FTC Watch: 2014 Priorities, Enforcement Update and the Battle over Cyber Security

When FTC Chair Ramirez tapped Jessica Rich to head the Consumer Protection Bureau, AdWeek noted:

Rich’s appointment signals the agency will likely be aggressive in shaping privacy policy and bringing privacy enforcement actions, a goal Ramirez articulated in her first public appearance in early March.  . . . Rich has an 11-year track record in the agency’s division of privacy and identity protection. She drafted the first children’s online privacy regulations and is considered the architect of the FTC’s privacy program and worked on the FTC’s behavioral advertising principles and report.

So it should come as no surprise that Rich recently told Ad Week that

Native advertising will be a huge and continuing theme in our work. I want to make a broader push into mobile, mobile security, mobile payments, making sure we are able to bring mobile investigations, just as we are able to bring brick-and-mortar investigations.

In addition, the FTC has set workshops in February and March to further explore

• Mobile device tracking – tracking consumers in retail and other businesses using signals from their mobile devices.
• Alternative scoring products – using predictive scoring to determine consumers’ access to products and offers.
• Consumer-generated and controlled health data – information provided by consumers to non-HIPAA covered websites, health apps and devices.

Apple and NFL Teams Among Enforcement Targets

The FTC recently held a workshop on the Internet of Things and with Google’s purchase of Nest, this focus could intensify.Recent FTC Enforcement Actions of note include:

Apple

• Apple will pay over $32.5 million in refunds for mobile apps obtained from children without parental consent. Apple also will be required to change its billing practices to ensure that it has obtained express, informed consent from consumers before Its them for items sold in mobile apps.  “This settlement is a victory for consumers harmed by Apple’s unfair billing, and a signal to the business community: whether you’re doing business in the mobile arena or the mall down the street, fundamental consumer protections apply,” said FTC Chairwoman Edith Ramirez.  “You cannot charge consumers for purchases they did not authorize.”

“Operation Failed Resolution”

• The FTC’s ongoing effort to stop misleading claims for products promoting easy weight loss and slimmer bodies tagged (i) the marketers of Sensa, who exhorted consumers to “sprinkle, eat, and lose weight” – for $26.5 million  The agency also announced charges against the marketers of two other products that made unfounded promises: (i) L’Occitane, which claimed that its skin cream would slim users’ bodies but had no science to back up that claim, and (ii) HCG Diet Direct, which marketed an unproven human hormone that has been touted by hucksters for more than half a century as a weight-loss treatment.  And it announced a partial settlement in a fourth case, LeanSpa, LLC, an operation that allegedly deceptively promoted acai berry and “colon cleanse” weight-loss supplements through fake news websites.“Resolutions to lose weight are easy to make but hard to keep,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection.  “And the chances of being successful just by sprinkling something on your food, rubbing cream on your thighs, or using a supplement are slim to none.  The science just isn’t there.”

Not So Super Safe Harbors

• Settlement with twelve companies   – including the Atlanta Falcons, Tennessee Titans and AFC Champion Denver Broncos – who falsely claimed compliance with EU Safe Harbor framework.   “Enforcement of the U.S.- EU Safe Harbor Framework is a Commission priority. These twelve cases help ensure the integrity of the Safe Harbor Framework and send the signal to companies that they cannot falsely claim participation in the program,” said FTC Chairwoman Edith Ramirez.

It’s Not The Affordable Spam Act

• The FTC has launched a complaint against a Florida spam operation (Kobeni Inc) for a spam fraud scheme in connection with the Affordable Care Act.

Free Gift Card Text Message Scams

• Settlement with Ecommerce Merchants, LLC, which did business as Superior Affiliate Management for Free Gift Card and Free iPhone Text message scams – which was part of a large crackdown earlier in 2013 when the FTC filed complaints against 29 defendants with collectively sending more than 180 million unwanted text messages to consumers, many of whom had to pay for receiving the texts. The messages promised consumers free gifts or prizes, including gift cards worth $1,000 to major retailers such as Best Buy, Walmart and Target. Consumers who clicked on the links in the messages found themselves caught in a confusing and elaborate process that required them to provide sensitive personal information, apply for credit or pay to subscribe to services to get the supposedly “free” cards.”Today’s announcement says ‘game over’ to the major league scam artists behind millions of spam texts,” said Charles A. Harwood, Acting Director of the FTC’s Bureau of Consumer Protection.  “The FTC is committed to rooting out this deception and stopping it.  For consumers who find spam texts on their phones, delete them, immediately. The offers are, in a word, garbage.”

FTC Cyber Security Authority Upheld By Commission, Wyndham Decision Delayed

As reported previously, there were two significant challenges to the FTC’s enforcement authority as it pertained to consent decrees for inadequate data security in 2013.

LabMD petitioned to the full FTC that it lacked authority to regulate data security under the FTC Act.  The Commission affirmed that the FTC Act’s prohibition of “unfair . . . acts or practices” applies to a company’s failure to implement reasonable and appropriate data security measures. LabMDs due process claim also fell flat, as the FTC rejected “‘the premise . . . that, in effect, companies are free to violate the FTC Act’s prohibition of “unfair . . . acts or practices”without fear of enforcement actions by the Commission, unless the Commission has first adopted regulations.”

This view, if accepted, would greatly restrict the Commission’s ability to protect consumers from unwanted privacy intrusions, fraudulent misuse of their personal information, or even identity theft that may result from businesses’ failure to establish and maintain reasonable and appropriate data security measures. The Commission would be unable to hold a business accountable for its conduct, even if its data security program is so inadequate that it “causes or is likely to cause substantial injury to consumers [that] is not reasonably avoidable by consumers themselves and [such injury is] not outweighed by countervailing benefits to consumers or competition.

A much anticipated federal court decision on a challenge by Wydham Hotel on the same point has been delayed, as the judge this month requested further briefing after Commissioner Joshua White’s testimony on competition issues before a House Committee addressed the vagueness of FTC authority which would tend to support Wyndham’s challenge to the FTC’s authority.

---

More Info:  

FTC Director of Consumer Protection to Target Native & Mobile Advertising, Performance Marketing Insider; FTC’s Privacy Guru Named Head of Bureau of Consumer Protection AdWeek; FTC: 12 Companies, Including 3 NFL Teams, Misrepresent Compliance Of Privacy Frameworks; Consumerist; Sensa and Three Other Marketers of Fad Weight-Loss Products Settle FTC Charges in Crackdown on Deceptive Advertising, FTC Press Release; Marketers Who Sent ‘Gift Card’ and ‘Free iPhone’ Text Spam Settle FTC Complaint; Wyndham Data Ruling Delayed By FTC Commish’s Comments, Law360