FTC Ignores the First Amendment with $9 Million Fine Against Weight Loss Supplement Company

On January 26, the manufacturer of a green coffee bean extract (GCBE) agreed to pay the Federal Trade Commission $9 million to settle charges brought by the FTC that the manufacturer deceptively advertised weight loss benefits of GCBE.

Lindsey Duncan, through his companies Genesis Today, Inc. and Pure Health, LLC (the “defendants”), promoted GCBE on shows like “Dr. Oz” and “The View,” claiming that the supplement could cause consumers to lose 17 pounds and 16 percent of their body fat in just 12 weeks without diet or exercise. The defendants sold more than $50 million in GCBE supplements.  The FTC charged that the claims made by the defendants were deceptive, unsubstantiated and based on a severely flawed study.  As part of the FTC settlement, the defendants will pay the FTC $9 million for consumer redress and will stop making the purported deceptive claims.

Although the complaint was supported by a majority the Commission, two out of the five FTC commissioners dissented.  Commissioners Maureen Ohlhausen and Joshua Wright wrote that the redress improperly included sales attributed to protected non-commercial speech by Dr. Oz and Duncan.  Particularly, the commissioners highlighted that some of the statements were non-commercial in nature because Duncan never proposed a commercial transaction on screen and did not pay to appear on Dr. Oz’s show.  The commissioners warned that suppressing all speech about a potential public concern simply because the speech is considered unreliable or unproven would produce a chilling effect, and would “far exceed the government’s proper role in regulating commercial speech.”

FTC Report Offers Privacy and Security Guidance for ‘Internet of Things’

On Tuesday, January 27, the FTC issued a 71-page Staff Report on the privacy and security issues with the Internet of Things.  As we’ve noted in our previous blog posts, the Internet of Things (“IoT”) refers to the growing ability of everyday devices to monitor and communicate information through the Internet.  This FTC Staff Report follows up on the FTC’s public workshop over concerns with the IoT, as well as the FTC’s first enforcement action brought in September 2013.

In the Staff Report, the FTC referenced the various potential security risks that IoT products present.  Such connected devices could, if exploited, lead to consumer harm by enabling the unauthorized access and misuse of personal information; facilitating attacks on other systems; and creating risks to personal safety.  In addition, potential privacy risks could flow from the collection of personal information, habits, locations, and physical conditions over time.  To address these risks, the FTC recommended that companies developing IoT products take the following concrete measures in the areas of security, data minimization, and notice and choice:

  • Security. The FTC recommended that companies: (1) build security in their IoT devices at the outset; (2) train all employees about good security; (3) retain service providers that are capable of maintaining reasonable security and provide reasonable oversight for these providers; (4) implement a “defense-in-depth approach” by considering security measures at several levels; (5) implement reasonable access control measures to limit the ability of an unauthorized person to access a consumer’s device, data, or network; and (6) monitor products throughout the life cycle and, if feasible, patch known vulnerabilities.
  • Data Minimization. The Staff Report also encouraged companies to examine their business needs and develop policies and practices that impose reasonable limits on the collection and retention of consumer data. The FTC noted, though, that this recommendation is flexible and intended to give companies options. Per the FTC, companies can decide not to collect data at all; collect only the fields of data necessary to the product or service; collect data that is less sensitive; or de-identify the data collected. If none of these options is consistent with the companies’ business needs, they can seek consumer consent for collecting additional, unexpected categories of data.
  • Notice and Choice. The FTC incorporated certain elements from a use-based approach. In other words, if a use of the data by the company is consistent with the context of the interaction with the consumer (i.e., an expected use), then a choice need not be offered to the consumer. For uses that would be inconsistent with the context of the interaction (i.e., unexpected), the FTC recommended that companies offer clear and conspicuous choices. In addition, if consumer data collected is immediately and effectively de-identified, then the FTC stated that a choice need not be offered to the consumer. The FTC encouraged legislators and multistakeholder frameworks to help guide companies on what types of users of certain consumer data are permissible or impermissible, and address other concerns.

Finally, the FTC acknowledged that IoT-specific legislation at this stage would be premature. However, it did reiterate previous recommendations for Congress to enact broader, general data security legislation. Commissioner Joshua Wright dissented, citing the lack of empirical evidence and questioning whether the recommendations in the Staff Report would even improve consumer welfare. Said Commissioner Wright, the FTC should “at a minimum, undertake the necessary work not only to identify the potential costs and benefits of implementing such best practices and recommendations, but also to perform analysis sufficient to establish with reasonable confidence that such benefits are not outweighed by their costs at the margin of policy intervention.”

IoT has been a hot topic lately, garnering a lot of attention from the FTC. With the Staff Report finally released, companies now have a loose playbook on how to develop such products while keeping privacy and security in mind. With the FTC promising more enforcement in this area, we will be watching closely to see how the FTC translates its Staff Report into practice.

UGC Update: Italian Regulators Address User-Generated Content Promotions

The power of user-generated content (“UGC”) as a promotional tool is ubiquitous and well understood; however, global marketers face challenges when trying to approach a campaign from an international perspective.  A recent development concerning UGC contests in Italy has caught the attention of global marketers.

A UGC contest usually involves a promotional prize event where entrants submit original content that is evaluated, curated, and judged, and prizes are then awarded.  UGC promotions engage consumers and can thus generate buzz and create excitement around a brand.  Despite the benefits of these UGC promotions, some marketers have been wary to run these promotions in certain international jurisdictions because of the legal burdens associated with entering the foreign markets.  In Italy, for example, contests with a prize award are regulated by the Ministry for Economic Development and are subject to various legal and administrative requirements set forth in Presidential Decree no. 430 of 2001.

