal Data Notification & Protection Act to consider one of the privacy bills recently proposed by President Barack Obama.
Last month, the President paid a visit to the Federal Trade Commission and announced several pieces of legislation touching on privacy, data security, and data breach notification.
The President’s Personal Data Notification & Protection Act would establish nationwide, uniform consumer data breach notification rules in lieu of the current patchwork of 47 different state laws. The law would also beef up criminal penalties for hackers and require that companies notify consumers of a breach within 30 days.
Using the bill as a reference point, industry members testified before the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade on “What Are the Elements of Sound Data Breach Legislation?”
The majority of the speakers agreed that the creation of a uniform standard would benefit companies facing the challenges of compliance with different state laws. “States are constantly changing and updating their laws,” explained TechAmerica executive vice president Elizabeth Hyman. Samford University’s Cumberland School of Law professor Woodrow Hartzog disagreed, however, telling lawmakers that the federal law should simply be a floor allowing more protective state laws to reach the ceiling. “Limited-scale preemption is okay; it’s not an all-or-nothing game,” he said.
Witnesses also debated issues like which entity should be responsible for the notification (the organization that suffered a breach or the consumer-facing business?) and the time period for notification (once the breach has been confirmed or after giving law enforcement time to investigate?).
Other speakers voiced support for a harm-based trigger to notify consumers. Brian Dodge, executive vice president of the Retail Industry Leaders Association, said the standard should be economic harm, a view shared by Hyman and Acxiom’s chief privacy officer Jennifer Barrett Glasgow. Hartzog again took a contrary position “because the concept of harm within privacy law is so contested,” and it can be difficult to connect causation to harm in data breach cases.
Concerns about the dangers of over notification were also voiced. Some speakers testified that the more data breach notices they receive, the more consumers will tune them out.
Why it matters: The future of data breach notification legislation remains uncertain, but the issue is top of mind in the nation’s capital. Legislators are tackling issues like privacy and cybersecurity in a variety of forms. In addition to the hearing, Reps. Bobby Rush (D-Ill.) and Joe Barton (R-Texas) reintroduced the Data Accountability and Trust Act this week. The bill would require the FTC to establish a nationwide data security standard, to mandate that the agency and consumers be notified of a data breach, and to create civil penalties of up to $5 million for failure to adhere with the standards.
back to top
Green Coffee Bean Weight-Loss Claims Result in Another FTC Settlement
Unsubstantiated weight-loss claims for green coffee beans have resulted in yet another settlement with the Federal Trade Commission.
Last September, the agency took action against a company that paid for a botched study on the weight-loss benefits of green coffee beans and then relied upon the study to sell a weight-loss supplement. Applied Food Sciences, Inc., agreed to pay $3.5 million.
Just a few months prior, the FTC also sued a Florida-based company and several executives that marketed their green coffee bean supplement via fake Web sites designed to look like legitimate news sites.
In a new suit, Pure Health LLC, Genesis Today, and the individual who controlled the operations, have agreed to pay $9 million for deceptively claiming that their green coffee bean supplement would allow consumers to lose 17 pounds and 16 percent of their body fat in 12 weeks without diet or exercise.
The defendants stated that the claims were based on a clinical study (the same one challenged by the FTC last year) on television programs like The View and The Dr. Oz Show, the agency said. The TV appearances were then used in marketing campaigns so that the products could make the most of the so-called “Oz effect.”
For example, on the Dr. Oz show the company’s principal suggested search terms so that viewers could find his products online. The defendants also posted links to the episodes with statements like “New Health Discovery! As Seen on TV.”
The agency said the defendants additionally ran afoul of the Federal Trade Commission Act by paying spokespeople to promote the product and portray themselves as independent sources of information, while failing to disclose their financial connection to the companies.
In addition to the $9 million slated for consumer refunds, the agreement requires the defendants to have at least two well-controlled human clinical tests to substantiate any future weight-loss claims. False claims that dietary supplements are scientifically proven are prohibited, as are any misrepresentations about the status of endorsers.
Any claims made by the defendants about the health benefits and efficacy of any dietary supplement or drug cannot be misleading, the FTC said, and must be substantiated by competent and reliable scientific evidence.
Although the vote to file the complaint against the defendants was unanimous, two Commissioners dissented from the proposed stipulated court order. Commissioners Maureen K. Ohlhausen and Joshua D. Wright said that the redress amount improperly penalized the defendants for speech protected by the First Amendment.
“Extracting such a high amount of redress in this case could chill the speech of future speakers on television news or talk shows,” the dissenters wrote. “Food industry representatives who would otherwise discuss health or nutrition topics and mention generic substances or ingredients in a news or talk venue may fear being held liable for failing to meet the FTC’s rigorous advertising substantiation requirements. The majority’s ultimate goal in imposing such an expansive interpretation of advertising and high level of redress may be to chill the speech of Dr. Oz’s future guests. But the First Amendment forbids this objective.”
The redress “also fails to account for the fact that, unlike many weight-loss product claims challenged by the FTC, there is preliminary scientific evidence that [green coffee bean extract] is mildly effective as a weight-loss supplement,” the dissenting Commissioners said. “[I]n cases where the product provides a benefit to consumers, even if that benefit may be modest, we believe the Commission should seek redress more carefully calibrated to balance the need to prevent deception and the desire to avoid deterring the supply of valuable products or information to consumers.”
To read the complaint and stipulated court order in FTC v. Genesis Today, as well as the statements from the Commissioners on the case, click here.
Why it matters: Reminding marketers of the FTC’s focus on weight-loss and health-related claims, the settlement also provided the opportunity for a debate among the Commissioners on the scope of commercial speech and First Amendment protections.
back to top
Noted and Quoted . . . Credit Union Journal and Bloomberg BNA’s Social Media Law & Policy Report Feature Commentary by Manatt Attorneys
Credit Union Journal recently published an article coauthored by Manatt attorneys Jesse Brody and Suemyra Shah in which they explored a growing promotional trend used by financial institutions to offer prize-linked savings (PLS) products, as well as reviewed recent developments in the law and potential legal pitfalls.
In the article, “A Lottery You Can’t Lose. Sound Too Good to be True?” Jesse and Suemyra wrote, “[W]hile PLS promotions and similar contests and sweepstakes are frequently a cost-efficient way to create a great deal of buzz, they are hardly trouble-free and a myriad of traps await the unwary sponsor.” To read the full article, click here.
Bloomberg BNA’s Social Media Law & Policy Report turned to Manatt attorneys Marc Roth and Suemyra Shah to pen an article on the risks and rewards of social media and brand engagement.
In the article, the authors highlighted the hot issues to follow in 2015, reviewed how consumer-generated content may be curated and shared on social media platforms, and examined developing regulatory enforcement trends in these areas.
back to top