Recently, however, Italian regulators have indicated that certain UGC promotions may be exempt from legal requirements.  In a recent memorandum, Italian regulators have stated that UGC promotions would be exempt from the Decree if (i) no purchase was required for participating in the promotion and (ii) the incentives were intended to promote society’s collective interests.  The memorandum cited specific examples of such “collective interests,” such as essay contests on drug addiction.  Although the memorandum indicated that certain UGC promotions targeting societal “collective interests” would be exempt, it did not go so far to state that the promotion could not have some good-will effect that benefits the sponsor.  Thus, depending on the sort of UGC promotion contemplated, an international marketer may be able to include Italy in its promotional plan where it heretofore may have excluded that jurisdiction.  The implications of the memorandum still need to be fleshed out in greater detail, however; and until the Ministry clarifies its position, marketers must evaluate on a case-by-case basis whether UGC contests are subject to the Decree.

ANA Webinar: Programmatic Buying – Real Time Buying, Real Time Legal Problems

As programmatic buying increases in popularity, the use of multiple data sources presents its own share of legal challenges to marketers.  Join us for a free webinar led by Frederick Lah on Tuesday, January 13, 2015 at 1:00 p.m. EST, showcasing the key legal issues to manage in a programmatic advertising environment.

This webinar is part of a series of complimentary webinars from the ANA Government Relations group focused on legal and regulatory issues currently affecting the marketing community.

REGISTER NOW on the ANA website.

Programmatic Buying - Real Time Buying, Real Time Legal Problems
Tuesday, January 13, 2015
1:00 p.m. EST (Length is 60 minutes)

Privacy Push for Mobile Apps

Twenty-three privacy authorities worldwide, including several members of the Global Privacy Enforcement Network, issued a joint open letter to seven app marketplace operators, urging them to improve access to privacy information on mobile apps for users.  Specifically, the letter addresses providing users with privacy practice information, informing users about the collection and use of data, and implementing protections to ensure privacy practice transparency.  For more information on this story, read the related post on our Global Regulatory Enforcement Law Blog.

OBA Principles Have Gone Native!

This post was written by Matthew Y. Kane and John P. Feldman.

Last week, the Interest-Based Advertising Accountability Program (Accountability Program) released a compliance warning regarding the use of online-behavioral advertising (OBA) in conjunction with native advertisements. The compliance warning states that native advertisements tailored to a consumer based on the consumer’s browsing history (i.e., OBA) must comply with the Self-Regulatory Principles for Online Behavioral Advertising (“OBA Principles”), just like any traditional-based advertisement utilizing OBA would. Enforcement of the compliance warning will begin January 1, 2015.

The Accountability Program was developed by leading industry associations in order to regulate online behavioral advertising across the Internet. The Program issues compliance warnings to provide guidance on how to comply with the OBA Principles. The two key pillars of the OBA Principles are transparency and consumer control. The transparency principle requires companies to ensure that consumers are aware when their data is being collected for OBA purposes. The consumer control principle requires companies to provide consumers with an easy-to-use mechanism to opt out of having their data collected.

Companies, whether displaying native advertisements or traditional-based advertisements, must take the following steps if the advertisements are served in connection with OBA: First, provide “enhanced notice” to consumers that the advertisement is being tailored to the consumers, based on their browsing habits. The notice should be in the form of a link in or around the ad while the consumers are actually viewing the ad. The link should take the consumer to a landing page where the consumer can learn more about OBA and have the ability to opt out (it should be noted that companies often use the familiar Advertising Option Icon AdChoices Iconto fulfill the notice requirement). The information provided by the link landing page (including the opt-out mechanism) should also be on the company’s own website. And second, the company must provide consumers with a functional, easy-to-use way of opting out of the collection and use of their data. It should further be noted that website publishers who allow third parties to collect data for OBA purposes on their websites must provide notice of that data collection (whether the ad being served is a native ad or a traditional-based ad).

For more information on staying compliant and avoiding potential FTC action, read our previous blog post covering this issue.

FCC Rings the Bell for Public Comments Regarding Robocalls and Call-Blocking

The FCC is asking for comments on a letter it received from the National Association of Attorneys General that seeks out the Commission’s opinion on the legality of telephone carriers implementing call-blocking technology to reduce the amount of unwanted telemarketing calls.  If your company engages in marketing over the telephone or uses it to regularly conduct business with customers, you may want to consider getting involved.  Comments are due December 24, 2014, and reply comments are due January 8, 2015.  For more on this, please read the latest post on our Global Regulatory Enforcement Law Blog.

ABA Event – Operation Full Disclosure: What You Need to Know About TV and Print Disclaimers

In case you missed last week’s Association of National Advertisers webinar covering the FTC’s Operation Full Disclosure, please join John Feldman of Reed Smith and Michael Ostheimer of the FTC’s Division of Advertising Practices on Monday, December 1, 2014, as they present on a program entitled, Operation Full Disclosure: What You Need to Know About TV and Print Disclaimers, hosted by the American Bar Association (Section of Antitrust Law).

Find out what Operation Full Disclosure means to you and your clients, and learn about the Commission’s ongoing efforts to educate the industry on proper disclosure practices as well as potential enforcement activities.

REGISTER NOW

Date and Time:
Monday, December 1, 2014
2:00 p.m. – 3:00 p.m. ET

Cost:
ABA Antitrust Section Members, Government, Non-Profit Employees and Students – Free
ABA Members – $10.00
Other Non Members – $25.00

LexBlog